Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox Google - falsche Weiterleitung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.05.2012, 11:22   #1
mardor
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



Hallo in die Runde der hoffentlich Wissenden,

die in Firefox integrierte Googlesuche auf meinem Win7 Starter Netbook liefert seit kurzer Zeit richtige Ergebnisse, die aber bei Anklicken auf andere Seiten als ursprünglich angezeigt verlinkt sind.

Dies ist nicht bei jedem Klick der Fall, aber der erste nach Firefox Start ist zB immer falsch. Teilweise komme ich beim Anklicken eines Suchergebnisses wieder auf der Startseite von Google.de heraus.

Was ich bereits getan habe - OTL nach Anweisungen laufen lassen, und hier wären die Ergebnisse:

OTL

OTL logfile created on: 5/19/2012 10:52:05 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\***\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.61% Memory free
3.98 Gb Paging File | 2.66 Gb Available in Paging File | 66.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 22.81 Gb Free Space | 20.95% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 67.01 Gb Free Space | 61.53% Space Free | Partition Type: NTFS

Computer Name: NETBOOK | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/19 10:47:55 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012/05/02 10:51:12 | 001,098,752 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/02/15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/12/06 11:37:24 | 000,161,792 | ---- | M] () -- C:\Program Files\BirdieSync\Android\Adb\1.0.29\adb.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/10 08:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010/01/15 00:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/15 00:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/11/20 06:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/24 06:46:14 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/11 22:52:38 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll
MOD - [2012/05/11 22:49:35 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/11 22:30:05 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/11 22:26:30 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 22:25:34 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 22:22:00 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 22:21:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 22:20:57 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 22:17:02 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/02 10:51:12 | 001,098,752 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.exe
MOD - [2012/04/01 17:04:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/01 17:04:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/01 17:04:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/01 17:04:00 | 000,385,024 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2012/04/01 17:04:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/01 17:04:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/01 17:04:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/01 17:04:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012/01/13 16:18:32 | 008,068,096 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtGuiBirdie4.dll
MOD - [2012/01/13 16:07:02 | 000,211,456 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtSqlBirdie4.dll
MOD - [2012/01/13 16:06:46 | 000,952,832 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtNetworkBirdie4.dll
MOD - [2012/01/13 16:05:06 | 002,249,216 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtCoreBirdie4.dll
MOD - [2011/12/06 11:37:24 | 000,161,792 | ---- | M] () -- C:\Program Files\BirdieSync\Android\Adb\1.0.29\adb.exe
MOD - [2011/01/28 21:44:30 | 000,030,208 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtSolutions_SingleApplication-2.6.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:59:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/12 15:47:34 | 000,544,768 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\sqlite3.dll
MOD - [2009/07/24 06:46:14 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2009/05/13 10:51:26 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 13:06:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/05/24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010/01/15 00:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/11/04 20:59:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/10 04:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2010/01/15 00:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/15 00:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/15 00:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegel.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.4
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8580
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8580
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8580
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8580
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8580
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8580
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8580
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 20:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 19:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/15 17:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Sunbird Service [2012/05/15 18:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Thunderbird Service [2012/05/15 18:06:54 | 000,000,000 | ---D | M]

[2011/05/25 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/05/25 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/18 01:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions
[2011/12/10 18:01:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/25 00:51:58 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/01/28 15:31:55 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\firesheep@codebutler.com
[2012/05/18 01:05:23 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\https-everywhere@eff.org
[2011/06/26 00:35:31 | 000,000,000 | ---D | M] (O2CPlayer Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\o2cplayer@eleco.com
[2011/12/24 11:59:38 | 000,004,140 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\oa7skdwr.default\searchplugins\youtube.xml
[2012/01/22 03:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/04 20:21:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/22 03:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/05/11 22:18:55 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/16 13:38:46 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/01/06 01:46:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/30 02:57:05 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/12/30 02:35:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/30 02:35:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/30 02:35:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/30 02:35:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/30 02:35:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/30 02:35:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/30 02:35:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BirdieSync] C:\Program Files\BirdieSync\BirdieSync.exe ()
O4 - HKLM..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.25.0.52 194.25.0.60 192.25.0.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45839235-831C-4CF3-97D2-C032E4F351DB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D19D8FD-1CEB-4032-8700-A3D5EC608817}: DhcpNameServer = 194.25.0.52 194.25.0.60 192.25.0.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F144CB3A-4220-46AB-BB5D-2C54C9C09F38}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APLangApp - hkey= - key= - C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
MsConfig - StartUpReg: BirdieSync - hkey= - key= - C:\Program Files\BirdieSync\BirdieSync.exe ()
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: fsi - hkey= - key= - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 10:47:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/05/18 18:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/15 18:28:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012/05/15 18:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/15 18:21:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/05/15 18:21:27 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/15 18:21:27 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/05/15 18:21:27 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/05/15 18:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/15 18:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/15 18:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BirdieSync
[2012/04/22 15:42:12 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\***\Desktop\cnet2_fg727p_exe.exe

========== Files - Modified Within 30 Days ==========

[2012/05/19 11:05:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/19 10:47:55 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/05/19 10:37:02 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 10:37:02 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 10:27:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/19 10:27:34 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 22:13:35 | 000,445,280 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/03 01:13:09 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/03 01:13:09 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/03 01:13:09 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/03 01:13:09 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/04/27 09:52:22 | 000,016,126 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2012/04/27 09:52:22 | 000,016,126 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011/12/20 10:16:13 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011/07/11 18:45:08 | 000,033,792 | ---- | C] () -- C:\windows\System32\rgbacodec.dll
[2010/10/21 22:37:31 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 17:20:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/03 14:07:02 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/07/03 13:42:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2011/09/06 15:49:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AllDup
[2011/08/19 02:38:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012/02/28 14:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012/05/15 18:06:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BirdieSync
[2012/05/19 10:29:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011/12/10 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011/12/10 18:00:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/28 15:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012/04/16 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC
[2012/03/05 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011/01/01 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam
[2011/05/25 20:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011/11/04 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011/10/25 08:57:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012/05/09 00:12:52 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/06/21 22:05:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/07/03 14:06:57 | 000,000,000 | ---D | M] -- C:\CabLogs
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/12/09 03:05:44 | 000,000,000 | ---D | M] -- C:\Intel
[2010/07/03 13:50:10 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/05/15 18:21:19 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/05/15 18:21:19 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/07/03 13:28:31 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/05/19 11:01:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/03 10:22:14 | 000,000,000 | R--D | M] -- C:\Users
[2012/05/06 19:53:13 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USER32.DLL >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll

< %USERPROFILE%\*.* >
[2012/04/27 09:52:22 | 000,016,126 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012/05/19 11:34:20 | 001,835,008 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2012/05/19 11:34:20 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2010/07/03 13:29:53 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2010/08/14 08:53:21 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{55a8c472-a709-11df-9438-2c8158bd7ba3}.TM.blf
[2010/08/14 08:53:20 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{55a8c472-a709-11df-9438-2c8158bd7ba3}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 08:53:20 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{55a8c472-a709-11df-9438-2c8158bd7ba3}.TMContainer00000000000000000002.regtrans-ms
[2010/07/03 14:14:58 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/07/03 14:14:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/07/03 14:14:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/07/03 13:29:54 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34

< End of report >


und Extras:

OTL Extras logfile created on: 5/19/2012 10:52:05 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\***\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.61% Memory free
3.98 Gb Paging File | 2.66 Gb Available in Paging File | 66.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 22.81 Gb Free Space | 20.95% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 67.01 Gb Free Space | 61.53% Space Free | Partition Type: NTFS

Computer Name: NETBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{71DF9315-2BB3-46DC-BBF1-5371C8A4AE7C}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{D390B346-0918-4772-BFBB-B67EDAA9FB69}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D8B01B63-2862-4999-9704-4F99D91E7700}C:\program files\birdiesync\birdiesync.exe" = protocol=6 | dir=in | app=c:\program files\birdiesync\birdiesync.exe |
"UDP Query User{43173F87-E7E4-4003-85A1-9B079B1C446A}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{63C2D3BF-C48F-46A8-8340-E7D81A0FCC5D}C:\program files\birdiesync\birdiesync.exe" = protocol=17 | dir=in | app=c:\program files\birdiesync\birdiesync.exe |
"UDP Query User{C60C4C75-A915-4586-A2E6-5F1DFC925C1C}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B04D7083-F906-4369-9AA5-DFCC98A05CD9}" = MAGIX Video deluxe MX Download-Version
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BFD631C4-FBB5-4AC5-B807-9137B265628C}" = MAGIX Speed burnR (MSI)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D161BA5C-1192-42D7-A005-C12DAAC34065}" = Wireless Camera Insight Version 2.3
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 4.65
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AllDup_is1" = AllDup 3.3.14
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.3.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BirdieSync" = BirdieSync 2.3.12.1
"DivX Setup.divx.com" = DivX-Setup
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX Download-Version
"ManyCam" = ManyCam 2.6.30 (remove only)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 1.0.0.31
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"Picasa 3" = Picasa 3
"ST6UNST #1" = Link Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.53

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Schon vorab Danke für eure Mühe und nun bin ich gespannt, ob einer von euch eine Idee hat!

Alt 19.05.2012, 20:54   #2
t'john
/// Helfer-Team
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7SMSN 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "spiegel.de" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.4 
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1 
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" 
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" 
FF - prefs.js..network.proxy.backup.ftp_port: 8580 
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" 
FF - prefs.js..network.proxy.backup.socks_port: 8580 
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" 
FF - prefs.js..network.proxy.backup.ssl_port: 8580 
FF - prefs.js..network.proxy.ftp: "127.0.0.1" 
FF - prefs.js..network.proxy.ftp_port: 8580 
FF - prefs.js..network.proxy.http: "127.0.0.1" 
FF - prefs.js..network.proxy.http_port: 8580 
FF - prefs.js..network.proxy.no_proxies_on: "" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "127.0.0.1" 
FF - prefs.js..network.proxy.socks_port: 8580 
FF - prefs.js..network.proxy.ssl: "127.0.0.1" 
FF - prefs.js..network.proxy.ssl_port: 8580 
FF - prefs.js..network.proxy.type: 0 
:Files
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\oa7skdwr.default\searchplugins\youtube.xml
C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
C:\Program Files\mozilla firefox\searchplugins\bing.xml
C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


danach:

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke aus und starte den Scan.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
__________________

__________________

Alt 20.05.2012, 11:23   #3
mardor
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



Hallo, Moin und Danke für die schnelle Rückmeldung!

Leider besteht das Problem weiterhin, heute morgen tauchte oft "hinter" mehrern Google Ergebnissen eine Zip-Datei von psipoker.com auf (falls die Info hilft)

Es folgen OTL-Logfile, der ergebnislose Bericht von Malwarebytes und danach nochmal ein erneuter OTL-Scan der gerade läuft...

Erneut natürlich Danke für eure Zeit und Mühen!

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "spiegel.de" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 removed from extensions.enabledItems
Prefs.js: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 removed from extensions.enabledItems
Prefs.js: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 removed from extensions.enabledItems
Prefs.js: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: https-everywhere@eff.org:0.9.4 removed from extensions.enabledItems
Prefs.js: firesheep@codebutler.com:0.1 removed from extensions.enabledItems
Prefs.js: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 removed from extensions.enabledItems
Prefs.js: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp
Prefs.js: 8580 removed from network.proxy.backup.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks
Prefs.js: 8580 removed from network.proxy.backup.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl
Prefs.js: 8580 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 8580 removed from network.proxy.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 8580 removed from network.proxy.http_port
Prefs.js: "" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 8580 removed from network.proxy.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 8580 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
========== FILES ==========
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\oa7skdwr.default\searchplugins\youtube.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 4215154 bytes
->Temporary Internet Files folder emptied: 3195038 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78131309 bytes
->Flash cache emptied: 1369 bytes
 
User: ***
->Temp folder emptied: 785565486 bytes
->Temporary Internet Files folder emptied: 62674544 bytes
->Java cache emptied: 1591025 bytes
->FireFox cache emptied: 53047793 bytes
->Flash cache emptied: 57364 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6649532 bytes
RecycleBin emptied: 538210252 bytes
 
Total Files Cleaned = 1,462.00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05202012_014431

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Code:
ATTFilter
mbam-log-2012-05-20 (08-50-06).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 321131
Laufzeit: 3 Stunde(n), 1 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und hier noch der angekündigte erneute OTL-Scan:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/20/2012 11:58:46 AM - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\***\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.95% Memory free
3.98 Gb Paging File | 2.28 Gb Available in Paging File | 57.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 23.91 Gb Free Space | 21.96% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 67.02 Gb Free Space | 61.55% Space Free | Partition Type: NTFS
 
Computer Name: NETBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/19 10:47:55 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012/05/02 10:51:12 | 001,098,752 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/01 17:04:00 | 002,530,671 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\adb.exe
PRC - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/02/15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/12/30 02:35:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/10 08:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010/01/15 00:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/15 00:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/11/20 06:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/24 06:46:14 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/11 22:52:38 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll
MOD - [2012/05/11 22:49:35 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/11 22:30:05 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/11 22:26:30 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 22:25:34 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 22:22:00 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 22:21:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 22:20:57 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 22:17:02 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/02 10:51:12 | 001,098,752 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.exe
MOD - [2012/04/01 17:04:00 | 002,530,671 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\adb.exe
MOD - [2012/04/01 17:04:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/01 17:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/01 17:04:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/01 17:04:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/01 17:04:00 | 000,385,024 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2012/04/01 17:04:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/01 17:04:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/01 17:04:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/01 17:04:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012/01/13 16:18:32 | 008,068,096 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtGuiBirdie4.dll
MOD - [2012/01/13 16:07:02 | 000,211,456 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtSqlBirdie4.dll
MOD - [2012/01/13 16:06:46 | 000,952,832 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtNetworkBirdie4.dll
MOD - [2012/01/13 16:05:06 | 002,249,216 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtCoreBirdie4.dll
MOD - [2011/12/30 02:35:42 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/28 21:44:30 | 000,030,208 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\QtSolutions_SingleApplication-2.6.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/12 15:47:34 | 000,544,768 | ---- | M] () -- C:\Program Files\BirdieSync\BirdieSync.Lib\sqlite3.dll
MOD - [2009/07/24 06:46:14 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2009/05/13 10:51:26 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 13:06:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/05/24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010/01/15 00:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/11/04 20:59:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/10 04:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2010/01/15 00:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/15 00:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/15 00:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 20:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 19:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/15 17:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Sunbird Service [2012/05/15 18:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Thunderbird Service [2012/05/15 18:06:54 | 000,000,000 | ---D | M]
 
[2011/05/25 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/05/25 20:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/20 08:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions
[2011/12/10 18:01:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/25 00:51:58 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/01/28 15:31:55 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\firesheep@codebutler.com
[2012/05/18 01:05:23 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\https-everywhere@eff.org
[2011/06/26 00:35:31 | 000,000,000 | ---D | M] (O2CPlayer Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oa7skdwr.default\extensions\o2cplayer@eleco.com
[2012/01/22 03:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/04 20:21:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/22 03:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/05/20 08:38:41 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/04/16 13:38:46 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/01/06 01:46:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/30 02:57:05 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OA7SKDWR.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/12/30 02:35:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BirdieSync] C:\Program Files\BirdieSync\BirdieSync.exe ()
O4 - HKLM..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_de.exe (MAGIX AG)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45839235-831C-4CF3-97D2-C032E4F351DB}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D19D8FD-1CEB-4032-8700-A3D5EC608817}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F144CB3A-4220-46AB-BB5D-2C54C9C09F38}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/20 08:47:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012/05/20 08:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/20 08:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 08:47:08 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/20 08:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/20 01:44:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/19 10:47:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/05/18 18:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/15 18:28:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012/05/15 18:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/15 18:21:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/05/15 18:21:27 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/15 18:21:27 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/05/15 18:21:27 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/05/15 18:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/15 18:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/15 18:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BirdieSync
[2012/05/10 00:40:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/10 00:40:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/10 00:40:15 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/10 00:39:56 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/06 13:06:02 | 004,140,192 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerInstaller.exe
[2012/04/22 15:42:12 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\***\Desktop\cnet2_fg727p_exe.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/20 12:05:08 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 11:53:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 11:53:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 08:47:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/20 08:32:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/20 08:32:33 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 10:47:55 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012/05/11 22:13:35 | 000,445,280 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/06 13:06:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/05/06 13:06:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/05/06 13:06:02 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerInstaller.exe
[2012/05/03 01:13:09 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/03 01:13:09 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/03 01:13:09 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/03 01:13:09 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/04/27 09:52:22 | 000,016,126 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012/05/20 08:47:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/27 09:52:22 | 000,016,126 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011/12/20 10:16:13 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011/07/11 18:45:08 | 000,033,792 | ---- | C] () -- C:\windows\System32\rgbacodec.dll
[2010/10/21 22:37:31 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 17:20:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/03 14:07:02 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/07/03 13:42:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34

< End of report >
         
--- --- ---
__________________

Alt 20.05.2012, 18:49   #4
t'john
/// Helfer-Team
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



1.

TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.


2.

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:




Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
:Commands
[emptytemp]
[emptyflash]
[resethosts]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



3.

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Mfg, t'john
Das TB unterstützen

Alt 21.05.2012, 11:11   #5
mardor
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



Schon wieder Hallo,

wie ihr seht bleibe ich hartnäckig - der Trojaner (wenn es denn einer ist) leider auch....

Code:
ATTFilter
22:09:32.0828 5148	TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
22:09:33.0171 5148	============================================================
22:09:33.0171 5148	Current date / time: 2012/05/20 22:09:33.0171
22:09:33.0171 5148	SystemInfo:
22:09:33.0171 5148	
22:09:33.0171 5148	OS Version: 6.1.7601 ServicePack: 1.0
22:09:33.0171 5148	Product type: Workstation
22:09:33.0171 5148	ComputerName: NETBOOK
22:09:33.0171 5148	UserName: ***
22:09:33.0171 5148	Windows directory: C:\windows
22:09:33.0171 5148	System windows directory: C:\windows
22:09:33.0171 5148	Processor architecture: Intel x86
22:09:33.0171 5148	Number of processors: 2
22:09:33.0171 5148	Page size: 0x1000
22:09:33.0171 5148	Boot type: Normal boot
22:09:33.0171 5148	============================================================
22:09:34.0341 5148	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:09:34.0356 5148	============================================================
22:09:34.0356 5148	\Device\Harddisk0\DR0:
22:09:34.0356 5148	MBR partitions:
22:09:34.0356 5148	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
22:09:34.0356 5148	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xD9C8800
22:09:34.0356 5148	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF7FB000, BlocksNum 0xD9CA000
22:09:34.0356 5148	============================================================
22:09:34.0403 5148	C: <-> \Device\Harddisk0\DR0\Partition1
22:09:34.0481 5148	D: <-> \Device\Harddisk0\DR0\Partition2
22:09:34.0481 5148	============================================================
22:09:34.0481 5148	Initialize success
22:09:34.0481 5148	============================================================
22:09:44.0309 5116	============================================================
22:09:44.0309 5116	Scan started
22:09:44.0309 5116	Mode: Manual; 
22:09:44.0309 5116	============================================================
22:09:45.0386 5116	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
22:09:45.0386 5116	1394ohci - ok
22:09:45.0495 5116	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
22:09:45.0495 5116	ACPI - ok
22:09:45.0557 5116	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
22:09:45.0557 5116	AcpiPmi - ok
22:09:45.0823 5116	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:09:45.0823 5116	AdobeFlashPlayerUpdateSvc - ok
22:09:45.0994 5116	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:09:46.0010 5116	adp94xx - ok
22:09:46.0119 5116	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:09:46.0135 5116	adpahci - ok
22:09:46.0181 5116	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:09:46.0197 5116	adpu320 - ok
22:09:46.0244 5116	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
22:09:46.0259 5116	AeLookupSvc - ok
22:09:46.0369 5116	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
22:09:46.0384 5116	AFD - ok
22:09:46.0431 5116	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
22:09:46.0447 5116	agp440 - ok
22:09:46.0509 5116	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:09:46.0509 5116	aic78xx - ok
22:09:46.0571 5116	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
22:09:46.0571 5116	ALG - ok
22:09:46.0618 5116	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
22:09:46.0634 5116	aliide - ok
22:09:46.0696 5116	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
22:09:46.0696 5116	amdagp - ok
22:09:46.0790 5116	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
22:09:46.0790 5116	amdide - ok
22:09:46.0868 5116	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:09:46.0868 5116	AmdK8 - ok
22:09:46.0915 5116	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:09:46.0946 5116	AmdPPM - ok
22:09:47.0086 5116	amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
22:09:47.0086 5116	amdsata - ok
22:09:47.0211 5116	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:09:47.0211 5116	amdsbs - ok
22:09:47.0242 5116	amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
22:09:47.0242 5116	amdxata - ok
22:09:47.0414 5116	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:09:47.0414 5116	AntiVirSchedulerService - ok
22:09:47.0539 5116	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:09:47.0539 5116	AntiVirService - ok
22:09:47.0648 5116	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
22:09:47.0648 5116	AppID - ok
22:09:47.0741 5116	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
22:09:47.0741 5116	AppIDSvc - ok
22:09:47.0804 5116	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
22:09:47.0819 5116	Appinfo - ok
22:09:47.0975 5116	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:09:47.0991 5116	Apple Mobile Device - ok
22:09:48.0069 5116	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:09:48.0069 5116	arc - ok
22:09:48.0116 5116	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:09:48.0116 5116	arcsas - ok
22:09:48.0163 5116	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:09:48.0163 5116	AsyncMac - ok
22:09:48.0256 5116	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
22:09:48.0256 5116	atapi - ok
22:09:48.0631 5116	athr            (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
22:09:48.0646 5116	athr - ok
22:09:48.0880 5116	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
22:09:48.0896 5116	AudioEndpointBuilder - ok
22:09:48.0911 5116	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
22:09:48.0911 5116	Audiosrv - ok
22:09:49.0052 5116	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
22:09:49.0052 5116	avgntflt - ok
22:09:49.0161 5116	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
22:09:49.0161 5116	avipbb - ok
22:09:49.0223 5116	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
22:09:49.0223 5116	avkmgr - ok
22:09:49.0317 5116	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
22:09:49.0317 5116	AxInstSV - ok
22:09:49.0473 5116	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:09:49.0489 5116	b06bdrv - ok
22:09:49.0567 5116	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:09:49.0582 5116	b57nd60x - ok
22:09:49.0723 5116	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
22:09:49.0723 5116	BDESVC - ok
22:09:49.0769 5116	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:09:49.0769 5116	Beep - ok
22:09:49.0957 5116	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
22:09:49.0972 5116	BFE - ok
22:09:50.0128 5116	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
22:09:50.0144 5116	BITS - ok
22:09:50.0175 5116	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:09:50.0175 5116	blbdrive - ok
22:09:50.0440 5116	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:09:50.0456 5116	Bonjour Service - ok
22:09:50.0534 5116	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
22:09:50.0534 5116	bowser - ok
22:09:50.0596 5116	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:09:50.0596 5116	BrFiltLo - ok
22:09:50.0674 5116	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:09:50.0690 5116	BrFiltUp - ok
22:09:50.0737 5116	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
22:09:50.0752 5116	Browser - ok
22:09:50.0846 5116	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:09:50.0846 5116	Brserid - ok
22:09:50.0877 5116	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:09:50.0893 5116	BrSerWdm - ok
22:09:50.0908 5116	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:09:50.0908 5116	BrUsbMdm - ok
22:09:50.0924 5116	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:09:50.0939 5116	BrUsbSer - ok
22:09:50.0986 5116	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:09:50.0986 5116	BthEnum - ok
22:09:51.0017 5116	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:09:51.0017 5116	BTHMODEM - ok
22:09:51.0064 5116	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:09:51.0064 5116	BthPan - ok
22:09:51.0189 5116	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
22:09:51.0205 5116	BTHPORT - ok
22:09:51.0267 5116	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
22:09:51.0267 5116	bthserv - ok
22:09:51.0314 5116	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
22:09:51.0314 5116	BTHUSB - ok
22:09:51.0393 5116	btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
22:09:51.0393 5116	btusbflt - ok
22:09:51.0455 5116	btwaudio        (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys
22:09:51.0471 5116	btwaudio - ok
22:09:51.0533 5116	btwavdt         (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\drivers\btwavdt.sys
22:09:51.0549 5116	btwavdt - ok
22:09:52.0017 5116	btwdins         (0e3ee2bc0ec56bfe869fcde3e5806684) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:09:52.0032 5116	btwdins - ok
22:09:52.0079 5116	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
22:09:52.0079 5116	btwl2cap - ok
22:09:52.0126 5116	btwrchid        (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
22:09:52.0142 5116	btwrchid - ok
22:09:52.0188 5116	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:09:52.0188 5116	cdfs - ok
22:09:52.0282 5116	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
22:09:52.0282 5116	cdrom - ok
22:09:52.0344 5116	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
22:09:52.0360 5116	CertPropSvc - ok
22:09:52.0407 5116	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:09:52.0422 5116	circlass - ok
22:09:52.0500 5116	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:09:52.0500 5116	CLFS - ok
22:09:52.0859 5116	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:09:52.0875 5116	clr_optimization_v2.0.50727_32 - ok
22:09:52.0937 5116	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:09:52.0953 5116	CmBatt - ok
22:09:53.0031 5116	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
22:09:53.0046 5116	cmdide - ok
22:09:53.0468 5116	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
22:09:53.0483 5116	CNG - ok
22:09:53.0624 5116	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:09:53.0639 5116	Compbatt - ok
22:09:53.0873 5116	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
22:09:53.0873 5116	CompositeBus - ok
22:09:53.0920 5116	COMSysApp - ok
22:09:53.0982 5116	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:09:53.0982 5116	crcdisk - ok
22:09:54.0138 5116	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
22:09:54.0138 5116	CryptSvc - ok
22:09:54.0310 5116	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
22:09:54.0326 5116	DcomLaunch - ok
22:09:54.0809 5116	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
22:09:54.0809 5116	defragsvc - ok
22:09:54.0918 5116	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
22:09:54.0918 5116	DfsC - ok
22:09:55.0215 5116	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
22:09:55.0230 5116	Dhcp - ok
22:09:55.0277 5116	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:09:55.0277 5116	discache - ok
22:09:55.0340 5116	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:09:55.0355 5116	Disk - ok
22:09:55.0480 5116	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
22:09:55.0496 5116	Dnscache - ok
22:09:55.0620 5116	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
22:09:55.0620 5116	dot3svc - ok
22:09:55.0761 5116	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
22:09:55.0776 5116	DPS - ok
22:09:55.0808 5116	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:09:55.0823 5116	drmkaud - ok
22:09:56.0010 5116	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
22:09:56.0042 5116	DXGKrnl - ok
22:09:56.0104 5116	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
22:09:56.0104 5116	EapHost - ok
22:09:56.0868 5116	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:09:56.0962 5116	ebdrv - ok
22:09:57.0258 5116	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
22:09:57.0274 5116	EFS - ok
22:09:57.0461 5116	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:09:57.0477 5116	elxstor - ok
22:09:57.0524 5116	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
22:09:57.0539 5116	ErrDev - ok
22:09:57.0695 5116	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
22:09:57.0695 5116	EventSystem - ok
22:09:57.0820 5116	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:09:57.0820 5116	exfat - ok
22:09:58.0163 5116	Fabs - ok
22:09:58.0241 5116	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:09:58.0272 5116	fastfat - ok
22:09:58.0506 5116	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
22:09:58.0522 5116	Fax - ok
22:09:58.0553 5116	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:09:58.0553 5116	fdc - ok
22:09:58.0647 5116	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
22:09:58.0647 5116	fdPHost - ok
22:09:58.0662 5116	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
22:09:58.0678 5116	FDResPub - ok
22:09:58.0709 5116	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:09:58.0709 5116	FileInfo - ok
22:09:58.0740 5116	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:09:58.0740 5116	Filetrace - ok
22:09:59.0442 5116	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:09:59.0520 5116	FirebirdServerMAGIXInstance - ok
22:09:59.0801 5116	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:09:59.0801 5116	flpydisk - ok
22:09:59.0910 5116	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:09:59.0910 5116	FltMgr - ok
22:10:00.0160 5116	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
22:10:00.0176 5116	FontCache - ok
22:10:00.0332 5116	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:10:00.0332 5116	FontCache3.0.0.0 - ok
22:10:00.0378 5116	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:10:00.0378 5116	FsDepends - ok
22:10:00.0456 5116	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
22:10:00.0456 5116	Fs_Rec - ok
22:10:00.0566 5116	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
22:10:00.0566 5116	fvevol - ok
22:10:00.0690 5116	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:10:00.0690 5116	gagp30kx - ok
22:10:00.0784 5116	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:10:00.0784 5116	GEARAspiWDM - ok
22:10:01.0018 5116	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
22:10:01.0034 5116	gpsvc - ok
22:10:01.0174 5116	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:10:01.0174 5116	gusvc - ok
22:10:01.0236 5116	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:10:01.0236 5116	hcw85cir - ok
22:10:01.0377 5116	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
22:10:01.0377 5116	HdAudAddService - ok
22:10:01.0455 5116	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
22:10:01.0455 5116	HDAudBus - ok
22:10:01.0502 5116	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:10:01.0517 5116	HidBatt - ok
22:10:01.0564 5116	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:10:01.0580 5116	HidBth - ok
22:10:01.0751 5116	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:10:01.0751 5116	HidIr - ok
22:10:01.0829 5116	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
22:10:01.0845 5116	hidserv - ok
22:10:01.0907 5116	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
22:10:01.0923 5116	HidUsb - ok
22:10:01.0970 5116	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
22:10:01.0985 5116	hkmsvc - ok
22:10:02.0063 5116	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
22:10:02.0079 5116	HomeGroupListener - ok
22:10:02.0172 5116	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
22:10:02.0172 5116	HomeGroupProvider - ok
22:10:02.0235 5116	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
22:10:02.0250 5116	HpSAMD - ok
22:10:02.0297 5116	HTCAND32        (950cc1e6ae3a6cd23e0945cde089b02c) C:\windows\system32\Drivers\ANDROIDUSB.sys
22:10:02.0297 5116	HTCAND32 - ok
22:10:02.0375 5116	htcnprot        (339adefad60353f960e3ca67ce468c24) C:\windows\system32\DRIVERS\htcnprot.sys
22:10:02.0375 5116	htcnprot - ok
22:10:02.0578 5116	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
22:10:02.0594 5116	HTTP - ok
22:10:02.0656 5116	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
22:10:02.0656 5116	hwpolicy - ok
22:10:02.0765 5116	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
22:10:02.0781 5116	i8042prt - ok
22:10:02.0890 5116	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
22:10:02.0890 5116	iaStor - ok
22:10:03.0046 5116	iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
22:10:03.0046 5116	iaStorV - ok
22:10:03.0327 5116	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:10:03.0342 5116	idsvc - ok
22:10:04.0575 5116	igfx            (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys
22:10:04.0746 5116	igfx - ok
22:10:04.0996 5116	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:10:04.0996 5116	iirsp - ok
22:10:05.0355 5116	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
22:10:05.0386 5116	IKEEXT - ok
22:10:06.0526 5116	IntcAzAudAddService (7cb41a5e5c24f9f50e6533693e2bb74d) C:\windows\system32\drivers\RTKVHDA.sys
22:10:06.0604 5116	IntcAzAudAddService - ok
22:10:08.0476 5116	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
22:10:08.0476 5116	intelide - ok
22:10:08.0569 5116	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:10:08.0569 5116	intelppm - ok
22:10:08.0725 5116	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
22:10:08.0725 5116	IPBusEnum - ok
22:10:08.0788 5116	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:10:08.0788 5116	IpFilterDriver - ok
22:10:08.0944 5116	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
22:10:08.0959 5116	iphlpsvc - ok
22:10:09.0022 5116	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
22:10:09.0022 5116	IPMIDRV - ok
22:10:09.0084 5116	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:10:09.0084 5116	IPNAT - ok
22:10:09.0349 5116	iPod Service    (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
22:10:09.0365 5116	iPod Service - ok
22:10:09.0412 5116	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:10:09.0412 5116	IRENUM - ok
22:10:09.0490 5116	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
22:10:09.0505 5116	isapnp - ok
22:10:09.0599 5116	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
22:10:09.0615 5116	iScsiPrt - ok
22:10:09.0693 5116	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
22:10:09.0693 5116	kbdclass - ok
22:10:09.0817 5116	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
22:10:09.0833 5116	kbdhid - ok
22:10:09.0880 5116	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
22:10:09.0895 5116	KeyIso - ok
22:10:09.0989 5116	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
22:10:09.0989 5116	KSecDD - ok
22:10:10.0051 5116	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
22:10:10.0067 5116	KSecPkg - ok
22:10:10.0223 5116	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
22:10:10.0285 5116	KtmRm - ok
22:10:10.0426 5116	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
22:10:10.0426 5116	LanmanServer - ok
22:10:10.0488 5116	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
22:10:10.0504 5116	LanmanWorkstation - ok
22:10:10.0613 5116	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:10:10.0613 5116	lltdio - ok
22:10:10.0816 5116	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
22:10:10.0816 5116	lltdsvc - ok
22:10:10.0909 5116	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
22:10:10.0925 5116	lmhosts - ok
22:10:11.0034 5116	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:10:11.0034 5116	LSI_FC - ok
22:10:11.0081 5116	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:10:11.0081 5116	LSI_SAS - ok
22:10:11.0159 5116	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:10:11.0175 5116	LSI_SAS2 - ok
22:10:11.0221 5116	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:10:11.0237 5116	LSI_SCSI - ok
22:10:11.0315 5116	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:10:11.0331 5116	luafv - ok
22:10:11.0346 5116	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:10:11.0362 5116	megasas - ok
22:10:11.0455 5116	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:10:11.0471 5116	MegaSR - ok
22:10:11.0518 5116	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
22:10:11.0518 5116	MMCSS - ok
22:10:11.0549 5116	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:10:11.0549 5116	Modem - ok
22:10:11.0611 5116	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:10:11.0611 5116	monitor - ok
22:10:11.0705 5116	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
22:10:11.0721 5116	mouclass - ok
22:10:11.0861 5116	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:10:11.0877 5116	mouhid - ok
22:10:11.0955 5116	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
22:10:11.0955 5116	mountmgr - ok
22:10:12.0064 5116	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
22:10:12.0064 5116	mpio - ok
22:10:12.0173 5116	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:10:12.0173 5116	mpsdrv - ok
22:10:12.0423 5116	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
22:10:12.0438 5116	MpsSvc - ok
22:10:12.0547 5116	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
22:10:12.0563 5116	MRxDAV - ok
22:10:12.0688 5116	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
22:10:12.0688 5116	mrxsmb - ok
22:10:12.0797 5116	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:10:12.0813 5116	mrxsmb10 - ok
22:10:12.0875 5116	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:10:12.0875 5116	mrxsmb20 - ok
22:10:12.0922 5116	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
22:10:12.0922 5116	msahci - ok
22:10:12.0984 5116	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
22:10:12.0984 5116	msdsm - ok
22:10:13.0062 5116	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
22:10:13.0062 5116	MSDTC - ok
22:10:13.0109 5116	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:10:13.0109 5116	Msfs - ok
22:10:13.0140 5116	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:10:13.0156 5116	mshidkmdf - ok
22:10:13.0187 5116	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
22:10:13.0187 5116	msisadrv - ok
22:10:13.0296 5116	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
22:10:13.0312 5116	MSiSCSI - ok
22:10:13.0327 5116	msiserver - ok
22:10:13.0390 5116	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:10:13.0390 5116	MSKSSRV - ok
22:10:13.0421 5116	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:10:13.0421 5116	MSPCLOCK - ok
22:10:13.0452 5116	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:10:13.0452 5116	MSPQM - ok
22:10:13.0515 5116	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:10:13.0530 5116	MsRPC - ok
22:10:13.0608 5116	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
22:10:13.0608 5116	mssmbios - ok
22:10:13.0671 5116	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:10:13.0686 5116	MSTEE - ok
22:10:13.0764 5116	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:10:13.0764 5116	MTConfig - ok
22:10:13.0811 5116	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:10:13.0811 5116	Mup - ok
22:10:13.0936 5116	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
22:10:13.0936 5116	napagent - ok
22:10:14.0061 5116	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:10:14.0061 5116	NativeWifiP - ok
22:10:14.0263 5116	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
22:10:14.0279 5116	NDIS - ok
22:10:14.0341 5116	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:10:14.0341 5116	NdisCap - ok
22:10:14.0373 5116	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:10:14.0373 5116	NdisTapi - ok
22:10:14.0435 5116	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
22:10:14.0435 5116	Ndisuio - ok
22:10:14.0513 5116	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
22:10:14.0513 5116	NdisWan - ok
22:10:14.0591 5116	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
22:10:14.0607 5116	NDProxy - ok
22:10:14.0825 5116	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:10:14.0841 5116	NetBIOS - ok
22:10:14.0934 5116	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
22:10:14.0934 5116	NetBT - ok
22:10:14.0981 5116	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
22:10:14.0997 5116	Netlogon - ok
22:10:15.0090 5116	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
22:10:15.0106 5116	Netman - ok
22:10:15.0215 5116	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
22:10:15.0215 5116	netprofm - ok
22:10:15.0324 5116	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:10:15.0324 5116	NetTcpPortSharing - ok
22:10:15.0402 5116	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:10:15.0402 5116	nfrd960 - ok
22:10:15.0480 5116	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
22:10:15.0496 5116	NlaSvc - ok
22:10:15.0527 5116	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:10:15.0527 5116	Npfs - ok
22:10:15.0574 5116	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
22:10:15.0589 5116	nsi - ok
22:10:15.0667 5116	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:10:15.0667 5116	nsiproxy - ok
22:10:15.0964 5116	Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
22:10:15.0979 5116	Ntfs - ok
22:10:16.0026 5116	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:10:16.0042 5116	Null - ok
22:10:16.0104 5116	nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
22:10:16.0120 5116	nvraid - ok
22:10:16.0167 5116	nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
22:10:16.0182 5116	nvstor - ok
22:10:16.0213 5116	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
22:10:16.0229 5116	nv_agp - ok
22:10:16.0572 5116	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:10:16.0603 5116	odserv - ok
22:10:16.0666 5116	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
22:10:16.0666 5116	ohci1394 - ok
22:10:16.0775 5116	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:10:16.0791 5116	ose - ok
22:10:16.0869 5116	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
22:10:16.0884 5116	p2pimsvc - ok
22:10:16.0978 5116	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
22:10:16.0993 5116	p2psvc - ok
22:10:17.0040 5116	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:10:17.0056 5116	Parport - ok
22:10:17.0103 5116	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
22:10:17.0103 5116	partmgr - ok
22:10:17.0134 5116	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:10:17.0149 5116	Parvdm - ok
22:10:17.0274 5116	PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
22:10:17.0274 5116	PassThru Service - ok
22:10:17.0383 5116	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
22:10:17.0399 5116	PcaSvc - ok
22:10:17.0477 5116	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
22:10:17.0477 5116	pci - ok
22:10:17.0508 5116	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
22:10:17.0508 5116	pciide - ok
22:10:17.0602 5116	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:10:17.0602 5116	pcmcia - ok
22:10:17.0664 5116	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:10:17.0664 5116	pcw - ok
22:10:17.0820 5116	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:10:17.0836 5116	PEAUTH - ok
22:10:18.0226 5116	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
22:10:18.0257 5116	pla - ok
22:10:18.0600 5116	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
22:10:18.0616 5116	PlugPlay - ok
22:10:18.0694 5116	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
22:10:18.0709 5116	PNRPAutoReg - ok
22:10:18.0803 5116	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
22:10:18.0803 5116	PNRPsvc - ok
22:10:18.0975 5116	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
22:10:18.0990 5116	PolicyAgent - ok
22:10:19.0068 5116	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
22:10:19.0084 5116	Power - ok
22:10:19.0224 5116	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:10:19.0224 5116	PptpMiniport - ok
22:10:19.0333 5116	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:10:19.0333 5116	Processor - ok
22:10:19.0443 5116	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
22:10:19.0458 5116	ProfSvc - ok
22:10:19.0536 5116	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
22:10:19.0536 5116	ProtectedStorage - ok
22:10:19.0599 5116	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:10:19.0599 5116	Psched - ok
22:10:20.0379 5116	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:10:20.0394 5116	ql2300 - ok
22:10:20.0753 5116	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:10:20.0753 5116	ql40xx - ok
22:10:20.0847 5116	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
22:10:20.0862 5116	QWAVE - ok
22:10:20.0893 5116	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:10:20.0893 5116	QWAVEdrv - ok
22:10:21.0018 5116	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll
22:10:21.0034 5116	RapiMgr - ok
22:10:21.0049 5116	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:10:21.0065 5116	RasAcd - ok
22:10:21.0127 5116	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:10:21.0127 5116	RasAgileVpn - ok
22:10:21.0252 5116	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
22:10:21.0268 5116	RasAuto - ok
22:10:21.0315 5116	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:10:21.0330 5116	Rasl2tp - ok
22:10:21.0439 5116	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
22:10:21.0455 5116	RasMan - ok
22:10:21.0517 5116	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:10:21.0517 5116	RasPppoe - ok
22:10:21.0564 5116	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:10:21.0564 5116	RasSstp - ok
22:10:21.0658 5116	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
22:10:21.0673 5116	rdbss - ok
22:10:21.0736 5116	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:10:21.0736 5116	rdpbus - ok
22:10:21.0798 5116	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
22:10:21.0798 5116	RDPCDD - ok
22:10:21.0845 5116	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:10:21.0845 5116	RDPENCDD - ok
22:10:21.0876 5116	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:10:21.0876 5116	RDPREFMP - ok
22:10:21.0954 5116	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
22:10:21.0970 5116	RDPWD - ok
22:10:22.0063 5116	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
22:10:22.0063 5116	rdyboost - ok
22:10:22.0110 5116	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
22:10:22.0110 5116	RemoteAccess - ok
22:10:22.0157 5116	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
22:10:22.0173 5116	RemoteRegistry - ok
22:10:22.0297 5116	Rezip           (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe
22:10:22.0313 5116	Rezip - ok
22:10:22.0375 5116	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:10:22.0391 5116	RFCOMM - ok
22:10:22.0438 5116	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
22:10:22.0453 5116	RpcEptMapper - ok
22:10:22.0485 5116	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
22:10:22.0485 5116	RpcLocator - ok
22:10:22.0625 5116	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
22:10:22.0641 5116	RpcSs - ok
22:10:22.0703 5116	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:10:22.0719 5116	rspndr - ok
22:10:22.0765 5116	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
22:10:22.0765 5116	RTL8167 - ok
22:10:22.0828 5116	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
22:10:22.0828 5116	SABI - ok
22:10:22.0875 5116	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
22:10:22.0875 5116	SamSs - ok
22:10:22.0968 5116	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
22:10:22.0984 5116	sbp2port - ok
22:10:23.0046 5116	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
22:10:23.0046 5116	SCardSvr - ok
22:10:23.0109 5116	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
22:10:23.0124 5116	scfilter - ok
22:10:23.0327 5116	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
22:10:23.0358 5116	Schedule - ok
22:10:23.0421 5116	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
22:10:23.0421 5116	SCPolicySvc - ok
22:10:23.0467 5116	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
22:10:23.0483 5116	SDRSVC - ok
22:10:23.0561 5116	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:10:23.0561 5116	secdrv - ok
22:10:23.0904 5116	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
22:10:23.0920 5116	seclogon - ok
22:10:23.0967 5116	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
22:10:23.0982 5116	SENS - ok
22:10:24.0045 5116	Ser2pl          (ac1f2a09b76b57356f906eeda43ccc2a) C:\windows\system32\DRIVERS\ser2pl.sys
22:10:24.0060 5116	Ser2pl - ok
22:10:24.0091 5116	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:10:24.0091 5116	Serenum - ok
22:10:24.0154 5116	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:10:24.0154 5116	Serial - ok
22:10:24.0201 5116	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:10:24.0201 5116	sermouse - ok
22:10:24.0341 5116	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
22:10:24.0357 5116	SessionEnv - ok
22:10:24.0450 5116	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
22:10:24.0450 5116	sffdisk - ok
22:10:24.0559 5116	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
22:10:24.0559 5116	sffp_mmc - ok
22:10:24.0622 5116	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
22:10:24.0622 5116	sffp_sd - ok
22:10:24.0684 5116	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:10:24.0700 5116	sfloppy - ok
22:10:24.0809 5116	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
22:10:24.0825 5116	SharedAccess - ok
22:10:24.0949 5116	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
22:10:24.0965 5116	ShellHWDetection - ok
22:10:25.0012 5116	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
22:10:25.0012 5116	sisagp - ok
22:10:25.0074 5116	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:10:25.0090 5116	SiSRaid2 - ok
22:10:25.0137 5116	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:10:25.0137 5116	SiSRaid4 - ok
22:10:25.0183 5116	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:10:25.0199 5116	Smb - ok
22:10:25.0246 5116	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
22:10:25.0246 5116	SNMPTRAP - ok
22:10:25.0277 5116	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:10:25.0277 5116	spldr - ok
22:10:25.0417 5116	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
22:10:25.0433 5116	Spooler - ok
22:10:27.0211 5116	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
22:10:27.0274 5116	sppsvc - ok
22:10:27.0617 5116	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
22:10:27.0633 5116	sppuinotify - ok
22:10:27.0773 5116	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
22:10:27.0789 5116	srv - ok
22:10:27.0929 5116	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
22:10:27.0945 5116	srv2 - ok
22:10:27.0976 5116	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
22:10:27.0991 5116	srvnet - ok
22:10:28.0069 5116	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
22:10:28.0069 5116	SSDPSRV - ok
22:10:28.0132 5116	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
22:10:28.0132 5116	ssmdrv - ok
22:10:28.0210 5116	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
22:10:28.0225 5116	SstpSvc - ok
22:10:28.0366 5116	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:10:28.0366 5116	stexstor - ok
22:10:28.0756 5116	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
22:10:28.0787 5116	StiSvc - ok
22:10:28.0818 5116	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
22:10:28.0818 5116	swenum - ok
22:10:28.0990 5116	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
22:10:29.0005 5116	swprv - ok
22:10:29.0333 5116	SynTP           (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys
22:10:29.0349 5116	SynTP - ok
22:10:29.0739 5116	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
22:10:29.0754 5116	SysMain - ok
22:10:29.0832 5116	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
22:10:29.0832 5116	TabletInputService - ok
22:10:29.0973 5116	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
22:10:29.0988 5116	TapiSrv - ok
22:10:30.0035 5116	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
22:10:30.0035 5116	TBS - ok
22:10:30.0565 5116	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
22:10:30.0612 5116	Tcpip - ok
22:10:30.0690 5116	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
22:10:30.0706 5116	TCPIP6 - ok
22:10:30.0799 5116	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
22:10:30.0815 5116	tcpipreg - ok
22:10:30.0955 5116	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
22:10:30.0971 5116	TDPIPE - ok
22:10:31.0033 5116	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
22:10:31.0033 5116	TDTCP - ok
22:10:31.0143 5116	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
22:10:31.0158 5116	tdx - ok
22:10:31.0283 5116	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
22:10:31.0283 5116	TermDD - ok
22:10:31.0642 5116	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
22:10:31.0704 5116	TermService - ok
22:10:31.0782 5116	TfFsMon         (95746e5b1473432f3d9458940dba6e3a) C:\windows\system32\drivers\TfFsMon.sys
22:10:31.0798 5116	TfFsMon - ok
22:10:31.0845 5116	TfNetMon        (02ffdd873e31c5c2d57ca87d11ec36af) C:\windows\system32\drivers\TfNetMon.sys
22:10:31.0845 5116	TfNetMon - ok
22:10:31.0907 5116	TfSysMon        (f8bd92251ab439383c051ce907d78cce) C:\windows\system32\drivers\TfSysMon.sys
22:10:31.0907 5116	TfSysMon - ok
22:10:31.0954 5116	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
22:10:31.0969 5116	Themes - ok
22:10:32.0016 5116	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
22:10:32.0032 5116	THREADORDER - ok
22:10:32.0094 5116	ThreatFire - ok
22:10:32.0141 5116	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
22:10:32.0172 5116	TrkWks - ok
22:10:32.0344 5116	truecrypt       (746b8cf9cededdd865472544edf626da) C:\windows\system32\drivers\truecrypt.sys
22:10:32.0344 5116	truecrypt - ok
22:10:32.0593 5116	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
22:10:32.0593 5116	TrustedInstaller - ok
22:10:32.0640 5116	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
22:10:32.0656 5116	tssecsrv - ok
22:10:32.0734 5116	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
22:10:32.0734 5116	TsUsbFlt - ok
22:10:32.0812 5116	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
22:10:32.0827 5116	tunnel - ok
22:10:32.0874 5116	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:10:32.0874 5116	uagp35 - ok
22:10:33.0233 5116	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
22:10:33.0249 5116	udfs - ok
22:10:33.0295 5116	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
22:10:33.0311 5116	UI0Detect - ok
22:10:33.0373 5116	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
22:10:33.0373 5116	uliagpkx - ok
22:10:33.0420 5116	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\DRIVERS\umbus.sys
22:10:33.0420 5116	umbus - ok
22:10:33.0467 5116	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:10:33.0467 5116	UmPass - ok
22:10:33.0576 5116	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
22:10:33.0592 5116	upnphost - ok
22:10:33.0670 5116	usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\DRIVERS\usbccgp.sys
22:10:33.0670 5116	usbccgp - ok
22:10:33.0763 5116	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
22:10:33.0779 5116	usbcir - ok
22:10:33.0810 5116	usbehci         (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
22:10:33.0810 5116	usbehci - ok
22:10:33.0935 5116	usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
22:10:33.0951 5116	usbhub - ok
22:10:33.0997 5116	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
22:10:34.0013 5116	usbohci - ok
22:10:34.0044 5116	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:10:34.0060 5116	usbprint - ok
22:10:34.0107 5116	USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:10:34.0107 5116	USBSTOR - ok
22:10:34.0153 5116	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
22:10:34.0153 5116	usbuhci - ok
22:10:34.0247 5116	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
22:10:34.0247 5116	usbvideo - ok
22:10:34.0309 5116	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
22:10:34.0309 5116	usb_rndisx - ok
22:10:34.0372 5116	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
22:10:34.0403 5116	UxSms - ok
22:10:34.0450 5116	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
22:10:34.0450 5116	VaultSvc - ok
22:10:34.0497 5116	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
22:10:34.0512 5116	vdrvroot - ok
22:10:34.0699 5116	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
22:10:34.0731 5116	vds - ok
22:10:34.0793 5116	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:10:34.0793 5116	vga - ok
22:10:34.0824 5116	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:10:34.0824 5116	VgaSave - ok
22:10:34.0902 5116	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
22:10:34.0902 5116	vhdmp - ok
22:10:34.0996 5116	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
22:10:34.0996 5116	viaagp - ok
22:10:35.0074 5116	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:10:35.0074 5116	ViaC7 - ok
22:10:35.0105 5116	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
22:10:35.0105 5116	viaide - ok
22:10:35.0152 5116	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
22:10:35.0152 5116	volmgr - ok
22:10:35.0245 5116	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:10:35.0261 5116	volmgrx - ok
22:10:35.0386 5116	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
22:10:35.0401 5116	volsnap - ok
22:10:35.0495 5116	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:10:35.0495 5116	vsmraid - ok
22:10:35.0823 5116	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
22:10:35.0854 5116	VSS - ok
22:10:35.0885 5116	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:10:35.0885 5116	vwifibus - ok
22:10:35.0947 5116	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:10:35.0947 5116	vwififlt - ok
22:10:36.0041 5116	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
22:10:36.0057 5116	vwifimp - ok
22:10:36.0166 5116	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
22:10:36.0181 5116	W32Time - ok
22:10:36.0228 5116	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:10:36.0228 5116	WacomPen - ok
22:10:36.0322 5116	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:10:36.0337 5116	WANARP - ok
22:10:36.0353 5116	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:10:36.0353 5116	Wanarpv6 - ok
22:10:37.0195 5116	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
22:10:37.0242 5116	wbengine - ok
22:10:37.0336 5116	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
22:10:37.0351 5116	WbioSrvc - ok
22:10:37.0539 5116	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll
22:10:37.0539 5116	WcesComm - ok
22:10:37.0913 5116	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
22:10:37.0929 5116	wcncsvc - ok
22:10:37.0960 5116	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
22:10:37.0975 5116	WcsPlugInService - ok
22:10:38.0069 5116	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:10:38.0085 5116	Wd - ok
22:10:38.0381 5116	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:10:38.0397 5116	Wdf01000 - ok
22:10:38.0443 5116	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
22:10:38.0459 5116	WdiServiceHost - ok
22:10:38.0475 5116	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
22:10:38.0475 5116	WdiSystemHost - ok
22:10:38.0771 5116	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
22:10:38.0787 5116	WebClient - ok
22:10:38.0865 5116	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
22:10:38.0880 5116	Wecsvc - ok
22:10:38.0927 5116	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
22:10:38.0943 5116	wercplsupport - ok
22:10:39.0099 5116	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
22:10:39.0130 5116	WerSvc - ok
22:10:39.0177 5116	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:10:39.0177 5116	WfpLwf - ok
22:10:39.0223 5116	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:10:39.0223 5116	WIMMount - ok
22:10:39.0785 5116	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:10:39.0847 5116	WinDefend - ok
22:10:39.0879 5116	WinHttpAutoProxySvc - ok
22:10:40.0191 5116	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
22:10:40.0206 5116	Winmgmt - ok
22:10:40.0722 5116	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
22:10:40.0800 5116	WinRM - ok
22:10:41.0128 5116	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
22:10:41.0159 5116	Wlansvc - ok
22:10:41.0252 5116	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
22:10:41.0252 5116	WmiAcpi - ok
22:10:41.0487 5116	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
22:10:41.0503 5116	wmiApSrv - ok
22:10:42.0205 5116	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:10:42.0221 5116	WMPNetworkSvc - ok
22:10:42.0299 5116	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
22:10:42.0300 5116	WPCSvc - ok
22:10:42.0362 5116	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
22:10:42.0378 5116	WPDBusEnum - ok
22:10:42.0471 5116	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:10:42.0471 5116	ws2ifsl - ok
22:10:42.0502 5116	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
22:10:42.0518 5116	wscsvc - ok
22:10:42.0565 5116	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
22:10:42.0565 5116	WSDPrintDevice - ok
22:10:42.0580 5116	WSearch - ok
22:10:43.0360 5116	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
22:10:43.0407 5116	wuauserv - ok
22:10:43.0813 5116	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
22:10:43.0828 5116	WudfPf - ok
22:10:43.0906 5116	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
22:10:43.0906 5116	WUDFRd - ok
22:10:44.0047 5116	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
22:10:44.0047 5116	wudfsvc - ok
22:10:44.0234 5116	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
22:10:44.0250 5116	WwanSvc - ok
22:10:44.0452 5116	yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
22:10:44.0468 5116	yukonw7 - ok
22:10:44.0640 5116	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:10:46.0262 5116	\Device\Harddisk0\DR0 - ok
22:10:46.0309 5116	Boot (0x1200)   (eced886addaf56a5d59d081241028f4f) \Device\Harddisk0\DR0\Partition0
22:10:46.0324 5116	\Device\Harddisk0\DR0\Partition0 - ok
22:10:46.0357 5116	Boot (0x1200)   (75bc9bb1542bef5481d6397691986ae0) \Device\Harddisk0\DR0\Partition1
22:10:46.0372 5116	\Device\Harddisk0\DR0\Partition1 - ok
22:10:46.0403 5116	Boot (0x1200)   (c426265f2a0f961bb65400254cb37820) \Device\Harddisk0\DR0\Partition2
22:10:46.0403 5116	\Device\Harddisk0\DR0\Partition2 - ok
22:10:46.0403 5116	============================================================
22:10:46.0403 5116	Scan finished
22:10:46.0403 5116	============================================================
22:10:46.0435 5824	Detected object count: 0
22:10:46.0435 5824	Actual detected object count: 0
22:11:18.0608 5408	Deinitialize success
         

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: M
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 3785 bytes
->Temporary Internet Files folder emptied: 33337 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49571004 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9180 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 47.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: M
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.0 log created on 05202012_220258

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d6b1198d00d02441896869c9eb08430e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-21 05:29:54
# local_time=2012-05-21 07:29:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 442578 442578 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 30126539 89176248 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=119797
# found=1
# cleaned=0
# scan_time=33137
C:\Users\***\Desktop\cnet2_fg727p_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
         
Update 18.20:

Klingt komisch, aber kurze Nachfrage interessenhalber:

Ich benutze die Googlesuche etwas zögerlich die letzten Tage, aber kann es sein, dass immer beim gleichen Suchbegriff die gleiche Seite betroffen ist und das Problem vielleicht woanders liegt? zB auf der Webseite?

Ich habe jetzt mehrere Begriffe ausprobiert, die Suche funktioniert - nur wenn ich "halbmarathon mülheim" suche, und das erste Ergebnis anklicke werde ich jedes Mal beim ersten Aufruf nach Firefoxstart umgeleitet. Danach funktioniert immer alles normal, auch wenn ich die Webseite direkt aufrufe.

Ist das vielleicht eine Möglichkeit?

Beste Grüße!


Alt 23.05.2012, 02:43   #6
t'john
/// Helfer-Team
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



Zitat:
Ich habe jetzt mehrere Begriffe ausprobiert, die Suche funktioniert - nur wenn ich "halbmarathon mülheim" suche, und das erste Ergebnis anklicke werde ich jedes Mal beim ersten Aufruf nach Firefoxstart umgeleitet. Danach funktioniert immer alles normal, auch wenn ich die Webseite direkt aufrufe.
Meinst Du die Seite mit dem Titel "GAG Rhein-Halbmarathon"?
Diese ist verseucht, daher verlinke ich Sie jetzt nicht.

Die Logs sehen gut aus, keine Infektionen.

Wie schauts mit anderen Browsern aus? Chrome, IE ?
__________________
--> Firefox Google - falsche Weiterleitung

Alt 23.05.2012, 08:41   #7
mardor
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



Oh Mann, da habe ich mir ja genau die richtige Seite zum Ausprobieren ausgesucht, hätte da im Leben nicht mit einer Verseuchung gerechnet.

Dankeschön trotzdem für die schnelle und kompetente Hilfe!

Alt 03.06.2012, 15:33   #8
Larusso
/// Selecta Jahrusso
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



Hy und Sorry

Noch Probleme ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.06.2012, 07:52   #9
Larusso
/// Selecta Jahrusso
 
Firefox Google - falsche Weiterleitung - Standard

Firefox Google - falsche Weiterleitung



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Firefox Google - falsche Weiterleitung
7-zip, adobe, alternate, antivir, any video converter, autorun, avira, bho, bonjour, canon, converter, defender, eraser, error, explorer, firefox, format, google, google links falsch, helper, install.exe, installation, logfile, microsoft office word, nvstor.sys, office 2007, plug-in, realtek, registry, registry cleaner, required, rundll, scan, searchscopes, seiten, software, udp, version=1.0, windows, winlogon.exe



Ähnliche Themen: Firefox Google - falsche Weiterleitung


  1. Weiterleitung auf falsche links bei google
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (3)
  2. Google-Suchergebnisse: Falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (11)
  3. falsche Weiterleitung bei Google-Suchergebnissen
    Log-Analyse und Auswertung - 13.12.2012 (11)
  4. Falsche google Weiterleitung
    Log-Analyse und Auswertung - 09.12.2012 (21)
  5. Firefox - Falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (1)
  6. Falsche Link-Weiterleitung bei Google - Trojaner?
    Log-Analyse und Auswertung - 17.01.2012 (30)
  7. Google Suche: Weiterleitung auf falsche Seiten
    Log-Analyse und Auswertung - 15.12.2011 (28)
  8. Falsche weiterleitung durch Google und co.
    Log-Analyse und Auswertung - 16.11.2011 (5)
  9. Falsche Weiterleitung bei Google-Links
    Log-Analyse und Auswertung - 10.06.2011 (7)
  10. Google Trojaner (falsche Weiterleitung)
    Log-Analyse und Auswertung - 25.11.2010 (33)
  11. Firefox langsam, öffnet automatisch links, falsche Weiterleitung bei google suche
    Log-Analyse und Auswertung - 24.11.2010 (17)
  12. Google-Ergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (2)
  13. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 11.03.2009 (39)
  14. Falsche Weiterleitung bei Google-Links
    Plagegeister aller Art und deren Bekämpfung - 10.02.2009 (15)
  15. Google Suchergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 10.12.2007 (0)
  16. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 07.03.2007 (3)
  17. Falsche Weiterleitung bei google
    Mülltonne - 05.10.2006 (1)

Zum Thema Firefox Google - falsche Weiterleitung - Hallo in die Runde der hoffentlich Wissenden, die in Firefox integrierte Googlesuche auf meinem Win7 Starter Netbook liefert seit kurzer Zeit richtige Ergebnisse, die aber bei Anklicken auf andere Seiten - Firefox Google - falsche Weiterleitung...
Archiv
Du betrachtest: Firefox Google - falsche Weiterleitung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.