Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Falsche google Weiterleitung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.11.2012, 13:31   #1
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Hallo,

ich habe das Problem, dass ich mit sämtlichen Webbrowser (Opera, FireFox) mit Google falsch auf Sex- und Shopseiten weitergeleitet werde.

Ich starte Google, gebe was in die Suchmaschine ein, und wenn ich auf die gefundenen Suchseiten klicke werde ich anstatt auf die Seite auf andere Seiten weitergeleitet.

Kurz vor der falschen Weiterleitung taucht in der Adressleiste die Seite "antivieh" auf.

Erhoffe mir hier Hilfe.

Gruß


OTL.txt
Code:
ATTFilter
OTL logfile created on: 19.11.2012 14:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aydin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 83,88% Memory free
15,83 Gb Paging File | 14,42 Gb Available in Paging File | 91,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 881,94 Gb Free Space | 94,69% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,75 Gb Free Space | 94,21% Space Free | Partition Type: FAT
 
Computer Name: AYDIN-PC | User Name: Aydin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.19 14:09:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aydin\Desktop\OTL.exe
PRC - [2012.11.15 08:46:36 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.30 18:13:56 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.30 18:13:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.02 21:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.10 16:58:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.30 18:13:56 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.30 18:13:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.10 13:35:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.24 05:57:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.08.24 05:57:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.08.24 05:57:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.15 08:46:47 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.15 08:46:47 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.05.25 05:55:57 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.04 17:05:26 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011.08.24 05:55:19 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 10:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.11.10 17:34:52 | 006,108,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.09.30 02:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV - [2011.05.22 21:51:28 | 000,028,032 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F D7 18 C6 B6 8F CC 01  [binary data]
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{38B10804-2C2C-437C-ABBC-1DC361C2CC65}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=TKR&o=15589&src=kw&q={searchTerms}&locale=&apn_ptnrs=IY&apn_dtid=YYYYYYYYDE&apn_uid=3453ac37-611d-4f92-b7b2-65e64d6b3a28&apn_sauid=EACE567E-4984-4F29-88B8-C1CFF9125327
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{9FDDDDD1-2C86-4D4F-A031-C30A29327BC9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{E9ABDB30-63F4-4fb2-893E-7E8A22ABA19C}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.16 23:21:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.24 21:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aydin\AppData\Roaming\mozilla\Extensions
[2012.08.08 19:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aydin\AppData\Roaming\mozilla\Firefox\Profiles\c2zd0oxl.default\extensions
[2012.08.08 19:15:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Aydin\AppData\Roaming\mozilla\firefox\profiles\c2zd0oxl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.16 23:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-843483253-1178590098-1577449472-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-843483253-1178590098-1577449472-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{899B1EDC-8794-42E3-8B02-0641B7F16E51}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.19 14:09:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aydin\Desktop\OTL.exe
[2012.11.19 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{A35C0FC2-E2DC-425A-B19A-8603BFEE4CF7}
[2012.11.10 19:49:20 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{5323B29B-9109-4C75-A501-EE3ADD2C4B1C}
[2012.11.09 20:00:58 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{3235ED3E-0255-4432-8C36-BBDC6FDE79B0}
[2012.11.07 15:38:22 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{79B81A02-0BC4-411B-A18F-714E4824DC8E}
[2012.10.25 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{364E26DD-29BD-492A-94D6-1944C503A0DF}
[2012.10.25 08:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.25 08:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.23 04:45:06 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{404278AA-C7EF-4FAC-907D-FBDE78DF625D}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.19 14:09:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aydin\Desktop\OTL.exe
[2012.11.19 14:09:06 | 000,000,000 | ---- | M] () -- C:\Users\Aydin\defogger_reenable
[2012.11.19 14:09:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1005UA.job
[2012.11.19 14:02:47 | 035,227,242 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.19 14:02:47 | 011,089,764 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.19 14:02:47 | 010,969,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 14:02:47 | 009,984,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 14:02:47 | 000,006,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 14:02:22 | 000,050,477 | ---- | M] () -- C:\Users\Aydin\Desktop\Defogger.exe
[2012.11.19 13:58:16 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.19 13:57:58 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\PCRVUIL.job
[2012.11.19 13:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.19 13:57:51 | 2078,806,015 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 18:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.18 18:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.18 10:44:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1001UA.job
[2012.11.18 03:33:31 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 03:33:31 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 02:09:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1005Core.job
[2012.11.18 01:44:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1001Core.job
[2012.11.18 01:29:43 | 000,294,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 23:21:18 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.15 08:46:47 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.15 08:46:47 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.07 06:31:07 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.19 14:09:06 | 000,000,000 | ---- | C] () -- C:\Users\Aydin\defogger_reenable
[2012.11.19 14:02:21 | 000,050,477 | ---- | C] () -- C:\Users\Aydin\Desktop\Defogger.exe
[2012.10.25 08:33:33 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.02 04:10:51 | 000,110,592 | RHS- | C] () -- C:\Windows\SysWow64\nlmgp4.dll
[2012.06.13 14:10:24 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2012.04.28 15:47:45 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.11.02 04:36:11 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.04 14:46:38 | 001,575,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.26 20:00:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.24 05:58:15 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011.08.24 05:58:15 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011.08.24 05:58:15 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011.08.24 05:58:04 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.08.24 05:58:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.08.24 05:50:20 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.24 05:50:19 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.24 05:50:19 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.24 05:50:19 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.24 05:50:19 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:14:10 | 000,002,048 | -HS- | M] () -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\@
[2011.11.17 08:14:10 | 000,000,000 | -HSD | M] -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\L
[2012.10.14 12:55:30 | 000,000,000 | -HSD | M] -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\U
[2012.09.27 16:45:48 | 000,000,928 | ---- | M] () -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\U\00000001.@
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.24 06:09:02 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\DeviceVm
[2012.04.14 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\DVDVideoSoft
[2012.10.01 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\GHISLER
[2011.08.24 06:08:40 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\Opera
[2012.05.05 14:04:22 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\pokerth
[2012.01.26 09:13:11 | 000,000,000 | ---D | M] -- C:\Users\K  D  R\AppData\Roaming\Canon
[2011.08.29 13:01:41 | 000,000,000 | ---D | M] -- C:\Users\K  D  R\AppData\Roaming\Opera
[2012.05.19 06:02:38 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\Canon
[2012.05.30 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\DAEMON Tools Lite
[2012.03.31 15:59:34 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\Opera
[2012.05.05 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\pokerth
[2012.02.28 12:36:37 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\Canon
[2012.05.25 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\DAEMON Tools Lite
[2011.10.19 14:39:17 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\GetRightToGo
[2011.08.30 05:19:54 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\Opera
[2011.10.19 14:26:12 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\SuperEasy Software
[2012.09.25 20:45:07 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 19.11.2012 14:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aydin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 83,88% Memory free
15,83 Gb Paging File | 14,42 Gb Available in Paging File | 91,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 881,94 Gb Free Space | 94,69% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,75 Gb Free Space | 94,21% Space Free | Partition Type: FAT
 
Computer Name: AYDIN-PC | User Name: Aydin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12DA1A75-1E14-4F8B-9CA8-DC012DE2AE92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{28137224-BFE6-433A-8782-10BA4EE63880}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{39E784F7-815C-4206-BAFE-6FC5A5E9307F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{6D9B0CBB-81B0-4EC8-A335-616CC3D417BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D6C09A8D-3EBC-4DFD-BA1A-7434AFE43556}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22D648E4-E988-4C31-9B8F-00D86377481C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{535BB904-B9B6-4A93-8AB6-A0BBCE5C5A83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{53D2DB47-F55D-464E-8529-2D190969C6BB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{69A25577-5D51-4814-AF4B-D49F9198C20F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{9837CD40-5D10-4242-AD19-AE516C84F22A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9D5E8AA6-B0A4-47FF-8737-950168815C10}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A870EE6A-0D9B-4E6F-82DE-66752DF81127}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D8CE3D03-CA97-400B-BDB3-7A8CC0EB15B6}" = dir=in | app=c:\users\lütfiye\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{187EBB5D-DC5F-44AA-916A-24D23BB97038}C:\windows\system32\mspaint.exe" = protocol=6 | dir=in | app=c:\windows\system32\mspaint.exe | 
"TCP Query User{209C82FF-91D8-41A0-A8AF-8928E0B4A2DB}C:\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd64.exe | 
"TCP Query User{2F58E1B4-CB49-4895-9B74-F9B6521E11C6}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{43E4E80A-52D0-4BB5-81C8-6DCC6678C320}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BAF3BB1B-67A0-49EB-8B28-7CE3781FBCCF}C:\users\k  d  r\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\k  d  r\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{CE1F9217-B2D9-4FBA-993B-E3663D33006B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{14975B32-2071-4AAF-8E6D-EAE4974EFBED}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{53CC1D83-2068-4C9D-A692-526655527B00}C:\users\k  d  r\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\k  d  r\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{80611D47-CB58-423C-8AA4-AF13DEA5C053}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{93001508-FF33-446C-B1C0-6E6FDB37FE02}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{9B451BBC-C5C8-4A0D-A42D-76A1EFAFB417}C:\windows\system32\mspaint.exe" = protocol=17 | dir=in | app=c:\windows\system32\mspaint.exe | 
"UDP Query User{CE210735-6F79-4F86-8DE0-007EA200BE2D}C:\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd64.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 1.0
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8AAE8CB9-F81F-5D8B-7A5B-7E752C5B3A0F}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D08C812A-2C35-6151-E597-442886FC4E45}" = ATI AVIVO64 Codecs
"{D2A2F59A-E2A2-3FFC-6625-1BF6FD15404D}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF0E5BB-3000-B250-AFE3-2CE2CC8A674A}" = Catalyst Control Center Graphics Light
"{15CF27BF-4F98-D22B-273D-6CF83B7DBE74}" = Catalyst Control Center Graphics Previews Vista
"{1629D458-416F-AA45-F9EA-D6425AC4087C}" = Catalyst Control Center Core Implementation
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{306A54B5-65AC-3B75-AB17-2E3D3FE249F9}" = Catalyst Control Center Graphics Full New
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52F7A893-C867-F785-0BC6-C2215D711FAE}" = Catalyst Control Center Graphics Full Existing
"{5364B250-C32E-94A6-E604-B09F461DB163}" = Catalyst Control Center Localization All
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94531B9D-7924-F3BE-71E2-CC646EF4627E}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Audio Pack 1
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD9803C1-A7A9-F06B-4DC0-AB3666B2D423}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3CFC03A-8CA2-5EDC-56E3-46FE58478526}" = ccc-core-static
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.78
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP490 series Benutzerregistrierung" = Canon MP490 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HWiNFO32_is1" = HWiNFO32 Version 3.84
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Opera 12.02.1578" = Opera 12.02
"Picasa 3" = Picasa 3
"Video Converter" = Video Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XFastUsb" = XFastUsb
"xvid" = XviD MPEG-4 Video Codec
"YouTube Song Downloader_is1" = YouTube Song Downloader
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2012 12:56:01 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 18.11.2012 12:56:01 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 18.11.2012 22:22:50 | Computer Name = Aydin-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 18.11.2012 22:27:03 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 18.11.2012 22:27:03 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 18.11.2012 22:27:03 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 19.11.2012 08:58:15 | Computer Name = Aydin-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 19.11.2012 09:02:44 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.11.2012 09:02:44 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.11.2012 09:02:44 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:11 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 13:55:11 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 18.11.2012 22:23:49 | Computer Name = Aydin-PC | Source = DCOM | ID = 10001
Description = 
 
 
< End of report >
         

Alt 20.11.2012, 11:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Schon irgendwelche Scans mit anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 20.11.2012, 19:23   #3
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Gelesen und Verstanden
Hoffe hab bis jetzt alles richtig gemacht
__________________

Alt 20.11.2012, 20:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Ganz unten bei meiner ersten AW hatte ich noch eine Frage
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2012, 09:45   #5
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Ich habe mit Malwarebytes gescant (Quick-Scan), aber es wurde nix gefunden.


Alt 21.11.2012, 15:14   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Es geht aber nicht nur um Malwarebytes sondern auch um andere Virenscanner - und dazu hätte ich gern alle Logs gesehen sofern da Funde bei sind
__________________
--> Falsche google Weiterleitung

Alt 23.11.2012, 15:02   #7
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Ich hatte mal vor 3-4 Wochen mit AntiVir gescannt und es wurden auch 3 Dateien gelöscht.
Hatte das Problem trotzdem nicht gelöst. Kann man die Logs dazu noch finden ?

Danach hab ich kein Scan mehr durchgeführt.

Alt 23.11.2012, 15:26   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Zitat:
Hatte das Problem trotzdem nicht gelöst. Kann man die Logs dazu noch finden ?
Wurde doch schon in meiner ersten Antwort ganz unten verlinkt wo du das finden kannst
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.11.2012, 15:34   #9
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Ereignisse.txt
Code:
ATTFilter
Exportierte Ereignisse:

03.11.2012 00:13 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\kadir\AppData\Local\Temp\plugtmp\plugin-changes_days.php'
      wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dld' [exploit] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

28.10.2012 20:34 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\A\
      2F\F7445d01'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Pidief.dis' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58a11a56.qua' 
      verschoben!

28.10.2012 20:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\A\
      2F\F7445d01'
      wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dis' [exploit] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

28.10.2012 20:20 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\0\
      59\BD76Bd01'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Pidief.dkg' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '575d107d.qua' 
      verschoben!

28.10.2012 20:19 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\0\
      59\BD76Bd01'
      wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dkm' [exploit] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner
         

Alt 23.11.2012, 16:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.11.2012, 01:43   #11
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



aswMBR.txt
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-25 02:27:12
-----------------------------
02:27:12.464    OS Version: Windows x64 6.1.7600 
02:27:12.464    Number of processors: 4 586 0x2A07
02:27:12.464    ComputerName: AYDIN-PC  UserName: Aydin
02:27:13.198    Initialize success
02:28:59.274    AVAST engine defs: 12112401
02:29:29.210    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
02:29:29.210    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
02:29:29.226    Disk 0 MBR read successfully
02:29:29.226    Disk 0 MBR scan
02:29:29.226    Disk 0 Windows 7 default MBR code
02:29:29.241    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
02:29:29.257    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
02:29:29.273    Disk 0 scanning C:\Windows\system32\drivers
02:29:35.747    Service scanning
02:29:49.428    Modules scanning
02:29:49.428    Disk 0 trace - called modules:
02:29:49.443    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 
02:29:49.443    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080bd060]
02:29:49.958    3 CLASSPNP.SYS[fffff880018a743f] -> nt!IofCallDriver -> [0xfffffa8007a589b0]
02:29:49.958    5 ACPI.sys[fffff88000f8b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa8007a6b060]
02:29:50.769    AVAST engine scan C:\Windows
02:29:57.415    AVAST engine scan C:\Windows\system32
02:32:05.413    AVAST engine scan C:\Windows\system32\drivers
02:32:25.615    AVAST engine scan C:\Users\Aydin
02:33:44.895    AVAST engine scan C:\ProgramData
02:36:51.065    Scan finished successfully
02:37:47.444    Disk 0 MBR has been saved successfully to "C:\Users\Aydin\Desktop\MBR.dat"
02:37:47.444    The log file has been saved successfully to "C:\Users\Aydin\Desktop\aswMBR.txt"
         
TDSSKiller.txt
Code:
ATTFilter
02:38:22.0122 1928  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:38:22.0262 1928  ============================================================
02:38:22.0262 1928  Current date / time: 2012/11/25 02:38:22.0262
02:38:22.0262 1928  SystemInfo:
02:38:22.0262 1928  
02:38:22.0262 1928  OS Version: 6.1.7600 ServicePack: 0.0
02:38:22.0262 1928  Product type: Workstation
02:38:22.0262 1928  ComputerName: AYDIN-PC
02:38:22.0262 1928  UserName: Aydin
02:38:22.0262 1928  Windows directory: C:\Windows
02:38:22.0262 1928  System windows directory: C:\Windows
02:38:22.0262 1928  Running under WOW64
02:38:22.0262 1928  Processor architecture: Intel x64
02:38:22.0262 1928  Number of processors: 4
02:38:22.0262 1928  Page size: 0x1000
02:38:22.0262 1928  Boot type: Normal boot
02:38:22.0262 1928  ============================================================
02:38:23.0307 1928  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:38:23.0307 1928  Drive \Device\Harddisk1\DR1 - Size: 0x7840FE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:38:23.0307 1928  ============================================================
02:38:23.0307 1928  \Device\Harddisk0\DR0:
02:38:23.0307 1928  MBR partitions:
02:38:23.0307 1928  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:38:23.0307 1928  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
02:38:23.0307 1928  \Device\Harddisk1\DR1:
02:38:23.0307 1928  MBR partitions:
02:38:23.0307 1928  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
02:38:23.0307 1928  ============================================================
02:38:23.0338 1928  C: <-> \Device\Harddisk0\DR0\Partition2
02:38:23.0338 1928  ============================================================
02:38:23.0338 1928  Initialize success
02:38:23.0338 1928  ============================================================
02:38:39.0672 2508  ============================================================
02:38:39.0672 2508  Scan started
02:38:39.0672 2508  Mode: Manual; SigCheck; TDLFS; 
02:38:39.0672 2508  ============================================================
02:38:40.0186 2508  ================ Scan system memory ========================
02:38:40.0186 2508  System memory - ok
02:38:40.0186 2508  ================ Scan services =============================
02:38:40.0296 2508  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
02:38:40.0374 2508  1394ohci - ok
02:38:40.0389 2508  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
02:38:40.0405 2508  ACPI - ok
02:38:40.0420 2508  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
02:38:40.0452 2508  AcpiPmi - ok
02:38:40.0530 2508  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:38:40.0545 2508  AdobeARMservice - ok
02:38:40.0623 2508  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:38:40.0639 2508  AdobeFlashPlayerUpdateSvc - ok
02:38:40.0670 2508  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
02:38:40.0686 2508  adp94xx - ok
02:38:40.0701 2508  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
02:38:40.0717 2508  adpahci - ok
02:38:40.0717 2508  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
02:38:40.0732 2508  adpu320 - ok
02:38:40.0764 2508  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:38:40.0857 2508  AeLookupSvc - ok
02:38:40.0888 2508  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
02:38:40.0920 2508  AFD - ok
02:38:40.0935 2508  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
02:38:40.0951 2508  agp440 - ok
02:38:40.0966 2508  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
02:38:41.0013 2508  ALG - ok
02:38:41.0013 2508  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
02:38:41.0029 2508  aliide - ok
02:38:41.0138 2508  ALSysIO - ok
02:38:41.0169 2508  [ 0D9598C1FD091F07757B45C6A6F6C535 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:38:41.0216 2508  AMD External Events Utility - ok
02:38:41.0232 2508  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
02:38:41.0247 2508  amdide - ok
02:38:41.0247 2508  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
02:38:41.0278 2508  AmdK8 - ok
02:38:41.0278 2508  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
02:38:41.0310 2508  AmdPPM - ok
02:38:41.0341 2508  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
02:38:41.0356 2508  amdsata - ok
02:38:41.0372 2508  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
02:38:41.0388 2508  amdsbs - ok
02:38:41.0388 2508  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
02:38:41.0403 2508  amdxata - ok
02:38:41.0450 2508  [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
02:38:41.0466 2508  AntiVirSchedulerService - ok
02:38:41.0512 2508  [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
02:38:41.0512 2508  AntiVirService - ok
02:38:41.0544 2508  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
02:38:41.0606 2508  AppID - ok
02:38:41.0622 2508  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
02:38:41.0668 2508  AppIDSvc - ok
02:38:41.0684 2508  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
02:38:41.0700 2508  Appinfo - ok
02:38:41.0715 2508  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
02:38:41.0731 2508  arc - ok
02:38:41.0731 2508  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
02:38:41.0746 2508  arcsas - ok
02:38:41.0824 2508  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:38:41.0840 2508  aspnet_state - ok
02:38:41.0871 2508  [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
02:38:41.0887 2508  AsrAppCharger - ok
02:38:41.0902 2508  [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb         C:\Windows\system32\drivers\asusgsb.sys
02:38:41.0918 2508  asusgsb ( UnsignedFile.Multi.Generic ) - warning
02:38:41.0918 2508  asusgsb - detected UnsignedFile.Multi.Generic (1)
02:38:41.0949 2508  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:38:42.0012 2508  AsyncMac - ok
02:38:42.0027 2508  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
02:38:42.0043 2508  atapi - ok
02:38:42.0058 2508  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
02:38:42.0074 2508  AtiHdmiService - ok
02:38:42.0168 2508  [ 7052120D5AB25AB292E8C9DA46BB2FE1 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
02:38:42.0261 2508  atikmdag - ok
02:38:42.0277 2508  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:38:42.0324 2508  AudioEndpointBuilder - ok
02:38:42.0324 2508  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
02:38:42.0355 2508  AudioSrv - ok
02:38:42.0386 2508  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
02:38:42.0386 2508  avgntflt - ok
02:38:42.0417 2508  [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
02:38:42.0417 2508  avipbb - ok
02:38:42.0433 2508  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
02:38:42.0448 2508  avkmgr - ok
02:38:42.0480 2508  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
02:38:42.0542 2508  AxInstSV - ok
02:38:42.0573 2508  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
02:38:42.0620 2508  b06bdrv - ok
02:38:42.0636 2508  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
02:38:42.0682 2508  b57nd60a - ok
02:38:42.0714 2508  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
02:38:42.0745 2508  BDESVC - ok
02:38:42.0760 2508  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:38:42.0807 2508  Beep - ok
02:38:42.0854 2508  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
02:38:42.0901 2508  BFE - ok
02:38:42.0932 2508  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
02:38:42.0963 2508  BITS - ok
02:38:42.0979 2508  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
02:38:42.0994 2508  blbdrive - ok
02:38:43.0026 2508  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:38:43.0057 2508  bowser - ok
02:38:43.0072 2508  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:38:43.0104 2508  BrFiltLo - ok
02:38:43.0104 2508  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:38:43.0119 2508  BrFiltUp - ok
02:38:43.0150 2508  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
02:38:43.0182 2508  Browser - ok
02:38:43.0197 2508  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
02:38:43.0228 2508  Brserid - ok
02:38:43.0228 2508  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
02:38:43.0244 2508  BrSerWdm - ok
02:38:43.0275 2508  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
02:38:43.0291 2508  BrUsbMdm - ok
02:38:43.0291 2508  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
02:38:43.0306 2508  BrUsbSer - ok
02:38:43.0322 2508  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
02:38:43.0338 2508  BTHMODEM - ok
02:38:43.0353 2508  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
02:38:43.0384 2508  bthserv - ok
02:38:43.0400 2508  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:38:43.0431 2508  cdfs - ok
02:38:43.0447 2508  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
02:38:43.0447 2508  cdrom - ok
02:38:43.0462 2508  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
02:38:43.0494 2508  CertPropSvc - ok
02:38:43.0494 2508  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
02:38:43.0509 2508  circlass - ok
02:38:43.0525 2508  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
02:38:43.0540 2508  CLFS - ok
02:38:43.0587 2508  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:38:43.0603 2508  clr_optimization_v2.0.50727_32 - ok
02:38:43.0618 2508  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:38:43.0634 2508  clr_optimization_v2.0.50727_64 - ok
02:38:43.0696 2508  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:38:43.0743 2508  clr_optimization_v4.0.30319_32 - ok
02:38:43.0759 2508  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:38:43.0774 2508  clr_optimization_v4.0.30319_64 - ok
02:38:43.0790 2508  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
02:38:43.0821 2508  CmBatt - ok
02:38:43.0837 2508  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
02:38:43.0852 2508  cmdide - ok
02:38:43.0868 2508  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
02:38:43.0899 2508  CNG - ok
02:38:43.0915 2508  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
02:38:43.0915 2508  Compbatt - ok
02:38:43.0946 2508  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
02:38:43.0962 2508  CompositeBus - ok
02:38:43.0962 2508  COMSysApp - ok
02:38:43.0977 2508  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
02:38:43.0993 2508  crcdisk - ok
02:38:44.0024 2508  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
02:38:44.0040 2508  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:38:44.0040 2508  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:38:44.0071 2508  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
02:38:44.0086 2508  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:38:44.0086 2508  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:38:44.0133 2508  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:38:44.0149 2508  CryptSvc - ok
02:38:44.0180 2508  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
02:38:44.0211 2508  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
02:38:44.0211 2508  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
02:38:44.0227 2508  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:38:44.0289 2508  DcomLaunch - ok
02:38:44.0305 2508  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
02:38:44.0367 2508  defragsvc - ok
02:38:44.0398 2508  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
02:38:44.0430 2508  DfsC - ok
02:38:44.0445 2508  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
02:38:44.0508 2508  Dhcp - ok
02:38:44.0523 2508  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
02:38:44.0586 2508  discache - ok
02:38:44.0617 2508  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
02:38:44.0617 2508  Disk - ok
02:38:44.0632 2508  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:38:44.0664 2508  Dnscache - ok
02:38:44.0695 2508  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
02:38:44.0742 2508  dot3svc - ok
02:38:44.0757 2508  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
02:38:44.0773 2508  DPS - ok
02:38:44.0804 2508  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:38:44.0820 2508  drmkaud - ok
02:38:44.0851 2508  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:38:44.0866 2508  dtsoftbus01 - ok
02:38:44.0898 2508  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:38:44.0929 2508  DXGKrnl - ok
02:38:44.0929 2508  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
02:38:44.0960 2508  EapHost - ok
02:38:45.0038 2508  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
02:38:45.0100 2508  ebdrv - ok
02:38:45.0116 2508  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
02:38:45.0163 2508  EFS - ok
02:38:45.0210 2508  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
02:38:45.0256 2508  ehRecvr - ok
02:38:45.0272 2508  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
02:38:45.0319 2508  ehSched - ok
02:38:45.0319 2508  EIO64 - ok
02:38:45.0334 2508  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
02:38:45.0366 2508  elxstor - ok
02:38:45.0381 2508  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
02:38:45.0412 2508  ErrDev - ok
02:38:45.0428 2508  [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
02:38:45.0444 2508  EtronHub3 - ok
02:38:45.0459 2508  [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
02:38:45.0490 2508  EtronXHCI - ok
02:38:45.0506 2508  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
02:38:45.0537 2508  EventSystem - ok
02:38:45.0553 2508  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
02:38:45.0584 2508  exfat - ok
02:38:45.0600 2508  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:38:45.0631 2508  fastfat - ok
02:38:45.0662 2508  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
02:38:45.0693 2508  Fax - ok
02:38:45.0693 2508  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
02:38:45.0693 2508  fdc - ok
02:38:45.0724 2508  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
02:38:45.0771 2508  fdPHost - ok
02:38:45.0787 2508  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
02:38:45.0802 2508  FDResPub - ok
02:38:45.0818 2508  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:38:45.0834 2508  FileInfo - ok
02:38:45.0834 2508  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:38:45.0865 2508  Filetrace - ok
02:38:45.0865 2508  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
02:38:45.0880 2508  flpydisk - ok
02:38:45.0880 2508  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:38:45.0896 2508  FltMgr - ok
02:38:45.0927 2508  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
02:38:45.0943 2508  FNETTBOH_305 - ok
02:38:45.0958 2508  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
02:38:45.0974 2508  FNETURPX - ok
02:38:46.0005 2508  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
02:38:46.0052 2508  FontCache - ok
02:38:46.0099 2508  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:38:46.0099 2508  FontCache3.0.0.0 - ok
02:38:46.0114 2508  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
02:38:46.0130 2508  FsDepends - ok
02:38:46.0146 2508  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
02:38:46.0161 2508  fssfltr - ok
02:38:46.0224 2508  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:38:46.0255 2508  fsssvc - ok
02:38:46.0270 2508  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:38:46.0270 2508  Fs_Rec - ok
02:38:46.0302 2508  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
02:38:46.0317 2508  fvevol - ok
02:38:46.0333 2508  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
02:38:46.0333 2508  gagp30kx - ok
02:38:46.0348 2508  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
02:38:46.0380 2508  gpsvc - ok
02:38:46.0458 2508  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:38:46.0473 2508  gupdate - ok
02:38:46.0473 2508  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:38:46.0489 2508  gupdatem - ok
02:38:46.0520 2508  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:38:46.0520 2508  gusvc - ok
02:38:46.0551 2508  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
02:38:46.0582 2508  hcw85cir - ok
02:38:46.0614 2508  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:38:46.0645 2508  HdAudAddService - ok
02:38:46.0676 2508  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
02:38:46.0707 2508  HDAudBus - ok
02:38:46.0723 2508  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
02:38:46.0738 2508  HidBatt - ok
02:38:46.0754 2508  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
02:38:46.0770 2508  HidBth - ok
02:38:46.0785 2508  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
02:38:46.0801 2508  HidIr - ok
02:38:46.0816 2508  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
02:38:46.0863 2508  hidserv - ok
02:38:46.0879 2508  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
02:38:46.0894 2508  HidUsb - ok
02:38:46.0926 2508  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:38:46.0972 2508  hkmsvc - ok
02:38:46.0988 2508  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:38:47.0019 2508  HomeGroupListener - ok
02:38:47.0035 2508  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:38:47.0050 2508  HomeGroupProvider - ok
02:38:47.0066 2508  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
02:38:47.0082 2508  HpSAMD - ok
02:38:47.0097 2508  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:38:47.0144 2508  HTTP - ok
02:38:47.0191 2508  [ 17EFF7B20F4D110BAEC9652F126A8379 ] HWiNFO32        C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS
02:38:47.0191 2508  HWiNFO32 - ok
02:38:47.0206 2508  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
02:38:47.0206 2508  hwpolicy - ok
02:38:47.0222 2508  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
02:38:47.0222 2508  i8042prt - ok
02:38:47.0269 2508  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
02:38:47.0284 2508  iaStorV - ok
02:38:47.0316 2508  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:38:47.0331 2508  IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:38:47.0331 2508  IDriverT - detected UnsignedFile.Multi.Generic (1)
02:38:47.0378 2508  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:38:47.0409 2508  idsvc - ok
02:38:47.0581 2508  [ 174BCAC474DE13B2650E444CF124828E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
02:38:47.0784 2508  igfx - ok
02:38:47.0799 2508  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
02:38:47.0815 2508  iirsp - ok
02:38:47.0846 2508  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
02:38:47.0908 2508  IKEEXT - ok
02:38:47.0986 2508  [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:38:48.0018 2508  IntcAzAudAddService - ok
02:38:48.0064 2508  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
02:38:48.0096 2508  IntcDAud - ok
02:38:48.0111 2508  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
02:38:48.0127 2508  intelide - ok
02:38:48.0174 2508  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
02:38:48.0189 2508  intelppm - ok
02:38:48.0220 2508  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
02:38:48.0267 2508  IPBusEnum - ok
02:38:48.0283 2508  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:38:48.0298 2508  IpFilterDriver - ok
02:38:48.0314 2508  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:38:48.0361 2508  iphlpsvc - ok
02:38:48.0361 2508  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:38:48.0376 2508  IPMIDRV - ok
02:38:48.0392 2508  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
02:38:48.0423 2508  IPNAT - ok
02:38:48.0439 2508  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:38:48.0439 2508  IRENUM - ok
02:38:48.0454 2508  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
02:38:48.0470 2508  isapnp - ok
02:38:48.0486 2508  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
02:38:48.0501 2508  iScsiPrt - ok
02:38:48.0517 2508  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
02:38:48.0517 2508  kbdclass - ok
02:38:48.0532 2508  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
02:38:48.0548 2508  kbdhid - ok
02:38:48.0564 2508  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
02:38:48.0564 2508  KeyIso - ok
02:38:48.0595 2508  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:38:48.0595 2508  KSecDD - ok
02:38:48.0610 2508  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
02:38:48.0610 2508  KSecPkg - ok
02:38:48.0626 2508  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
02:38:48.0642 2508  ksthunk - ok
02:38:48.0673 2508  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:38:48.0704 2508  KtmRm - ok
02:38:48.0751 2508  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
02:38:48.0782 2508  LanmanServer - ok
02:38:48.0798 2508  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:38:48.0844 2508  LanmanWorkstation - ok
02:38:48.0860 2508  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:38:48.0891 2508  lltdio - ok
02:38:48.0907 2508  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:38:48.0938 2508  lltdsvc - ok
02:38:48.0954 2508  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:38:48.0969 2508  lmhosts - ok
02:38:49.0047 2508  [ 9AD4BEE2FE76D4CA39AC969B617E94FB ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:38:49.0063 2508  LMS - ok
02:38:49.0094 2508  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
02:38:49.0110 2508  LSI_FC - ok
02:38:49.0125 2508  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
02:38:49.0141 2508  LSI_SAS - ok
02:38:49.0141 2508  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:38:49.0156 2508  LSI_SAS2 - ok
02:38:49.0172 2508  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:38:49.0188 2508  LSI_SCSI - ok
02:38:49.0203 2508  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
02:38:49.0234 2508  luafv - ok
02:38:49.0266 2508  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
02:38:49.0266 2508  MBAMProtector - ok
02:38:49.0297 2508  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:38:49.0312 2508  MBAMScheduler - ok
02:38:49.0328 2508  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:38:49.0344 2508  MBAMService - ok
02:38:49.0406 2508  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe
02:38:49.0422 2508  McComponentHostService - ok
02:38:49.0453 2508  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
02:38:49.0484 2508  Mcx2Svc - ok
02:38:49.0484 2508  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
02:38:49.0484 2508  megasas - ok
02:38:49.0500 2508  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
02:38:49.0515 2508  MegaSR - ok
02:38:49.0531 2508  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
02:38:49.0531 2508  MEIx64 - ok
02:38:49.0531 2508  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
02:38:49.0562 2508  MMCSS - ok
02:38:49.0593 2508  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
02:38:49.0640 2508  Modem - ok
02:38:49.0656 2508  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
02:38:49.0687 2508  monitor - ok
02:38:49.0718 2508  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
02:38:49.0734 2508  mouclass - ok
02:38:49.0749 2508  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
02:38:49.0765 2508  mouhid - ok
02:38:49.0780 2508  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
02:38:49.0796 2508  mountmgr - ok
02:38:49.0827 2508  MozillaMaintenance - ok
02:38:49.0843 2508  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
02:38:49.0858 2508  mpio - ok
02:38:49.0858 2508  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:38:49.0874 2508  mpsdrv - ok
02:38:49.0905 2508  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:38:49.0952 2508  MpsSvc - ok
02:38:49.0952 2508  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:38:49.0968 2508  MRxDAV - ok
02:38:49.0983 2508  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:38:50.0014 2508  mrxsmb - ok
02:38:50.0014 2508  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:38:50.0046 2508  mrxsmb10 - ok
02:38:50.0046 2508  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:38:50.0061 2508  mrxsmb20 - ok
02:38:50.0077 2508  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
02:38:50.0077 2508  msahci - ok
02:38:50.0092 2508  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
02:38:50.0092 2508  msdsm - ok
02:38:50.0108 2508  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
02:38:50.0124 2508  MSDTC - ok
02:38:50.0124 2508  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:38:50.0155 2508  Msfs - ok
02:38:50.0170 2508  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
02:38:50.0202 2508  mshidkmdf - ok
02:38:50.0217 2508  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
02:38:50.0217 2508  msisadrv - ok
02:38:50.0248 2508  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:38:50.0264 2508  MSiSCSI - ok
02:38:50.0264 2508  msiserver - ok
02:38:50.0280 2508  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:38:50.0311 2508  MSKSSRV - ok
02:38:50.0326 2508  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:38:50.0342 2508  MSPCLOCK - ok
02:38:50.0373 2508  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:38:50.0389 2508  MSPQM - ok
02:38:50.0404 2508  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:38:50.0420 2508  MsRPC - ok
02:38:50.0436 2508  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
02:38:50.0436 2508  mssmbios - ok
02:38:50.0451 2508  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:38:50.0482 2508  MSTEE - ok
02:38:50.0498 2508  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
02:38:50.0514 2508  MTConfig - ok
02:38:50.0514 2508  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
02:38:50.0529 2508  Mup - ok
02:38:50.0545 2508  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
02:38:50.0607 2508  napagent - ok
02:38:50.0638 2508  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:38:50.0670 2508  NativeWifiP - ok
02:38:50.0732 2508  [ 7F79DA9E719D0774BDBC3622ABD3AFD9 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
02:38:50.0763 2508  NAUpdate - ok
02:38:50.0779 2508  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:38:50.0794 2508  NDIS - ok
02:38:50.0810 2508  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
02:38:50.0826 2508  NdisCap - ok
02:38:50.0841 2508  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:38:50.0872 2508  NdisTapi - ok
02:38:50.0872 2508  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:38:50.0904 2508  Ndisuio - ok
02:38:50.0919 2508  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:38:50.0935 2508  NdisWan - ok
02:38:50.0950 2508  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:38:50.0982 2508  NDProxy - ok
02:38:50.0982 2508  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:38:51.0013 2508  NetBIOS - ok
02:38:51.0028 2508  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
02:38:51.0060 2508  NetBT - ok
02:38:51.0075 2508  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
02:38:51.0075 2508  Netlogon - ok
02:38:51.0091 2508  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
02:38:51.0122 2508  Netman - ok
02:38:51.0153 2508  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0153 2508  NetMsmqActivator - ok
02:38:51.0184 2508  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0184 2508  NetPipeActivator - ok
02:38:51.0200 2508  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
02:38:51.0231 2508  netprofm - ok
02:38:51.0231 2508  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0231 2508  NetTcpActivator - ok
02:38:51.0231 2508  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0247 2508  NetTcpPortSharing - ok
02:38:51.0262 2508  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
02:38:51.0278 2508  nfrd960 - ok
02:38:51.0294 2508  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:38:51.0356 2508  NlaSvc - ok
02:38:51.0356 2508  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:38:51.0387 2508  Npfs - ok
02:38:51.0403 2508  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
02:38:51.0418 2508  nsi - ok
02:38:51.0434 2508  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:38:51.0465 2508  nsiproxy - ok
02:38:51.0496 2508  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:38:51.0528 2508  Ntfs - ok
02:38:51.0543 2508  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
02:38:51.0574 2508  Null - ok
02:38:51.0606 2508  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:38:51.0621 2508  nvraid - ok
02:38:51.0621 2508  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:38:51.0637 2508  nvstor - ok
02:38:51.0637 2508  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
02:38:51.0652 2508  nv_agp - ok
02:38:51.0668 2508  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
02:38:51.0684 2508  ohci1394 - ok
02:38:51.0699 2508  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
02:38:51.0746 2508  p2pimsvc - ok
02:38:51.0762 2508  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
02:38:51.0777 2508  p2psvc - ok
02:38:51.0793 2508  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
02:38:51.0808 2508  Parport - ok
02:38:51.0824 2508  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:38:51.0840 2508  partmgr - ok
02:38:51.0840 2508  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:38:51.0871 2508  PcaSvc - ok
02:38:51.0886 2508  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
02:38:51.0886 2508  pci - ok
02:38:51.0918 2508  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
02:38:51.0918 2508  pciide - ok
02:38:51.0933 2508  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
02:38:51.0933 2508  pcmcia - ok
02:38:51.0964 2508  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
02:38:51.0964 2508  pcw - ok
02:38:51.0980 2508  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
02:38:52.0011 2508  PEAUTH - ok
02:38:52.0058 2508  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
02:38:52.0089 2508  PerfHost - ok
02:38:52.0105 2508  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
02:38:52.0167 2508  pla - ok
02:38:52.0214 2508  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
02:38:52.0276 2508  PlugPlay - ok
02:38:52.0308 2508  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
02:38:52.0354 2508  PNRPAutoReg - ok
02:38:52.0386 2508  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
02:38:52.0401 2508  PNRPsvc - ok
02:38:52.0417 2508  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
02:38:52.0464 2508  PolicyAgent - ok
02:38:52.0479 2508  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
02:38:52.0510 2508  Power - ok
02:38:52.0526 2508  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
02:38:52.0557 2508  PptpMiniport - ok
02:38:52.0557 2508  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
02:38:52.0573 2508  Processor - ok
02:38:52.0604 2508  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
02:38:52.0635 2508  ProfSvc - ok
02:38:52.0635 2508  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:38:52.0651 2508  ProtectedStorage - ok
02:38:52.0666 2508  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
02:38:52.0729 2508  Psched - ok
02:38:52.0744 2508  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
02:38:52.0776 2508  ql2300 - ok
02:38:52.0791 2508  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
02:38:52.0807 2508  ql40xx - ok
02:38:52.0822 2508  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
02:38:52.0838 2508  QWAVE - ok
02:38:52.0854 2508  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
02:38:52.0869 2508  QWAVEdrv - ok
02:38:52.0869 2508  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
02:38:52.0900 2508  RasAcd - ok
02:38:52.0932 2508  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
02:38:52.0947 2508  RasAgileVpn - ok
02:38:52.0963 2508  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
02:38:52.0994 2508  RasAuto - ok
02:38:53.0010 2508  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
02:38:53.0041 2508  Rasl2tp - ok
02:38:53.0056 2508  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
02:38:53.0088 2508  RasMan - ok
02:38:53.0103 2508  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
02:38:53.0150 2508  RasPppoe - ok
02:38:53.0166 2508  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
02:38:53.0212 2508  RasSstp - ok
02:38:53.0228 2508  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
02:38:53.0275 2508  rdbss - ok
02:38:53.0290 2508  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
02:38:53.0306 2508  rdpbus - ok
02:38:53.0322 2508  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
02:38:53.0353 2508  RDPCDD - ok
02:38:53.0353 2508  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
02:38:53.0384 2508  RDPENCDD - ok
02:38:53.0400 2508  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
02:38:53.0431 2508  RDPREFMP - ok
02:38:53.0446 2508  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
02:38:53.0493 2508  RDPWD - ok
02:38:53.0493 2508  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
02:38:53.0509 2508  rdyboost - ok
02:38:53.0540 2508  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
02:38:53.0571 2508  RemoteAccess - ok
02:38:53.0587 2508  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
02:38:53.0618 2508  RemoteRegistry - ok
02:38:53.0618 2508  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
02:38:53.0665 2508  RpcEptMapper - ok
02:38:53.0665 2508  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
02:38:53.0680 2508  RpcLocator - ok
02:38:53.0712 2508  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
02:38:53.0743 2508  RpcSs - ok
02:38:53.0758 2508  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
02:38:53.0805 2508  rspndr - ok
02:38:53.0836 2508  [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
02:38:53.0852 2508  RTL8167 - ok
02:38:53.0852 2508  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
02:38:53.0868 2508  SamSs - ok
02:38:53.0883 2508  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
02:38:53.0883 2508  sbp2port - ok
02:38:53.0899 2508  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
02:38:53.0930 2508  SCardSvr - ok
02:38:53.0946 2508  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
02:38:53.0961 2508  scfilter - ok
02:38:53.0992 2508  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
02:38:54.0024 2508  Schedule - ok
02:38:54.0055 2508  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
02:38:54.0086 2508  SCPolicySvc - ok
02:38:54.0102 2508  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
02:38:54.0133 2508  SDRSVC - ok
02:38:54.0148 2508  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
02:38:54.0211 2508  secdrv - ok
02:38:54.0226 2508  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
02:38:54.0242 2508  seclogon - ok
02:38:54.0258 2508  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
02:38:54.0289 2508  SENS - ok
02:38:54.0289 2508  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
02:38:54.0304 2508  SensrSvc - ok
02:38:54.0304 2508  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
02:38:54.0320 2508  Serenum - ok
02:38:54.0336 2508  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
02:38:54.0367 2508  Serial - ok
02:38:54.0382 2508  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
02:38:54.0398 2508  sermouse - ok
02:38:54.0414 2508  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
02:38:54.0460 2508  SessionEnv - ok
02:38:54.0460 2508  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
02:38:54.0476 2508  sffdisk - ok
02:38:54.0492 2508  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:38:54.0492 2508  sffp_mmc - ok
02:38:54.0492 2508  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
02:38:54.0507 2508  sffp_sd - ok
02:38:54.0523 2508  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
02:38:54.0523 2508  sfloppy - ok
02:38:54.0538 2508  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
02:38:54.0601 2508  SharedAccess - ok
02:38:54.0632 2508  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:38:54.0663 2508  ShellHWDetection - ok
02:38:54.0679 2508  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:38:54.0694 2508  SiSRaid2 - ok
02:38:54.0710 2508  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
02:38:54.0726 2508  SiSRaid4 - ok
02:38:54.0741 2508  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
02:38:54.0788 2508  Smb - ok
02:38:54.0804 2508  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
02:38:54.0835 2508  SNMPTRAP - ok
02:38:54.0850 2508  [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
02:38:54.0866 2508  Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:38:54.0866 2508  Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:38:54.0882 2508  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
02:38:54.0897 2508  spldr - ok
02:38:54.0928 2508  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
02:38:54.0960 2508  Spooler - ok
02:38:55.0006 2508  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
02:38:55.0053 2508  sppsvc - ok
02:38:55.0084 2508  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
02:38:55.0131 2508  sppuinotify - ok
02:38:55.0147 2508  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
02:38:55.0178 2508  srv - ok
02:38:55.0194 2508  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
02:38:55.0225 2508  srv2 - ok
02:38:55.0256 2508  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
02:38:55.0272 2508  srvnet - ok
02:38:55.0303 2508  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
02:38:55.0334 2508  SSDPSRV - ok
02:38:55.0350 2508  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
02:38:55.0381 2508  SstpSvc - ok
02:38:55.0396 2508  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
02:38:55.0396 2508  stexstor - ok
02:38:55.0428 2508  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
02:38:55.0443 2508  stisvc - ok
02:38:55.0459 2508  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
02:38:55.0459 2508  swenum - ok
02:38:55.0474 2508  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
02:38:55.0521 2508  swprv - ok
02:38:55.0552 2508  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
02:38:55.0584 2508  SysMain - ok
02:38:55.0599 2508  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:38:55.0615 2508  TabletInputService - ok
02:38:55.0630 2508  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
02:38:55.0662 2508  TapiSrv - ok
02:38:55.0677 2508  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
02:38:55.0693 2508  TBS - ok
02:38:55.0740 2508  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
02:38:55.0786 2508  Tcpip - ok
02:38:55.0818 2508  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
02:38:55.0833 2508  TCPIP6 - ok
02:38:55.0849 2508  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
02:38:55.0880 2508  tcpipreg - ok
02:38:55.0880 2508  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
02:38:55.0896 2508  TDPIPE - ok
02:38:55.0927 2508  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
02:38:55.0958 2508  TDTCP - ok
02:38:55.0958 2508  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
02:38:55.0989 2508  tdx - ok
02:38:56.0005 2508  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
02:38:56.0020 2508  TermDD - ok
02:38:56.0036 2508  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
02:38:56.0067 2508  TermService - ok
02:38:56.0098 2508  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
02:38:56.0114 2508  Themes - ok
02:38:56.0130 2508  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
02:38:56.0161 2508  THREADORDER - ok
02:38:56.0161 2508  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
02:38:56.0192 2508  TrkWks - ok
02:38:56.0223 2508  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:38:56.0239 2508  TrustedInstaller - ok
02:38:56.0254 2508  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
02:38:56.0286 2508  tssecsrv - ok
02:38:56.0317 2508  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
02:38:56.0364 2508  tunnel - ok
02:38:56.0364 2508  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
02:38:56.0379 2508  uagp35 - ok
02:38:56.0395 2508  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
02:38:56.0442 2508  udfs - ok
02:38:56.0473 2508  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
02:38:56.0473 2508  UI0Detect - ok
02:38:56.0488 2508  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
02:38:56.0504 2508  uliagpkx - ok
02:38:56.0504 2508  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
02:38:56.0520 2508  umbus - ok
02:38:56.0520 2508  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
02:38:56.0535 2508  UmPass - ok
02:38:56.0629 2508  [ CD114CE02A10FA79C229770788106842 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:38:56.0660 2508  UNS - ok
02:38:56.0676 2508  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
02:38:56.0707 2508  upnphost - ok
02:38:56.0722 2508  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
02:38:56.0738 2508  usbccgp - ok
02:38:56.0754 2508  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
02:38:56.0769 2508  usbcir - ok
02:38:56.0769 2508  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
02:38:56.0785 2508  usbehci - ok
02:38:56.0800 2508  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
02:38:56.0816 2508  usbhub - ok
02:38:56.0816 2508  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
02:38:56.0832 2508  usbohci - ok
02:38:56.0863 2508  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
02:38:56.0894 2508  usbprint - ok
02:38:56.0925 2508  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
02:38:56.0941 2508  usbscan - ok
02:38:56.0956 2508  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:38:56.0988 2508  USBSTOR - ok
02:38:57.0003 2508  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
02:38:57.0019 2508  usbuhci - ok
02:38:57.0034 2508  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
02:38:57.0050 2508  UxSms - ok
02:38:57.0066 2508  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
02:38:57.0066 2508  VaultSvc - ok
02:38:57.0081 2508  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
02:38:57.0081 2508  vdrvroot - ok
02:38:57.0097 2508  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
02:38:57.0128 2508  vds - ok
02:38:57.0144 2508  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
02:38:57.0159 2508  vga - ok
02:38:57.0175 2508  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
02:38:57.0206 2508  VgaSave - ok
02:38:57.0206 2508  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
02:38:57.0222 2508  vhdmp - ok
02:38:57.0222 2508  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
02:38:57.0237 2508  viaide - ok
02:38:57.0253 2508  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
02:38:57.0253 2508  volmgr - ok
02:38:57.0268 2508  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
02:38:57.0268 2508  volmgrx - ok
02:38:57.0300 2508  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
02:38:57.0300 2508  volsnap - ok
02:38:57.0331 2508  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
02:38:57.0331 2508  vsmraid - ok
02:38:57.0362 2508  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
02:38:57.0409 2508  VSS - ok
02:38:57.0424 2508  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
02:38:57.0440 2508  vwifibus - ok
02:38:57.0456 2508  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
02:38:57.0487 2508  W32Time - ok
02:38:57.0487 2508  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
02:38:57.0502 2508  WacomPen - ok
02:38:57.0518 2508  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
02:38:57.0565 2508  WANARP - ok
02:38:57.0565 2508  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
02:38:57.0580 2508  Wanarpv6 - ok
02:38:57.0643 2508  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
02:38:57.0674 2508  WatAdminSvc - ok
02:38:57.0705 2508  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
02:38:57.0736 2508  wbengine - ok
02:38:57.0752 2508  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
02:38:57.0768 2508  WbioSrvc - ok
02:38:57.0783 2508  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
02:38:57.0814 2508  wcncsvc - ok
02:38:57.0814 2508  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:38:57.0830 2508  WcsPlugInService - ok
02:38:57.0892 2508  [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
02:38:57.0908 2508  WCUService_STC_IE - ok
02:38:57.0924 2508  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
02:38:57.0939 2508  Wd - ok
02:38:57.0939 2508  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
02:38:57.0955 2508  Wdf01000 - ok
02:38:57.0970 2508  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
02:38:58.0002 2508  WdiServiceHost - ok
02:38:58.0002 2508  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
02:38:58.0002 2508  WdiSystemHost - ok
02:38:58.0033 2508  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
02:38:58.0048 2508  WebClient - ok
02:38:58.0064 2508  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
02:38:58.0111 2508  Wecsvc - ok
02:38:58.0126 2508  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
02:38:58.0189 2508  wercplsupport - ok
02:38:58.0204 2508  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
02:38:58.0220 2508  WerSvc - ok
02:38:58.0236 2508  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
02:38:58.0251 2508  WfpLwf - ok
02:38:58.0267 2508  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
02:38:58.0282 2508  WIMMount - ok
02:38:58.0298 2508  WinDefend - ok
02:38:58.0298 2508  WinHttpAutoProxySvc - ok
02:38:58.0329 2508  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
02:38:58.0376 2508  Winmgmt - ok
02:38:58.0423 2508  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
02:38:58.0454 2508  WinRM - ok
02:38:58.0501 2508  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
02:38:58.0532 2508  WinUsb - ok
02:38:58.0548 2508  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
02:38:58.0579 2508  Wlansvc - ok
02:38:58.0641 2508  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:38:58.0657 2508  wlcrasvc - ok
02:38:58.0735 2508  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:38:58.0766 2508  wlidsvc - ok
02:38:58.0782 2508  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
02:38:58.0782 2508  WmiAcpi - ok
02:38:58.0797 2508  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
02:38:58.0828 2508  wmiApSrv - ok
02:38:58.0828 2508  WMPNetworkSvc - ok
02:38:58.0844 2508  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
02:38:58.0860 2508  WPCSvc - ok
02:38:58.0875 2508  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
02:38:58.0922 2508  WPDBusEnum - ok
02:38:58.0922 2508  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
02:38:58.0984 2508  ws2ifsl - ok
02:38:59.0000 2508  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
02:38:59.0016 2508  wscsvc - ok
02:38:59.0016 2508  WSearch - ok
02:38:59.0078 2508  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
02:38:59.0125 2508  wuauserv - ok
02:38:59.0140 2508  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
02:38:59.0172 2508  WudfPf - ok
02:38:59.0203 2508  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
02:38:59.0218 2508  WUDFRd - ok
02:38:59.0234 2508  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
02:38:59.0265 2508  wudfsvc - ok
02:38:59.0281 2508  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
02:38:59.0296 2508  WwanSvc - ok
02:38:59.0296 2508  ================ Scan global ===============================
02:38:59.0312 2508  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:38:59.0328 2508  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
02:38:59.0328 2508  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
02:38:59.0359 2508  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:38:59.0374 2508  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:38:59.0374 2508  [Global] - ok
02:38:59.0374 2508  ================ Scan MBR ==================================
02:38:59.0390 2508  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:38:59.0546 2508  \Device\Harddisk0\DR0 - ok
02:38:59.0546 2508  [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk1\DR1
02:38:59.0686 2508  \Device\Harddisk1\DR1 - ok
02:38:59.0686 2508  ================ Scan VBR ==================================
02:38:59.0686 2508  [ DDAB35212EAF7CD46AA5AAAEFF1F1F0D ] \Device\Harddisk0\DR0\Partition1
02:38:59.0686 2508  \Device\Harddisk0\DR0\Partition1 - ok
02:38:59.0718 2508  [ B8EB3376BF3FE0BBEE9400EBFA6894A1 ] \Device\Harddisk0\DR0\Partition2
02:38:59.0718 2508  \Device\Harddisk0\DR0\Partition2 - ok
02:38:59.0718 2508  [ EBE63DDAE4DD5E8AFEB29838BBB7FFD0 ] \Device\Harddisk1\DR1\Partition1
02:38:59.0718 2508  \Device\Harddisk1\DR1\Partition1 - ok
02:38:59.0718 2508  ============================================================
02:38:59.0718 2508  Scan finished
02:38:59.0718 2508  ============================================================
02:38:59.0733 1256  Detected object count: 6
02:38:59.0733 1256  Actual detected object count: 6
02:39:12.0338 1256  asusgsb ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256  asusgsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:39:12.0338 1256  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:39:12.0338 1256  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:39:12.0338 1256  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:39:12.0338 1256  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:39:12.0338 1256  Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256  Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:39:48.0022 1416  Deinitialize success
         

Alt 26.11.2012, 15:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2012, 07:49   #13
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-04.01 - Aydin 05.12.2012   8:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.8105.6781 [GMT 1:00]
ausgeführt von:: c:\users\Aydin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmpD5A6.tmp
c:\windows\SysWow64\tmpD5A7.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-05 bis 2012-12-05  ))))))))))))))))))))))))))))))
.
.
2012-12-05 07:38 . 2012-12-05 07:38	--------	d-----w-	c:\users\lütfiye\AppData\Local\temp
2012-12-05 07:38 . 2012-12-05 07:38	--------	d-----w-	c:\users\kadir\AppData\Local\temp
2012-12-05 07:38 . 2012-12-05 07:38	--------	d-----w-	c:\users\K  D  R\AppData\Local\temp
2012-12-05 07:38 . 2012-12-05 07:38	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-12-05 07:38 . 2012-12-05 07:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-04 15:04 . 2012-12-04 15:04	--------	d-----w-	c:\users\lütfiye\AppData\Local\{8AE06305-F987-4799-B471-A1B6278F96EC}
2012-12-03 23:50 . 2012-12-03 23:51	--------	d-----w-	c:\users\lütfiye\AppData\Local\{112CC64C-27DA-401F-90EE-F885BE5F7532}
2012-12-03 11:50 . 2012-12-03 11:50	--------	d-----w-	c:\users\lütfiye\AppData\Local\{03B888F6-8D99-40A4-8DE7-08EBE663298E}
2012-12-02 21:29 . 2012-12-02 21:29	--------	d-----w-	c:\users\kadir\AppData\Roaming\Malwarebytes
2012-12-02 17:35 . 2012-12-02 17:35	--------	d-----w-	c:\users\lütfiye\AppData\Local\{689E8C15-A7DB-4482-954A-DF80EBCCC77A}
2012-12-02 00:20 . 2012-12-02 00:20	--------	d-----w-	c:\users\lütfiye\AppData\Local\{C1F1AB6C-259E-4D1D-A061-C49FAF49C8DB}
2012-12-01 10:50 . 2012-12-01 10:50	--------	d-----w-	c:\users\lütfiye\AppData\Local\{D269B840-13D2-4026-9349-C835C6EBBFC9}
2012-11-30 23:27 . 2012-11-30 23:27	--------	d-----w-	c:\users\lütfiye\AppData\Local\{782CBC42-E2D4-407E-B7EA-2F0CA448F843}
2012-11-30 11:26 . 2012-11-30 11:27	--------	d-----w-	c:\users\lütfiye\AppData\Local\{DDC12956-0C63-47C0-B338-418A2C158F32}
2012-11-29 22:09 . 2012-11-29 22:09	--------	d-----w-	c:\users\lütfiye\AppData\Local\{A3B69CC7-8F7B-4BFA-AC5B-796DAECB6BAF}
2012-11-29 10:08 . 2012-11-29 10:08	--------	d-----w-	c:\users\lütfiye\AppData\Local\{C361F852-4CB8-4952-91CD-EB5013554B91}
2012-11-28 11:32 . 2012-11-28 11:32	--------	d-----w-	c:\users\lütfiye\AppData\Local\{87C605AF-05AF-4EE8-A2EA-CA6F2F8F5817}
2012-11-27 14:39 . 2012-11-27 14:39	--------	d-----w-	c:\users\lütfiye\AppData\Local\{D9F16535-756E-48E4-977A-78E63C0DFC9B}
2012-11-26 19:11 . 2012-11-26 19:11	--------	d-----w-	c:\users\lütfiye\AppData\Local\{A37EDFE8-D791-4E1E-834A-EB4249D578BC}
2012-11-26 06:41 . 2012-11-26 06:41	--------	d-----w-	c:\users\lütfiye\AppData\Local\{8F8187F1-60A1-49BB-8A18-936AFDB91809}
2012-11-25 11:23 . 2012-11-25 11:23	--------	d-----w-	c:\users\lütfiye\AppData\Local\{A87FD08A-CF5C-447C-907F-582740264115}
2012-11-24 13:28 . 2012-11-24 13:28	--------	d-----w-	c:\users\lütfiye\AppData\Local\{27C8BAAF-8719-4597-81DA-3709A4E9AEE8}
2012-11-24 01:01 . 2012-11-24 01:02	--------	d-----w-	c:\users\lütfiye\AppData\Local\{1AF42959-682A-4272-8D77-F82A42205574}
2012-11-23 13:01 . 2012-11-23 13:01	--------	d-----w-	c:\users\lütfiye\AppData\Local\{183F2E86-A06F-46D2-83B1-2A967C979F0C}
2012-11-22 15:20 . 2012-11-22 15:20	--------	d-----w-	c:\users\lütfiye\AppData\Local\{3DBBFB46-A56D-430B-A313-F347C7C7EEF2}
2012-11-21 20:00 . 2012-11-21 20:00	--------	d-----w-	c:\users\lütfiye\AppData\Local\{8973BA59-0ACE-4F8B-8CAC-F33C05E9F693}
2012-11-20 14:18 . 2012-11-20 14:18	--------	d-----w-	c:\users\lütfiye\AppData\Local\{F4C922BD-BE1D-400C-B766-C5D1F008204F}
2012-11-16 22:21 . 2012-10-11 01:05	261600	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-16 21:49 . 2012-10-18 18:18	3147264	----a-w-	c:\windows\system32\win32k.sys
2012-11-16 21:49 . 2012-09-25 22:39	95744	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 21:49 . 2012-09-25 21:55	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-15 07:44 . 2012-11-15 07:44	--------	d-----w-	c:\users\kadir\AppData\Local\ElevatedDiagnostics
2012-11-09 11:29 . 2012-11-09 11:29	--------	d-----w-	c:\users\lütfiye\AppData\Local\{8BEE9258-B4D3-49E9-87EF-AC352FC16939}
2012-11-08 12:59 . 2012-11-08 12:59	--------	d-----w-	c:\users\lütfiye\AppData\Local\{7BB08083-8564-4E95-8E35-33A4C41DBCF3}
2012-11-07 14:39 . 2012-11-07 14:40	--------	d-----w-	c:\users\lütfiye\AppData\Local\{A8BBA5E7-4D7D-4BD0-B7B1-BBE93ECF8378}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-14 12:18 . 2012-10-14 12:18	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 12:18 . 2012-09-14 22:56	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-14 12:18 . 2011-09-02 23:03	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-10 12:35 . 2012-05-05 13:02	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 12:35 . 2011-08-24 05:13	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 12:35 . 2012-10-10 12:35	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-29 18:54 . 2012-10-14 10:25	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-14 19:23 . 2012-10-10 11:13	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 11:13	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 ALSysIO;ALSysIO;c:\users\Aydin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-24 79360]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-08-24 79360]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-25 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-08-24 15936]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-05-22 28032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-10 202752]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-11-04 31808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 12:35]
.
2012-12-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1005Core.job
- c:\users\K  D  R\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-17 01:04]
.
2012-12-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1005UA.job
- c:\users\K  D  R\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-17 01:04]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 07:54]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 07:54]
.
2012-12-05 c:\windows\Tasks\PCRVUIL.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-05  08:40:19
ComboFix-quarantined-files.txt  2012-12-05 07:40
.
Vor Suchlauf: 9 Verzeichnis(se), 946.407.272.448 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 948.219.670.528 Bytes frei
.
- - End Of File - - ADBCBA9538294504DA15A3ACD193B99D
         
--- --- ---

Alt 05.12.2012, 14:13   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2012, 21:34   #15
Kunde7
 
Falsche google Weiterleitung - Standard

Falsche google Weiterleitung



AdwCleaner[R2].txt
Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 05/12/2012 um 22:33:58 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Aydin - AYDIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aydin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (de)

Profilname : default 
Datei : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\prefs.js

Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{972ce4c6-7e08-4474-a285-320[...]

Profilname : default 
Datei : C:\Users\K  D  R\AppData\Roaming\Mozilla\Firefox\Profiles\6riju77y.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\kadir\AppData\Roaming\Mozilla\Firefox\Profiles\xgtmjevw.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\mcjolb7e.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Aydin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\lütfiye\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\K  D  R\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\kadir\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4250 octets] - [14/10/2012 13:31:13]
AdwCleaner[R2].txt - [1895 octets] - [05/12/2012 22:33:58]
AdwCleaner[S1].txt - [4157 octets] - [14/10/2012 13:31:30]

########## EOF - C:\AdwCleaner[R2].txt - [2015 octets] ##########
         

----
AdwCleaner[R1].txt
Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 14/10/2012 um 14:31:13 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Aydin - AYDIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aydin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\splashtop
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\splashtop
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\K  D  R\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\kadir\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\kadir\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\lütfiye\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\lütfiye\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKU\S-1-5-21-843483253-1178590098-1577449472-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");

Profilname : default 
Datei : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{972ce4c6-7e08-4474-a285-320[...]

Profilname : default 
Datei : C:\Users\K  D  R\AppData\Roaming\Mozilla\Firefox\Profiles\6riju77y.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\kadir\AppData\Roaming\Mozilla\Firefox\Profiles\xgtmjevw.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=d[...]

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\mcjolb7e.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Aydin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\lütfiye\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\K  D  R\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\kadir\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4127 octets] - [14/10/2012 14:31:13]

########## EOF - C:\AdwCleaner[R1].txt - [4187 octets] ##########
         
AdwCleaner[S1].txt

Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 14/10/2012 um 14:31:30 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Aydin - AYDIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aydin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\searchplugins\Askcom.xml
Gelöscht mit Neustart : C:\Program Files (x86)\splashtop
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\splashtop
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\K  D  R\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\kadir\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\kadir\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\lütfiye\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\lütfiye\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");

Profilname : default 
Datei : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{972ce4c6-7e08-4474-a285-320[...]

Profilname : default 
Datei : C:\Users\K  D  R\AppData\Roaming\Mozilla\Firefox\Profiles\6riju77y.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\kadir\AppData\Roaming\Mozilla\Firefox\Profiles\xgtmjevw.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=d[...]

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\mcjolb7e.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Users\Aydin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\lütfiye\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\K  D  R\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\kadir\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4250 octets] - [14/10/2012 14:31:13]
AdwCleaner[S1].txt - [4034 octets] - [14/10/2012 14:31:30]

########## EOF - C:\AdwCleaner[S1].txt - [4094 octets] ##########
         

Geändert von Kunde7 (05.12.2012 um 21:38 Uhr) Grund: alte Logs von AdwCleaner hinzugefügt

Antwort

Themen zu Falsche google Weiterleitung
antivir, application/pdf:, autorun, avira, bho, converter, downloader, error, fehler, firefox, flash player, google, helper, home, install.exe, logfile, problem, prozess, realtek, registry, rundll, scan, security, shopseite, software, suchmaschine, usb, windows, youtube downloader



Ähnliche Themen: Falsche google Weiterleitung


  1. Weiterleitung auf falsche links bei google
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (3)
  2. Google-Suchergebnisse: Falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (11)
  3. falsche Weiterleitung bei Google-Suchergebnissen
    Log-Analyse und Auswertung - 13.12.2012 (11)
  4. Firefox Google - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (8)
  5. Plötzlich erscheinender ton + falsche google weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (13)
  6. Falsche Link-Weiterleitung bei Google - Trojaner?
    Log-Analyse und Auswertung - 17.01.2012 (30)
  7. Google Suche: Weiterleitung auf falsche Seiten
    Log-Analyse und Auswertung - 15.12.2011 (28)
  8. Falsche weiterleitung durch Google und co.
    Log-Analyse und Auswertung - 16.11.2011 (5)
  9. Falsche Weiterleitung bei Google-Links
    Log-Analyse und Auswertung - 10.06.2011 (7)
  10. Google Trojaner (falsche Weiterleitung)
    Log-Analyse und Auswertung - 25.11.2010 (33)
  11. Google-Ergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (2)
  12. Falsche Weiterleitung von Google im Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 28.04.2009 (10)
  13. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 11.03.2009 (39)
  14. Falsche Weiterleitung bei Google-Links
    Plagegeister aller Art und deren Bekämpfung - 10.02.2009 (15)
  15. Google Suchergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 10.12.2007 (0)
  16. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 07.03.2007 (3)
  17. Falsche Weiterleitung bei google
    Mülltonne - 05.10.2006 (1)

Zum Thema Falsche google Weiterleitung - Hallo, ich habe das Problem, dass ich mit sämtlichen Webbrowser (Opera, FireFox) mit Google falsch auf Sex- und Shopseiten weitergeleitet werde. Ich starte Google, gebe was in die Suchmaschine ein, - Falsche google Weiterleitung...
Archiv
Du betrachtest: Falsche google Weiterleitung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.