Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: MP3 Player und USB Stick zeigen nur noch Verknüpfungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.04.2013, 20:05   #1
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hallo,

auf meinem MP3-Player und einem USB stick zeigt es seit einiger Zeit nur noch Verknüfungen an. Ich habe im Internet irgendwo gelesen, dass man die Dateien evtl. wieder sichtbar machen kann, wenn man versteckte Dateien anzeigen lässt. Das habe ich gemacht und jetzt sehe ich die Dateien auch wieder (aber nur blass). Mir ist dabei aufgefallen, dass ein leerer Ordner mit dem Namen 84612795 auf beiden Speichermedien ist. Ich habe meine Dateien dann auf den Desktop gespeichert und den MP3 Player formatiert. Meine Dateien waren danach weg, der leere Ordner jedoch nicht. Er lässt sich auch manuell nicht löschen.
Die Logs von Spybot und GMER habe ich angehängt. Gmer musste ich in zwei Dateien aufteilen, weil es zu groß war. Der Scan mit OTL hat nicht funktioniert, das Programm hat sich beim Scan der Firefox Einstellungen immer aufgehängt.
Ich hoffe das sind alle Informationen, die benötigt werden.

Vielen Dank für die Hilfe vorab,
Sava
Angehängte Dateien
Dateityp: log Scanner 07.04.2013.log (612 Bytes, 175x aufgerufen)
Dateityp: txt Gmer.txt (31,9 KB, 169x aufgerufen)
Dateityp: txt Gmer2.txt (82,9 KB, 159x aufgerufen)

Alt 08.04.2013, 15:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hallo und

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.04.2013, 17:36   #3
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hallo,

erstmal danke für die Antwort. Mein Virenprogramm schlägt immer mal wieder Alarm. Habe jetzt noch diesen Log dazu gefunden, mehr habe ich dann nicht:

Comodo:
Code:
ATTFilter
2011-11-23 18:26:33  	C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe  	.UnclassifiedMalware@1  	Erkennen  	Erfolgreich 
2011-11-23 18:26:33  	C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe  	.UnclassifiedMalware@1  	Fragen  	Erfolgreich 
2011-11-23 18:27:25  	C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe  	.UnclassifiedMalware@1  	Erkennen  	Erfolgreich 
2011-11-23 18:27:25  	C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe  	.UnclassifiedMalware@1  	Fragen  	Erfolgreich 
2011-11-23 18:27:26  	C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe  	.UnclassifiedMalware@1  	Entfernen  	Erfolgreich 
2011-11-23 18:27:28  	C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe  	.UnclassifiedMalware@1  	Entfernen  	Erfolgreich 
2011-11-29 19:51:05  	C:\Users\afshin3\Downloads\IMG04854912.JPG.scr  	UnclassifiedMalware@273361001  	Erkennen  	Erfolgreich 
2011-11-29 19:51:05  	C:\Users\afshin3\Downloads\IMG04854912.JPG.scr  	UnclassifiedMalware@273361001  	Fragen  	Erfolgreich 
2011-11-29 19:51:15  	C:\Users\afshin3\Downloads\IMG04854912.JPG.scr  	UnclassifiedMalware@273361001  	Entfernen  	Erfolgreich 
2011-11-30 19:28:44  	G:\84612795\MICIN.DIR.exe  	UnclassifiedMalware@273363651  	Erkennen  	Erfolgreich 
2011-11-30 19:28:44  	G:\84612795\FMIN.DIR.exe  	UnclassifiedMalware@273363651  	Erkennen  	Erfolgreich 
2011-11-30 19:28:45  	G:\84612795\MICIN.DIR.exe  	UnclassifiedMalware@273363651  	Fragen  	Erfolgreich 
2011-11-30 19:28:54  	G:\84612795\FMIN.DIR.exe  	UnclassifiedMalware@273363651  	Entfernen  	Erfolgreich 
2011-11-30 19:28:56  	G:\84612795\MICIN.DIR.exe  	UnclassifiedMalware@273363651  	Entfernen  	Erfolgreich 
2011-11-30 19:28:58  	G:\84612795\Manual.exe  	UnclassifiedMalware@273363651  	Erkennen  	Erfolgreich 
2011-11-30 19:28:58  	G:\84612795\Manual.exe  	UnclassifiedMalware@273363651  	Fragen  	Erfolgreich 
2011-11-30 19:29:02  	G:\84612795\Manual.exe  	UnclassifiedMalware@273363651  	Entfernen  	Erfolgreich 
2011-11-30 19:29:05  	G:\84612795\LINEIN.DIR.exe  	UnclassifiedMalware@273363651  	Erkennen  	Erfolgreich 
2011-11-30 19:29:05  	G:\84612795\LINEIN.DIR.exe  	UnclassifiedMalware@273363651  	Fragen  	Erfolgreich 
2011-11-30 19:29:09  	G:\84612795\LINEIN.DIR.exe  	UnclassifiedMalware@273363651  	Entfernen  	Erfolgreich 
2011-11-30 20:12:16  	C:\Users\afshin3\AppData\Local\Temp\0963411.exe  	UnclassifiedMalware@277088599  	Erkennen  	Erfolgreich 
2011-11-30 20:12:17  	C:\Users\afshin3\AppData\Local\Temp\0963411.exe  	UnclassifiedMalware@277088599  	Fragen  	Erfolgreich 
2011-11-30 20:12:21  	C:\Users\afshin3\AppData\Local\Temp\2958691.exe  	UnclassifiedMalware@277004752  	Erkennen  	Erfolgreich 
2011-11-30 20:12:21  	C:\Users\afshin3\AppData\Local\Temp\0963411.exe  	UnclassifiedMalware@277088599  	Entfernen  	Erfolgreich 
2011-11-30 20:12:21  	C:\Users\afshin3\AppData\Local\Temp\2958691.exe  	UnclassifiedMalware@277004752  	Fragen  	Erfolgreich 
2011-11-30 20:12:25  	C:\Users\afshin3\AppData\Local\Temp\4652755.exe  	UnclassifiedMalware@277004752  	Erkennen  	Erfolgreich 
2011-11-30 20:12:26  	C:\Users\afshin3\AppData\Local\Temp\4652755.exe  	UnclassifiedMalware@277004752  	Fragen  	Erfolgreich 
2011-11-30 20:12:26  	C:\Users\afshin3\AppData\Local\Temp\2958691.exe  	UnclassifiedMalware@277004752  	Entfernen  	Erfolgreich 
2011-11-30 20:12:28  	C:\Users\afshin3\AppData\Local\Temp\5460757.exe  	UnclassifiedMalware@276997862  	Erkennen  	Erfolgreich 
2011-11-30 20:12:28  	C:\Users\afshin3\AppData\Local\Temp\5460757.exe  	UnclassifiedMalware@276997862  	Fragen  	Erfolgreich 
2011-11-30 20:12:28  	C:\Users\afshin3\AppData\Local\Temp\4652755.exe  	UnclassifiedMalware@277004752  	Entfernen  	Erfolgreich 
2011-11-30 20:12:30  	C:\Users\afshin3\AppData\Local\Temp\8271217.exe  	UnclassifiedMalware@277088599  	Erkennen  	Erfolgreich 
2011-11-30 20:12:30  	C:\Users\afshin3\AppData\Local\Temp\8271217.exe  	UnclassifiedMalware@277088599  	Fragen  	Erfolgreich 
2011-11-30 20:12:31  	C:\Users\afshin3\AppData\Local\Temp\5460757.exe  	UnclassifiedMalware@276997862  	Entfernen  	Erfolgreich 
2011-11-30 20:12:33  	C:\Users\afshin3\AppData\Local\Temp\9349075.exe  	UnclassifiedMalware@277004752  	Erkennen  	Erfolgreich 
2011-11-30 20:12:33  	C:\Users\afshin3\AppData\Local\Temp\9349075.exe  	UnclassifiedMalware@277004752  	Fragen  	Erfolgreich 
2011-11-30 20:12:34  	C:\Users\afshin3\AppData\Local\Temp\8271217.exe  	UnclassifiedMalware@277088599  	Entfernen  	Erfolgreich 
2011-11-30 20:12:35  	C:\Users\afshin3\AppData\Local\Temp\9562887.exe  	UnclassifiedMalware@276997862  	Erkennen  	Erfolgreich 
2011-11-30 20:12:36  	C:\Users\afshin3\AppData\Local\Temp\9562887.exe  	UnclassifiedMalware@276997862  	Fragen  	Erfolgreich 
2011-11-30 20:12:36  	C:\Users\afshin3\AppData\Local\Temp\9349075.exe  	UnclassifiedMalware@277004752  	Entfernen  	Erfolgreich 
2011-11-30 20:12:38  	C:\Users\afshin3\AppData\Local\Temp\9562887.exe  	UnclassifiedMalware@276997862  	Entfernen  	Erfolgreich 
2011-11-30 20:13:35  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZON5DAC\fa[1].exe  	UnclassifiedMalware@277004752  	Erkennen  	Erfolgreich 
2011-11-30 20:13:35  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZON5DAC\fa[1].exe  	UnclassifiedMalware@277004752  	Fragen  	Erfolgreich 
2011-11-30 20:13:42  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZON5DAC\fa[1].exe  	UnclassifiedMalware@277004752  	Entfernen  	Erfolgreich 
2011-11-30 20:13:43  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEUOOOZH\st[1].exe  	UnclassifiedMalware@277088599  	Erkennen  	Erfolgreich 
2011-11-30 20:13:43  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEUOOOZH\st[1].exe  	UnclassifiedMalware@277088599  	Fragen  	Erfolgreich 
2011-11-30 20:13:47  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEUOOOZH\st[1].exe  	UnclassifiedMalware@277088599  	Entfernen  	Erfolgreich 
2011-11-30 20:13:50  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\385M64P2\iok[1].exe  	UnclassifiedMalware@276997862  	Erkennen  	Erfolgreich 
2011-11-30 20:13:50  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\385M64P2\iok[1].exe  	UnclassifiedMalware@276997862  	Fragen  	Erfolgreich 
2011-11-30 20:13:54  	C:\Users\afshin3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\385M64P2\iok[1].exe  	UnclassifiedMalware@276997862  	Entfernen  	Erfolgreich 
2011-12-15 21:36:04  	C:\Users\afshin3\AppData\Roaming\Microsoft\9871\D642.tmp  	Malware@22s68ptqlbxem  	Erkennen  	Erfolgreich 
2011-12-15 22:57:05  	C:\Users\afshin3\AppData\Roaming\Microsoft\9871\D642.tmp  	Malware@#22s68ptqlbxem  	Quarantäne  	Erfolgreich 
2012-05-01 19:06:10  	G:\autorun.inf  	Malware@nutoqhjk323m  	Erkennen  	Erfolgreich 
2012-05-01 19:06:27  	G:\autorun.inf  	Malware@#nutoqhjk323m  	Fragen  	Erfolgreich 
2012-05-01 19:06:35  	G:\autorun.inf  	Malware@#nutoqhjk323m  	Quarantäne  	Erfolgreich 
2012-06-06 20:02:29  	C:\Users\afshin3\Facemoods.exe  	Suspicious@2cct107ip80of  	Erkennen  	Erfolgreich 
2012-06-06 20:12:54  	C:\Users\afshin3\Facemoods.exe  	Suspicious@#2cct107ip80of  	Quarantäne  	Erfolgreich 
2012-10-03 17:55:49  	G:\84612795\.Spotlight-V100.exe  	Malware@2tqjsdo1a8lo7  	Erkennen  	Erfolgreich 
2012-10-03 17:55:49  	G:\84612795\home images.exe  	Malware@2tqjsdo1a8lo7  	Erkennen  	Erfolgreich 
2012-10-03 17:56:16  	G:\84612795\.Spotlight-V100.exe  	Malware@#2tqjsdo1a8lo7  	Fragen  	Erfolgreich 
2012-10-03 17:56:24  	G:\84612795\helpme.exe  	Malware@2tqjsdo1a8lo7  	Erkennen  	Erfolgreich 
2012-10-03 17:56:24  	G:\84612795\helpme.exe  	Malware@#2tqjsdo1a8lo7  	Fragen  	Erfolgreich 
2012-10-03 17:56:25  	G:\84612795\home images.exe  	Malware@#2tqjsdo1a8lo7  	Quarantäne  	Erfolgreich 
2012-10-03 17:56:26  	G:\84612795\.Spotlight-V100.exe  	Malware@#2tqjsdo1a8lo7  	Quarantäne  	Erfolgreich 
2012-10-03 17:56:27  	G:\84612795\gns.exe  	Malware@2tqjsdo1a8lo7  	Erkennen  	Erfolgreich 
2012-10-03 17:56:27  	G:\84612795\gns.exe  	Malware@#2tqjsdo1a8lo7  	Fragen  	Erfolgreich 
2012-10-03 17:56:28  	G:\84612795\helpme.exe  	Malware@#2tqjsdo1a8lo7  	Quarantäne  	Erfolgreich 
2012-10-03 17:56:30  	G:\84612795\ephem.exe  	Malware@2tqjsdo1a8lo7  	Erkennen  	Erfolgreich 
2012-10-03 17:56:30  	G:\84612795\ephem.exe  	Malware@#2tqjsdo1a8lo7  	Fragen  	Erfolgreich 
2012-10-03 17:56:31  	G:\84612795\gns.exe  	Malware@#2tqjsdo1a8lo7  	Quarantäne  	Erfolgreich 
2012-10-03 17:57:01  	G:\84612795\ephem.exe  	Malware@2tqjsdo1a8lo7  	Ignorieren  	Erfolgreich 
2012-10-03 17:57:02  	G:\84612795\ephem.exe  	Malware@2tqjsdo1a8lo7  	Erkennen  	Erfolgreich 
2012-10-03 17:57:02  	G:\84612795\ephem.exe  	Malware@#2tqjsdo1a8lo7  	Fragen  	Erfolgreich 
2012-10-03 17:57:08  	G:\84612795\ephem.exe  	Malware@2tqjsdo1a8lo7  	Ignorieren  	Erfolgreich 
2012-11-18 11:42:39  	H:\autorun.inf  	Malware@12vgxl2up9gxf  	Erkennen  	Erfolgreich 
2012-11-18 11:42:40  	H:\autorun.inf  	Malware@#12vgxl2up9gxf  	Fragen  	Erfolgreich 
2012-11-18 11:42:51  	H:\autorun.inf  	Malware@#12vgxl2up9gxf  	Quarantäne  	Erfolgreich 
2012-11-30 18:27:13  	C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe  	Malware@12byzb365fnzb  	Erkennen  	Erfolgreich 
2012-11-30 18:27:14  	C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe  	Malware@#12byzb365fnzb  	Fragen  	Erfolgreich 
2012-11-30 18:27:41  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	Suspicious@2hm3iewagfep  	Erkennen  	Erfolgreich 
2012-11-30 18:28:11  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	.Heur.Suspicious@1  	Erkennen  	Erfolgreich 
2012-11-30 18:29:11  	C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe  	Malware@12byzb365fnzb  	Erkennen  	Erfolgreich 
2012-11-30 18:29:15  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	Suspicious@#2hm3iewagfep  	Fragen  	Erfolgreich 
2012-11-30 18:29:44  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	.Heur.Suspicious@1  	Fragen  	Erfolgreich 
2012-11-30 18:30:12  	C:\Users\afshin3\AppData\Local\Temp\IS1275~1\Yontoo-C4.exe  	Malware@#12byzb365fnzb  	Fragen  	Erfolgreich 
2012-11-30 18:30:11  	C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe  	.UnclassifiedMalware@1  	Erkennen  	Erfolgreich 
2012-11-30 18:31:11  	C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe  	.UnclassifiedMalware@1  	Fragen  	Erfolgreich 
2012-12-03 20:54:07  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	Suspicious@2hm3iewagfep  	Erkennen  	Erfolgreich 
2012-12-03 20:54:08  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	Suspicious@#2hm3iewagfep  	Fragen  	Erfolgreich 
2012-12-03 20:56:11  	C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe  	Malware@12byzb365fnzb  	Erkennen  	Erfolgreich 
2012-12-03 20:56:11  	C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe  	Malware@#12byzb365fnzb  	Fragen  	Erfolgreich 
2012-12-15 11:45:13  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	Suspicious@2hm3iewagfep  	Erkennen  	Erfolgreich 
2012-12-15 11:45:14  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	Suspicious@#2hm3iewagfep  	Fragen  	Erfolgreich 
2012-12-15 11:45:29  	C:\Users\afshin3\AppData\Local\Temp\262F2B94-BAB0-7891-AF6C-C0EB845794A3\Latest\MyBabylonTB.exe  	Suspicious@#2hm3iewagfep  	Quarantäne  	Erfolgreich 
2012-12-15 11:45:29  	C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe  	Malware@12byzb365fnzb  	Erkennen  	Erfolgreich 
2012-12-15 11:45:30  	C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe  	Malware@#12byzb365fnzb  	Fragen  	Erfolgreich 
2012-12-15 11:45:33  	C:\Users\afshin3\AppData\Local\Temp\is1275519350\Yontoo-C4.exe  	Malware@#12byzb365fnzb  	Quarantäne  	Erfolgreich 
2013-02-07 13:53:21  	C:\Users\afshin3\AppData\Local\Temp\update7777973.exe  	Malware@ghbk6797uupe  	Erkennen  	Erfolgreich 
2013-02-07 13:53:22  	C:\Users\afshin3\AppData\Local\Temp\update7777973.exe  	Malware@#ghbk6797uupe  	Fragen  	Erfolgreich 
2013-02-07 13:53:36  	C:\Users\afshin3\AppData\Local\Temp\update7777973.exe  	Malware@#ghbk6797uupe  	Quarantäne  	Erfolgreich
         
Hier nochmal der Log von Spybot in code tags zur Vereinfachung. Gmer passt nicht mehr dazu, dann sind es zu viele Zeichen.

Code:
ATTFilter
SDFSSvc.exe [2013-04-06 22:24:10] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-06 22:25:05] Loaded databases.
SDFSSvc.exe [2013-04-07 16:24:23] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-07 16:24:56] Loaded databases.
SDFSSvc.exe [2013-04-07 17:59:15] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-07 17:59:47] Loaded databases.
SDFSSvc.exe [2013-04-07 19:55:41] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-04-07 19:56:19] Loaded databases.
         
Grüße,
Sava
__________________

Alt 08.04.2013, 21:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Ok, probier bitte OTL nochmal aus, bitte vorher folgende Hinweise noch lesen:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.04.2013, 18:05   #5
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hat jetzt funktioniert. Hier die Logs:

Code:
ATTFilter
OTL logfile created on: 09.04.2013 17:45:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\afshin3\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,25% Memory free
3,50 Gb Paging File | 2,61 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,79 Gb Total Space | 22,95 Gb Free Space | 45,18% Space Free | Partition Type: NTFS
Drive D: | 51,00 Gb Total Space | 17,40 Gb Free Space | 34,12% Space Free | Partition Type: NTFS
 
Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\afshin3\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe (   )
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Intense Language Office\Common\OffMan.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Intense Language Office\Common\OffMan.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech                  )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=140&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9075412246164173&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 5B 68 E9 1A F2 CB 01  [binary data]
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_3&babsrc=SP_ss&mntrId=16c9c051000000000000061b9ea0b266
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=en_DE&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=32CC1E8D-A442-4184-9BF9-CB138534E73F&apn_sauid=09044668-D90B-4C9D-A3E5-47B624539D7B
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{26ED5B98-2585-48BC-9A12-50E2336F61D6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110415,16987,0,8,0
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_en
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=140&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9075412246164173&q={searchTerms}
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60444
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=HP_ss&mntrId=16c9c051000000000000061b9ea0b266"
FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.7.20130322105505
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=KW_ss&mntrId=16c9c051000000000000061b9ea0b266&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.04 04:46:56 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 20:19:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 20:19:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 20:19:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 20:19:41 | 000,000,000 | ---D | M]
 
[2012.11.13 20:31:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions
[2012.10.03 17:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013.04.06 22:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions
[2013.03.26 20:25:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.11.30 19:37:09 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.11.13 19:40:38 | 000,002,687 | ---- | M] () -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\searchplugins\Search_Results.xml
[2013.03.08 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.03.08 20:19:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.30 19:27:27 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.24 09:56:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.13 19:40:38 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013.02.19 20:38:50 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) ()
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=16c9c051000000000000001377649987&tlver=1.4.19.19&affID=17160
CHR - Extension: Babylon Chrome OCR = C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2011.05.28 16:49:13 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [ILO_Office_Manager] C:\Windows\System32\intedreg.exe ()
O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [Microsoft® Windows Update] C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe (   )
O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11aa8a7f-aa58-11e0-b6d1-001377649987}\Shell - "" = AutoRun
O33 - MountPoints2\{11aa8a7f-aa58-11e0-b6d1-001377649987}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3cb859c7-f906-11e1-a9cc-001377649987}\Shell - "" = AutoRun
O33 - MountPoints2\{3cb859c7-f906-11e1-a9cc-001377649987}\Shell\AutoRun\command - "" = H:\iStudio.exe
O33 - MountPoints2\{6f270f5e-a999-11e0-907a-001377649987}\Shell - "" = AutoRun
O33 - MountPoints2\{6f270f5e-a999-11e0-907a-001377649987}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{72ffb543-5e5e-11e0-9516-001377649987}\Shell - "" = AutoRun
O33 - MountPoints2\{72ffb543-5e5e-11e0-9516-001377649987}\Shell\AutoRun\command - "" = F:\toefl.exe
O33 - MountPoints2\{e950429e-ac82-11e0-bc7f-001377649987}\Shell - "" = AutoRun
O33 - MountPoints2\{e950429e-ac82-11e0-bc7f-001377649987}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.07 18:04:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe
[2013.04.07 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Eraser 6
[2013.04.06 22:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.06 22:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.06 22:23:52 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.04.06 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.06 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Programs
[2013.04.06 22:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension
[2013.04.06 21:56:55 | 000,000,000 | ---D | C] -- C:\Users\afshin3\Desktop\MP3
[2013.04.02 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
[2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects
[2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\PrintProjects
[2013.03.30 18:19:38 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.30 18:19:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.30 18:19:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.30 18:19:27 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.30 18:19:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.30 18:19:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.30 18:19:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.30 18:19:23 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.30 18:19:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.30 18:19:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.30 18:19:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.30 18:19:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.30 18:19:19 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.30 18:19:18 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.30 18:19:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.30 18:19:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.30 18:19:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.30 18:19:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.30 18:19:14 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.30 18:19:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.30 18:19:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.30 18:19:13 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.30 18:19:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.30 18:19:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.30 18:19:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.30 18:19:09 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.30 18:19:08 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.30 18:19:08 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.30 18:19:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.30 18:19:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.30 18:19:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.30 18:19:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.30 18:19:06 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.30 18:19:06 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.30 18:19:05 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.30 18:19:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.21 19:27:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.12 19:43:37 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Roaming\DealPly
[2011.10.23 11:50:41 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Users\afshin3\taskmgr.exe
[2011.04.04 05:09:21 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Users\afshin3\DTLite4402-0131.exe
[2011.04.04 04:45:15 | 000,606,560 | ---- | C] (RealNetworks, Inc.) -- C:\Users\afshin3\RealPlayer_de.exe
[2006.07.28 13:33:26 | 000,212,992 | ---- | C] (OXY Solution) -- C:\Program Files\CardBurner.exe
[2003.03.18 21:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003.03.18 21:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003.02.21 04:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.09 17:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.09 17:43:53 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013.04.09 17:41:23 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 17:41:23 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 17:34:31 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.09 17:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 17:33:56 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.08 19:05:42 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.08 19:05:42 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.08 17:52:52 | 000,044,848 | ---- | M] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm
[2013.04.07 22:05:26 | 000,000,000 | ---- | M] () -- C:\END
[2013.04.07 19:10:56 | 000,377,856 | ---- | M] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe
[2013.04.07 18:04:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe
[2013.04.07 18:03:29 | 000,000,000 | ---- | M] () -- C:\Users\afshin3\defogger_reenable
[2013.04.06 22:24:02 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.02 20:33:39 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2013.04.02 20:30:58 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2013.03.30 18:19:38 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.30 18:19:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.30 18:19:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.30 18:19:27 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.30 18:19:26 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.30 18:19:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.30 18:19:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.30 18:19:23 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.30 18:19:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.30 18:19:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.30 18:19:21 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.30 18:19:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.30 18:19:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.30 18:19:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.30 18:19:17 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.30 18:19:17 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.30 18:19:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.30 18:19:16 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.30 18:19:14 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.30 18:19:14 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.30 18:19:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.30 18:19:13 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.30 18:19:13 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.30 18:19:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.30 18:19:10 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.30 18:19:09 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.30 18:19:08 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.30 18:19:08 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.30 18:19:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.30 18:19:07 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.30 18:19:07 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.30 18:19:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.30 18:19:07 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.30 18:19:06 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.30 18:19:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.30 18:19:05 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.30 18:19:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.17 20:01:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.17 20:01:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.14 20:49:47 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
 
========== Files Created - No Company Name ==========
 
[2013.04.08 17:52:52 | 000,044,848 | ---- | C] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm
[2013.04.07 19:10:54 | 000,377,856 | ---- | C] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe
[2013.04.07 18:03:29 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\defogger_reenable
[2013.04.06 22:24:02 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.06 22:24:02 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.02 20:33:39 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2013.04.02 20:30:58 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2013.03.30 18:19:07 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.14 20:49:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013.01.24 21:54:24 | 000,934,320 | ---- | C] () -- C:\Users\afshin3\HashTab v5.1.0.23 Setup.exe
[2013.01.24 21:54:24 | 000,933,960 | ---- | C] () -- C:\Users\afshin3\HashTab v5.1.0.23 - Commercial Setup.exe
[2011.08.24 08:22:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.11 17:08:52 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011.07.26 17:22:00 | 000,015,428 | ---- | C] () -- C:\Users\afshin3\RefEdit.exd
[2011.07.15 09:42:53 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{ED8D64B9-37E5-435F-A739-1A5B063B4035}
[2011.06.15 21:11:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.28 02:54:09 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~37673988
[2011.05.28 02:54:05 | 000,000,336 | -H-- | C] () -- C:\ProgramData\37673988
[2011.05.21 19:33:54 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{BB9D2246-53EC-47D6-B18C-E16A21D48890}
[2011.04.05 21:34:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.05 20:12:03 | 000,005,115 | -H-- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011.04.04 04:39:57 | 000,287,048 | ---- | C] () -- C:\Users\afshin3\Media Player.exe
[2006.07.28 13:29:14 | 000,000,367 | ---- | C] () -- C:\Program Files\MyList.mft
[2006.05.30 16:03:32 | 000,025,893 | ---- | C] () -- C:\Program Files\Card Burner upotreba.xml
[2005.11.15 11:25:50 | 005,823,050 | ---- | C] () -- C:\Program Files\Salif Keita - 03 - Madan.mp3
[2005.11.01 15:46:06 | 002,753,515 | ---- | C] () -- C:\Program Files\La_Flaca.mp3
[2003.10.18 06:37:10 | 004,006,266 | ---- | C] () -- C:\Program Files\ABBA - Super Trooper.mp3
[2003.10.18 06:36:58 | 003,658,106 | ---- | C] () -- C:\Program Files\Blonde - Atomic.mp3
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 09.04.2013 17:45:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\afshin3\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,25% Memory free
3,50 Gb Paging File | 2,61 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,79 Gb Total Space | 22,95 Gb Free Space | 45,18% Space Free | Partition Type: NTFS
Drive D: | 51,00 Gb Total Space | 17,40 Gb Free Space | 34,12% Space Free | Partition Type: NTFS
 
Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5B3B02-B9EA-4261-AC8F-57CC13F3CCE8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24A73305-7487-4D37-81FB-C561EAB47B6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52443A2A-29EF-4CBE-B331-EF35E18CB1BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{585FFDE5-E5A4-4F80-95D3-19430175BB2A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5FC414DF-7217-40CE-B4EE-5090CB7ED6A8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6DAD194B-864A-4AB7-87B4-8B4CE340B683}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{6EE563F1-2273-422B-BCB2-0C8BCF87AFDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70EEB091-2935-463F-94F2-FE589F288ED1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{7D4F7821-1A14-4EAC-A26C-0AD0824D4E5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B178C977-397F-4768-B556-3E47BF33BF4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B6EC3B30-BBB6-44E5-AACE-47CD0F303260}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{CAAE12F8-AF9A-4F6E-9112-ED74115B11DF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{ECB3E4FF-B004-4B32-86B6-2EEE599B0943}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE40B3-B02F-4D2C-931A-80F82027ED01}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe | 
"{0CD39F31-2967-4791-896E-450D7B2F3A90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1045495B-BCA2-4FCE-B902-5EEC2D0FB210}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{10A6A2B1-0522-46BF-96E1-E9F891A716D8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{18F82BF0-B855-41D8-89F8-DD354F59C23E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C9EAC22-707C-430C-885B-4FD64EA6F422}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1E8061EB-A0E6-4449-ABDC-335386A88E77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C942CBE-7A47-4AC9-94FE-47ABB3860C28}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{314C04AA-2DD2-4E58-9603-1994027C2945}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe | 
"{410DF6CD-5162-4864-BEBE-422F30B63648}" = protocol=6 | dir=out | app=system | 
"{49CC08C6-A875-403B-9300-B5F394738ED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C8978BF-DDAD-4778-B02A-3ACF01F2FABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50FBDCB5-AF22-4266-B8F4-5EBE335F3AC8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{575009AE-140A-42EF-887F-BA645B75D044}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{6046089B-C609-4B12-9119-E87429D9F276}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{6E7226CD-5C1F-4FBC-B8C7-81EBD3085198}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{6FD34CB4-E4B2-4062-BE08-C08823FA15AD}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{70AA399A-697C-4531-9800-0CFFCE4BC10D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B76BC7B-9DB1-4A2F-9C18-F46DBC393120}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{9DFE6763-E414-42B4-B7A8-65376C154C7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30858AB-FECF-42B8-9625-EDE00FC6249F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{A6DFB519-CA89-40F9-A0E0-C4A9BF6A6878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A80B1371-3858-402B-837E-917477B071E7}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{B7B2B037-F638-4057-974E-9BE0B38C6AB2}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{BAFCEDA9-D32C-48BD-A55A-A1CA725F2232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2A5B77E-25E4-4C7E-A384-CD56BCE17CA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F89ABEEB-87E6-4E2C-A64A-AE8753B88211}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{524D615B-881E-406A-A2E0-D62F500F58E2}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{79F2F4D8-5D30-48E0-85EB-77F13F0BAD05}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{FA8F0533-7F43-4C38-BFB0-61000A7EE68D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{102C492B-D110-4DC9-8CF9-D24DE3141D71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{840598D4-427D-44E3-99B9-F8D347D4C76B}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{9C34D2E7-0ED3-4614-9D4F-8823A6F45056}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1686816B-367A-4EA6-9C20-F694A5511C13}" = AS Lernen
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CC5825C2-2F59-459B-84ED-D0D1958101FA}" = CardBurner
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}" = ArcSoft TotalMedia 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Glary Utilities_is1" = Glary Utilities 2.42.0.1389
"HashTab" = HashTab 5.1.0.23
"Intense Language Office" = Intense Language Office
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nano" = Nano 1.1.1
"PrintProjects" = PrintProjects
"RealPlayer 12.0" = RealPlayer
"TIPP10_is1" = TIPP10 Version 2.1.0
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Wajam" = Wajam
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.07.2012 12:25:49 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 13.0.1.4548,
 time stamp: 0x4fda5ff0  Faulting module name: mozalloc.dll, version: 13.0.1.4548,
 time stamp: 0x4fda4c02  Exception code: 0x80000003  Fault offset: 0x000019be  Faulting
 process id: 0xee0  Faulting application start time: 0x01cd68ef6e88c580  Faulting application
 path: C:\Program Files\Mozilla Firefox\plugin-container.exe  Faulting module path:
 C:\Program Files\Mozilla Firefox\mozalloc.dll  Report Id: 0fd94c06-d4e3-11e1-881e-001377649987
 
Error - 03.10.2012 11:59:23 | Computer Name = afshin3-PC | Source = TomTomHOMEService | ID = 10000
Description = 
 
Error - 06.10.2012 12:23:45 | Computer Name = afshin3-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 06.10.2012 12:25:03 | Computer Name = afshin3-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 09.10.2012 14:06:07 | Computer Name = afshin3-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 15.0.1.4631 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 8f4    Start
 Time: 01cda647afd6fcb8    Termination Time: 15    Application Path: C:\Program Files\Mozilla
 Firefox\firefox.exe    Report Id: f75655cb-123b-11e2-9076-001377649987  
 
Error - 09.10.2012 14:17:24 | Computer Name = afshin3-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 15.0.1.4631 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 50c    Start
 Time: 01cda649979dcd96    Termination Time: 16    Application Path: C:\Program Files\Mozilla
 Firefox\firefox.exe    Report Id: 8fda58d9-123d-11e2-bac2-001377649987  
 
Error - 13.01.2013 16:45:43 | Computer Name = afshin3-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 18.0.0.4752 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: a1c    Start
 Time: 01cdf1c17cf0e17d    Termination Time: 10    Application Path: C:\Program Files\Mozilla
 Firefox\firefox.exe    Report Id:   
 
Error - 21.01.2013 17:11:11 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.4.38, time 
stamp: 0x5012ea69  Faulting module name: AcroRd32.dll, version: 10.1.4.38, time stamp:
 0x5012f9f9  Exception code: 0xc0000005  Fault offset: 0x00036863  Faulting process id:
 0x890  Faulting application start time: 0x01cdf80e1a920eec  Faulting application path:
 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe  Faulting module path: C:\Program
 Files\Adobe\Reader 10.0\Reader\AcroRd32.dll  Report Id: 14581df2-640f-11e2-b6bd-001377649987
 
Error - 06.02.2013 15:12:11 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 18.0.1.4764, time
 stamp: 0x50f705c6  Faulting module name: xul.dll, version: 18.0.1.4764, time stamp:
 0x50f704c6  Exception code: 0xc0000005  Fault offset: 0x00117a68  Faulting process id:
 0x53c  Faulting application start time: 0x01ce048e8cc992c3  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: 1b7e0116-7091-11e2-87be-001377649987
 
Error - 22.02.2013 15:06:16 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 19.0.0.4794, time
 stamp: 0x511ed1c1  Faulting module name: xul.dll, version: 19.0.0.4794, time stamp:
 0x511ed0fe  Exception code: 0xc0000005  Fault offset: 0x00155858  Faulting process id:
 0xab4  Faulting application start time: 0x01ce111be5c9da76  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: ee020211-7d22-11e2-837d-001377649987
 
Error - 06.03.2013 15:55:52 | Computer Name = afshin3-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 19.0.0.4794, time
 stamp: 0x511ed1c1  Faulting module name: xul.dll, version: 19.0.0.4794, time stamp:
 0x511ed0fe  Exception code: 0xc0000005  Fault offset: 0x00155858  Faulting process id:
 0xaf4  Faulting application start time: 0x01ce1aa438f690f6  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: d957fb83-8697-11e2-926a-001377649987
 
[ Media Center Events ]
Error - 30.03.2013 11:11:04 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 4:11:04 PM - Error connecting to the internet.  4:11:04 PM -     Unable
 to contact server..  
 
Error - 30.03.2013 11:11:15 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 4:11:09 PM - Error connecting to the internet.  4:11:09 PM -     Unable
 to contact server..  
 
Error - 01.04.2013 11:41:16 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:15 PM - Error connecting to the internet.  5:41:16 PM -     Unable
 to contact server..  
 
Error - 01.04.2013 11:41:29 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:22 PM - Error connecting to the internet.  5:41:22 PM -     Unable
 to contact server..  
 
Error - 08.04.2013 11:41:33 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:33 PM - Error connecting to the internet.  5:41:33 PM -     Unable
 to contact server..  
 
Error - 08.04.2013 11:41:43 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 5:41:38 PM - Error connecting to the internet.  5:41:38 PM -     Unable
 to contact server..  
 
Error - 08.04.2013 13:05:39 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 7:05:39 PM - Error connecting to the internet.  7:05:39 PM -     Unable
 to contact server..  
 
Error - 08.04.2013 13:05:54 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 7:05:44 PM - Error connecting to the internet.  7:05:44 PM -     Unable
 to contact server..  
 
Error - 08.04.2013 14:06:13 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 8:06:13 PM - Error connecting to the internet.  8:06:13 PM -     Unable
 to contact server..  
 
Error - 08.04.2013 14:06:35 | Computer Name = afshin3-PC | Source = MCUpdate | ID = 0
Description = 8:06:18 PM - Error connecting to the internet.  8:06:18 PM -     Unable
 to contact server..  
 
[ Spybot - Search and Destroy Events ]
Error - 06.04.2013 17:10:15 | Computer Name = afshin3-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 07.04.2013 11:53:07 | Computer Name = afshin3-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 02.04.2013 14:02:10 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 02.04.2013 14:02:18 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 02.04.2013 14:02:27 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 02.04.2013 14:02:36 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 02.04.2013 14:02:45 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 03.04.2013 12:39:13 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 03.04.2013 12:39:22 | Computer Name = afshin3-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 07.04.2013 16:14:41 | Computer Name = afshin3-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 07.04.2013 16:14:41 | Computer Name = afshin3-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 07.04.2013 16:14:41 | Computer Name = afshin3-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following 
error:   %%1069
 
 
< End of report >
         
Zur Info, ich habe die nächsten 12 Tage keinen Zugriff auf meinen Rechner. Werde die nächsten Anweisungen danach befolgen.


Alt 09.04.2013, 22:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________
--> MP3 Player und USB Stick zeigen nur noch Verknüpfungen

Alt 10.04.2013, 11:05   #7
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Es ist ein privater Laptop. Mein Mann hat Windows 7 von der Uni kostenlos bekommen.

Alt 10.04.2013, 11:10   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Ok, danke für die Erklärung

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2013, 19:02   #9
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hat alles funktioniert. Hier die Logs:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.21.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
afshin3 :: AFSHIN3-PC [administrator]

21.04.2013 12:10:41
mbar-log-2013-04-21 (12-10-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27490
Time elapsed: 21 minute(s), 13 second(s)

Memory Processes Detected: 1
c:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> 3324 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Update (Backdoor.IRCBot) -> Data: C:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Users\afshin3\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Delete on reboot.
c:\Users\afshin3\M-1-80-5270-5785-5250 (Trojan.Agent.Gen) -> Delete on reboot.

Files Detected: 2
c:\Users\afshin3\M-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> Delete on reboot.
c:\Users\afshin3\Media Player.exe (PUP.OfferBundler.ST) -> Delete on reboot.

(end)
         
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-21 13:58:44
-----------------------------
13:58:44.755    OS Version: Windows 6.1.7601 Service Pack 1
13:58:44.755    Number of processors: 2 586 0xF0D
13:58:44.755    ComputerName: AFSHIN3-PC  UserName: afshin3
13:58:45.363    Initialize success
13:59:13.429    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:59:13.429    Disk 0 Vendor: TOSHIBA_MK1237GSX DL130U Size: 114473MB BusType: 3
13:59:13.538    Disk 0 MBR read successfully
13:59:13.554    Disk 0 MBR scan
13:59:13.554    Disk 0 Windows 7 default MBR code
13:59:13.570    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
13:59:13.601    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        52008 MB offset 20973568
13:59:13.632    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        52223 MB offset 127485952
13:59:13.648    Disk 0 scanning sectors +234438656
13:59:13.757    Disk 0 scanning C:\Windows\system32\drivers
13:59:20.902    Service scanning
13:59:40.183    Modules scanning
13:59:47.469    Disk 0 trace - called modules:
13:59:47.500    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
13:59:47.515    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cd8408]
13:59:47.531    3 CLASSPNP.SYS[8966959e] -> nt!IofCallDriver -> [0x85bfc918]
13:59:47.531    5 ACPI.sys[88e413d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f2a610]
13:59:47.547    Scan finished successfully
14:00:17.296    Disk 0 MBR has been saved successfully to "C:\Users\afshin3\Desktop\MBR.dat"
14:00:17.311    The log file has been saved successfully to "C:\Users\afshin3\Desktop\aswMBR.txt"
         
Code:
ATTFilter
19:49:45.0662 2540  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:49:46.0286 2540  ============================================================
19:49:46.0286 2540  Current date / time: 2013/04/21 19:49:46.0286
19:49:46.0286 2540  SystemInfo:
19:49:46.0286 2540  
19:49:46.0286 2540  OS Version: 6.1.7601 ServicePack: 1.0
19:49:46.0286 2540  Product type: Workstation
19:49:46.0286 2540  ComputerName: AFSHIN3-PC
19:49:46.0286 2540  UserName: afshin3
19:49:46.0286 2540  Windows directory: C:\Windows
19:49:46.0286 2540  System windows directory: C:\Windows
19:49:46.0286 2540  Processor architecture: Intel x86
19:49:46.0286 2540  Number of processors: 2
19:49:46.0286 2540  Page size: 0x1000
19:49:46.0286 2540  Boot type: Normal boot
19:49:46.0286 2540  ============================================================
19:49:50.0467 2540  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:49:50.0482 2540  Drive \Device\Harddisk1\DR1 - Size: 0x76C00000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:49:50.0482 2540  ============================================================
19:49:50.0482 2540  \Device\Harddisk0\DR0:
19:49:50.0482 2540  MBR partitions:
19:49:50.0482 2540  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x6594000
19:49:50.0482 2540  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7994800, BlocksNum 0x65FF800
19:49:50.0482 2540  \Device\Harddisk1\DR1:
19:49:50.0482 2540  MBR partitions:
19:49:50.0482 2540  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B5FE0
19:49:50.0482 2540  ============================================================
19:49:50.0560 2540  C: <-> \Device\Harddisk0\DR0\Partition1
19:49:50.0638 2540  D: <-> \Device\Harddisk0\DR0\Partition2
19:49:50.0638 2540  ============================================================
19:49:50.0638 2540  Initialize success
19:49:50.0638 2540  ============================================================
19:51:06.0596 3752  ============================================================
19:51:06.0596 3752  Scan started
19:51:06.0596 3752  Mode: Manual; SigCheck; TDLFS; 
19:51:06.0596 3752  ============================================================
19:51:09.0373 3752  ================ Scan system memory ========================
19:51:09.0373 3752  System memory - ok
19:51:09.0373 3752  ================ Scan services =============================
19:51:09.0529 3752  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:51:09.0778 3752  1394ohci - ok
19:51:09.0841 3752  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:51:09.0872 3752  ACPI - ok
19:51:09.0919 3752  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:51:10.0028 3752  AcpiPmi - ok
19:51:10.0137 3752  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:51:10.0184 3752  AdobeARMservice - ok
19:51:10.0278 3752  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:51:10.0324 3752  AdobeFlashPlayerUpdateSvc - ok
19:51:10.0387 3752  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:51:10.0434 3752  adp94xx - ok
19:51:10.0465 3752  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:51:10.0496 3752  adpahci - ok
19:51:10.0512 3752  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:51:10.0543 3752  adpu320 - ok
19:51:10.0590 3752  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:51:10.0668 3752  AeLookupSvc - ok
19:51:10.0777 3752  [ E3F08935158038D385AD382442F4BB2D ] AF15BDA         C:\Windows\system32\DRIVERS\AF15BDA.sys
19:51:10.0870 3752  AF15BDA - ok
19:51:10.0917 3752  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\Windows\system32\drivers\Afc.sys
19:51:10.0948 3752  Afc ( UnsignedFile.Multi.Generic ) - warning
19:51:10.0948 3752  Afc - detected UnsignedFile.Multi.Generic (1)
19:51:10.0995 3752  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
19:51:11.0104 3752  AFD - ok
19:51:11.0167 3752  [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
19:51:11.0292 3752  AgereSoftModem - ok
19:51:11.0323 3752  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:51:11.0354 3752  agp440 - ok
19:51:11.0385 3752  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:51:11.0416 3752  aic78xx - ok
19:51:11.0463 3752  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:51:11.0557 3752  ALG - ok
19:51:11.0588 3752  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:51:11.0619 3752  aliide - ok
19:51:11.0635 3752  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:51:11.0666 3752  amdagp - ok
19:51:11.0682 3752  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:51:11.0713 3752  amdide - ok
19:51:11.0775 3752  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:51:11.0838 3752  AmdK8 - ok
19:51:11.0853 3752  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:51:11.0916 3752  AmdPPM - ok
19:51:11.0962 3752  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:51:11.0978 3752  amdsata - ok
19:51:12.0009 3752  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:51:12.0040 3752  amdsbs - ok
19:51:12.0056 3752  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:51:12.0087 3752  amdxata - ok
19:51:12.0118 3752  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
19:51:12.0274 3752  AppID - ok
19:51:12.0321 3752  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:51:12.0415 3752  AppIDSvc - ok
19:51:12.0462 3752  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
19:51:12.0524 3752  Appinfo - ok
19:51:12.0586 3752  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:51:12.0664 3752  AppMgmt - ok
19:51:12.0758 3752  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:51:12.0789 3752  arc - ok
19:51:12.0805 3752  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:51:12.0836 3752  arcsas - ok
19:51:12.0867 3752  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:13.0039 3752  AsyncMac - ok
19:51:13.0070 3752  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
19:51:13.0086 3752  atapi - ok
19:51:13.0164 3752  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys
19:51:13.0304 3752  athr - ok
19:51:13.0382 3752  [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:51:13.0507 3752  Ati External Event Utility - ok
19:51:13.0725 3752  [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:51:13.0975 3752  atikmdag - ok
19:51:14.0053 3752  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:14.0131 3752  AudioEndpointBuilder - ok
19:51:14.0146 3752  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:51:14.0209 3752  Audiosrv - ok
19:51:14.0240 3752  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:51:14.0334 3752  AxInstSV - ok
19:51:14.0380 3752  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:51:14.0490 3752  b06bdrv - ok
19:51:14.0521 3752  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:51:14.0568 3752  b57nd60x - ok
19:51:14.0614 3752  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:51:14.0692 3752  BDESVC - ok
19:51:14.0770 3752  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:51:14.0833 3752  Beep - ok
19:51:14.0895 3752  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
19:51:14.0973 3752  BFE - ok
19:51:15.0036 3752  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
19:51:15.0129 3752  BITS - ok
19:51:15.0160 3752  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:15.0192 3752  blbdrive - ok
19:51:15.0238 3752  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:51:15.0285 3752  bowser - ok
19:51:15.0316 3752  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:51:15.0363 3752  BrFiltLo - ok
19:51:15.0394 3752  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:51:15.0441 3752  BrFiltUp - ok
19:51:15.0472 3752  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
19:51:15.0550 3752  Browser - ok
19:51:15.0582 3752  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:51:15.0628 3752  Brserid - ok
19:51:15.0660 3752  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:15.0706 3752  BrSerWdm - ok
19:51:15.0769 3752  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:15.0816 3752  BrUsbMdm - ok
19:51:15.0816 3752  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:15.0862 3752  BrUsbSer - ok
19:51:15.0878 3752  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:51:15.0925 3752  BTHMODEM - ok
19:51:15.0972 3752  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:51:16.0050 3752  bthserv - ok
19:51:16.0081 3752  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:51:16.0143 3752  cdfs - ok
19:51:16.0206 3752  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:51:16.0268 3752  cdrom - ok
19:51:16.0299 3752  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:51:16.0362 3752  CertPropSvc - ok
19:51:16.0408 3752  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:51:16.0455 3752  circlass - ok
19:51:16.0502 3752  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:51:16.0533 3752  CLFS - ok
19:51:16.0674 3752  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:16.0720 3752  clr_optimization_v2.0.50727_32 - ok
19:51:16.0814 3752  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:51:16.0876 3752  clr_optimization_v4.0.30319_32 - ok
19:51:16.0892 3752  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:16.0939 3752  CmBatt - ok
19:51:17.0079 3752  [ 2A2D72271844C52F004901A60312B96A ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:51:17.0173 3752  cmdAgent - ok
19:51:17.0235 3752  [ A1A240C4BC6ABAAB75E0D25F51B09591 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
19:51:17.0251 3752  cmderd - ok
19:51:17.0298 3752  [ A1865742BBCF4C5F38FEE1258F8048FD ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
19:51:17.0329 3752  cmdGuard - ok
19:51:17.0344 3752  [ 221D000474F01B1606FFC3FF362D9333 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
19:51:17.0360 3752  cmdHlp - ok
19:51:17.0391 3752  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:51:17.0422 3752  cmdide - ok
19:51:17.0469 3752  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:51:17.0516 3752  CNG - ok
19:51:17.0563 3752  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:51:17.0594 3752  Compbatt - ok
19:51:17.0641 3752  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:51:17.0672 3752  CompositeBus - ok
19:51:17.0688 3752  COMSysApp - ok
19:51:17.0750 3752  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:51:17.0797 3752  crcdisk - ok
19:51:17.0844 3752  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:51:17.0922 3752  CryptSvc - ok
19:51:17.0953 3752  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
19:51:18.0031 3752  CSC - ok
19:51:18.0078 3752  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
19:51:18.0124 3752  CscService - ok
19:51:18.0171 3752  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:51:18.0234 3752  DcomLaunch - ok
19:51:18.0280 3752  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:51:18.0358 3752  defragsvc - ok
19:51:18.0405 3752  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:51:18.0468 3752  DfsC - ok
19:51:18.0530 3752  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:51:18.0592 3752  Dhcp - ok
19:51:18.0624 3752  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:51:18.0686 3752  discache - ok
19:51:18.0780 3752  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:51:18.0811 3752  Disk - ok
19:51:18.0842 3752  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:51:18.0904 3752  Dnscache - ok
19:51:18.0982 3752  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:51:19.0045 3752  dot3svc - ok
19:51:19.0092 3752  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
19:51:19.0154 3752  DPS - ok
19:51:19.0201 3752  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:51:19.0248 3752  drmkaud - ok
19:51:19.0326 3752  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:51:19.0388 3752  DXGKrnl - ok
19:51:19.0419 3752  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:51:19.0482 3752  EapHost - ok
19:51:19.0638 3752  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
19:51:19.0762 3752  ebdrv - ok
19:51:19.0809 3752  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
19:51:19.0840 3752  EFS - ok
19:51:19.0934 3752  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:51:19.0981 3752  ehRecvr - ok
19:51:20.0012 3752  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
19:51:20.0106 3752  ehSched - ok
19:51:20.0152 3752  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:51:20.0199 3752  elxstor - ok
19:51:20.0215 3752  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:51:20.0262 3752  ErrDev - ok
19:51:20.0324 3752  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
19:51:20.0402 3752  EventSystem - ok
19:51:20.0433 3752  ewusbnet - ok
19:51:20.0449 3752  ew_hwusbdev - ok
19:51:20.0480 3752  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
19:51:20.0527 3752  exfat - ok
19:51:20.0620 3752  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:51:20.0761 3752  fastfat - ok
19:51:20.0917 3752  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
19:51:21.0010 3752  Fax - ok
19:51:21.0026 3752  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:51:21.0073 3752  fdc - ok
19:51:21.0104 3752  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:51:21.0166 3752  fdPHost - ok
19:51:21.0198 3752  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:51:21.0244 3752  FDResPub - ok
19:51:21.0276 3752  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:51:21.0307 3752  FileInfo - ok
19:51:21.0322 3752  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:51:21.0369 3752  Filetrace - ok
19:51:21.0400 3752  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:21.0447 3752  flpydisk - ok
19:51:21.0478 3752  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:51:21.0510 3752  FltMgr - ok
19:51:21.0603 3752  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
19:51:21.0697 3752  FontCache - ok
19:51:21.0790 3752  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:51:21.0822 3752  FontCache3.0.0.0 - ok
19:51:21.0837 3752  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:51:21.0868 3752  FsDepends - ok
19:51:21.0900 3752  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:51:21.0915 3752  Fs_Rec - ok
19:51:21.0962 3752  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:51:21.0993 3752  fvevol - ok
19:51:22.0040 3752  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:51:22.0056 3752  gagp30kx - ok
19:51:22.0118 3752  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:51:22.0196 3752  gpsvc - ok
19:51:22.0227 3752  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:51:22.0305 3752  hcw85cir - ok
19:51:22.0352 3752  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:51:22.0414 3752  HdAudAddService - ok
19:51:22.0461 3752  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:51:22.0508 3752  HDAudBus - ok
19:51:22.0539 3752  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:51:22.0570 3752  HidBatt - ok
19:51:22.0570 3752  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:51:22.0633 3752  HidBth - ok
19:51:22.0648 3752  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:51:22.0695 3752  HidIr - ok
19:51:22.0758 3752  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
19:51:22.0851 3752  hidserv - ok
19:51:22.0898 3752  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:51:22.0945 3752  HidUsb - ok
19:51:22.0976 3752  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:51:23.0070 3752  hkmsvc - ok
19:51:23.0116 3752  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:51:23.0194 3752  HomeGroupListener - ok
19:51:23.0226 3752  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:51:23.0288 3752  HomeGroupProvider - ok
19:51:23.0335 3752  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:51:23.0350 3752  HpSAMD - ok
19:51:23.0413 3752  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:51:23.0475 3752  HTTP - ok
19:51:23.0491 3752  huawei_enumerator - ok
19:51:23.0506 3752  hwdatacard - ok
19:51:23.0538 3752  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:51:23.0569 3752  hwpolicy - ok
19:51:23.0616 3752  [ F02EA43AE8F936124DEBF5B87F12C795 ] hxctlflt        C:\Windows\system32\DRIVERS\hxctlflt.sys
19:51:23.0678 3752  hxctlflt - ok
19:51:23.0740 3752  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:51:23.0787 3752  i8042prt - ok
19:51:23.0850 3752  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:51:23.0896 3752  iaStorV - ok
19:51:23.0974 3752  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:51:24.0052 3752  idsvc - ok
19:51:24.0084 3752  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:51:24.0099 3752  iirsp - ok
19:51:24.0162 3752  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:51:24.0255 3752  IKEEXT - ok
19:51:24.0302 3752  [ 3B6BE2DA5993B1E38613976FAF4AC83E ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
19:51:24.0349 3752  inspect - ok
19:51:24.0380 3752  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:51:24.0396 3752  intelide - ok
19:51:24.0442 3752  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:51:24.0489 3752  intelppm - ok
19:51:24.0520 3752  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:51:24.0583 3752  IPBusEnum - ok
19:51:24.0614 3752  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:24.0676 3752  IpFilterDriver - ok
19:51:24.0786 3752  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:51:24.0879 3752  iphlpsvc - ok
19:51:24.0910 3752  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:51:24.0942 3752  IPMIDRV - ok
19:51:24.0957 3752  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:51:25.0020 3752  IPNAT - ok
19:51:25.0051 3752  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:51:25.0160 3752  IRENUM - ok
19:51:25.0191 3752  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:51:25.0222 3752  isapnp - ok
19:51:25.0269 3752  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:51:25.0300 3752  iScsiPrt - ok
19:51:25.0332 3752  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:51:25.0363 3752  kbdclass - ok
19:51:25.0394 3752  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:51:25.0456 3752  kbdhid - ok
19:51:25.0472 3752  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
19:51:25.0503 3752  KeyIso - ok
19:51:25.0644 3752  [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
19:51:25.0690 3752  Kodak AiO Network Discovery Service - ok
19:51:25.0768 3752  [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
19:51:25.0815 3752  Kodak AiO Status Monitor Service - ok
19:51:25.0846 3752  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:51:25.0878 3752  KSecDD - ok
19:51:25.0909 3752  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:51:25.0956 3752  KSecPkg - ok
19:51:26.0002 3752  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:51:26.0065 3752  KtmRm - ok
19:51:26.0127 3752  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:51:26.0205 3752  LanmanServer - ok
19:51:26.0221 3752  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:51:26.0283 3752  LanmanWorkstation - ok
19:51:26.0330 3752  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:51:26.0424 3752  lltdio - ok
19:51:26.0470 3752  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:51:26.0533 3752  lltdsvc - ok
19:51:26.0564 3752  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:51:26.0611 3752  lmhosts - ok
19:51:26.0642 3752  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:51:26.0673 3752  LSI_FC - ok
19:51:26.0689 3752  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:51:26.0704 3752  LSI_SAS - ok
19:51:26.0720 3752  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:51:26.0751 3752  LSI_SAS2 - ok
19:51:26.0767 3752  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:51:26.0782 3752  LSI_SCSI - ok
19:51:26.0814 3752  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
19:51:26.0876 3752  luafv - ok
19:51:26.0923 3752  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:51:26.0954 3752  Mcx2Svc - ok
19:51:26.0970 3752  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:51:27.0001 3752  megasas - ok
19:51:27.0016 3752  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:51:27.0063 3752  MegaSR - ok
19:51:27.0094 3752  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
19:51:27.0172 3752  MMCSS - ok
19:51:27.0204 3752  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
19:51:27.0250 3752  Modem - ok
19:51:27.0282 3752  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:51:27.0328 3752  monitor - ok
19:51:27.0391 3752  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:51:27.0406 3752  mouclass - ok
19:51:27.0453 3752  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:51:27.0500 3752  mouhid - ok
19:51:27.0531 3752  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:51:27.0562 3752  mountmgr - ok
19:51:27.0672 3752  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:51:27.0703 3752  MozillaMaintenance - ok
19:51:27.0765 3752  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:51:27.0812 3752  mpio - ok
19:51:27.0843 3752  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:51:27.0906 3752  mpsdrv - ok
19:51:27.0968 3752  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:51:28.0062 3752  MpsSvc - ok
19:51:28.0108 3752  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:51:28.0155 3752  MRxDAV - ok
19:51:28.0202 3752  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:28.0296 3752  mrxsmb - ok
19:51:28.0327 3752  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:28.0358 3752  mrxsmb10 - ok
19:51:28.0389 3752  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:28.0436 3752  mrxsmb20 - ok
19:51:28.0467 3752  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
19:51:28.0498 3752  msahci - ok
19:51:28.0514 3752  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:51:28.0545 3752  msdsm - ok
19:51:28.0576 3752  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
19:51:28.0623 3752  MSDTC - ok
19:51:28.0670 3752  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:51:28.0717 3752  Msfs - ok
19:51:28.0732 3752  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:51:28.0779 3752  mshidkmdf - ok
19:51:28.0810 3752  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:51:28.0826 3752  msisadrv - ok
19:51:28.0873 3752  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:51:28.0935 3752  MSiSCSI - ok
19:51:28.0951 3752  msiserver - ok
19:51:28.0982 3752  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:51:29.0029 3752  MSKSSRV - ok
19:51:29.0060 3752  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:29.0122 3752  MSPCLOCK - ok
19:51:29.0169 3752  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:51:29.0278 3752  MSPQM - ok
19:51:29.0325 3752  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:51:29.0356 3752  MsRPC - ok
19:51:29.0388 3752  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:51:29.0419 3752  mssmbios - ok
19:51:29.0434 3752  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:51:29.0481 3752  MSTEE - ok
19:51:29.0481 3752  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:51:29.0528 3752  MTConfig - ok
19:51:29.0559 3752  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:51:29.0590 3752  Mup - ok
19:51:29.0622 3752  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
19:51:29.0684 3752  napagent - ok
19:51:29.0762 3752  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:51:29.0824 3752  NativeWifiP - ok
19:51:29.0902 3752  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:51:29.0965 3752  NDIS - ok
19:51:29.0996 3752  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:51:30.0058 3752  NdisCap - ok
19:51:30.0090 3752  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:30.0152 3752  NdisTapi - ok
19:51:30.0214 3752  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:30.0277 3752  Ndisuio - ok
19:51:30.0308 3752  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:30.0370 3752  NdisWan - ok
19:51:30.0402 3752  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:51:30.0464 3752  NDProxy - ok
19:51:30.0511 3752  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:51:30.0573 3752  NetBIOS - ok
19:51:30.0620 3752  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:51:30.0714 3752  NetBT - ok
19:51:30.0745 3752  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
19:51:30.0776 3752  Netlogon - ok
19:51:30.0838 3752  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:51:30.0916 3752  Netman - ok
19:51:30.0979 3752  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:51:31.0041 3752  netprofm - ok
19:51:31.0072 3752  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:31.0104 3752  NetTcpPortSharing - ok
19:51:31.0150 3752  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:51:31.0166 3752  nfrd960 - ok
19:51:31.0213 3752  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:51:31.0260 3752  NlaSvc - ok
19:51:31.0291 3752  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:51:31.0338 3752  Npfs - ok
19:51:31.0353 3752  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
19:51:31.0400 3752  nsi - ok
19:51:31.0416 3752  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:51:31.0478 3752  nsiproxy - ok
19:51:31.0587 3752  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:51:31.0665 3752  Ntfs - ok
19:51:31.0696 3752  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:51:31.0774 3752  Null - ok
19:51:31.0806 3752  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:51:31.0837 3752  nvraid - ok
19:51:31.0868 3752  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:51:31.0899 3752  nvstor - ok
19:51:31.0915 3752  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:51:31.0946 3752  nv_agp - ok
19:51:31.0977 3752  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:51:32.0008 3752  ohci1394 - ok
19:51:32.0055 3752  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:51:32.0133 3752  p2pimsvc - ok
19:51:32.0164 3752  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:51:32.0227 3752  p2psvc - ok
19:51:32.0258 3752  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:51:32.0289 3752  Parport - ok
19:51:32.0320 3752  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:51:32.0352 3752  partmgr - ok
19:51:32.0367 3752  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:51:32.0414 3752  Parvdm - ok
19:51:32.0461 3752  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:51:32.0508 3752  PcaSvc - ok
19:51:32.0554 3752  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
19:51:32.0586 3752  pci - ok
19:51:32.0601 3752  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
19:51:32.0617 3752  pciide - ok
19:51:32.0664 3752  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:51:32.0695 3752  pcmcia - ok
19:51:32.0742 3752  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
19:51:32.0788 3752  pcw - ok
19:51:32.0820 3752  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:51:32.0898 3752  PEAUTH - ok
19:51:32.0976 3752  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:51:33.0085 3752  PeerDistSvc - ok
19:51:33.0194 3752  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
19:51:33.0288 3752  pla - ok
19:51:33.0334 3752  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:51:33.0444 3752  PlugPlay - ok
19:51:33.0459 3752  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:51:33.0506 3752  PNRPAutoReg - ok
19:51:33.0553 3752  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:51:33.0584 3752  PNRPsvc - ok
19:51:33.0631 3752  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:51:33.0693 3752  PolicyAgent - ok
19:51:33.0771 3752  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
19:51:33.0865 3752  Power - ok
19:51:33.0912 3752  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:51:33.0974 3752  PptpMiniport - ok
19:51:33.0990 3752  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:51:34.0036 3752  Processor - ok
19:51:34.0083 3752  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
19:51:34.0161 3752  ProfSvc - ok
19:51:34.0192 3752  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:51:34.0224 3752  ProtectedStorage - ok
19:51:34.0255 3752  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:51:34.0302 3752  Psched - ok
19:51:34.0380 3752  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:51:34.0458 3752  ql2300 - ok
19:51:34.0473 3752  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:51:34.0504 3752  ql40xx - ok
19:51:34.0536 3752  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
19:51:34.0598 3752  QWAVE - ok
19:51:34.0614 3752  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:51:34.0645 3752  QWAVEdrv - ok
19:51:34.0660 3752  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:51:34.0723 3752  RasAcd - ok
19:51:34.0785 3752  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:34.0848 3752  RasAgileVpn - ok
19:51:34.0879 3752  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
19:51:34.0941 3752  RasAuto - ok
19:51:34.0972 3752  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:35.0035 3752  Rasl2tp - ok
19:51:35.0097 3752  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
19:51:35.0175 3752  RasMan - ok
19:51:35.0206 3752  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:35.0253 3752  RasPppoe - ok
19:51:35.0284 3752  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:51:35.0347 3752  RasSstp - ok
19:51:35.0394 3752  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:51:35.0456 3752  rdbss - ok
19:51:35.0487 3752  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:51:35.0518 3752  rdpbus - ok
19:51:35.0550 3752  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:35.0612 3752  RDPCDD - ok
19:51:35.0643 3752  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:51:35.0721 3752  RDPDR - ok
19:51:35.0784 3752  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:51:35.0846 3752  RDPENCDD - ok
19:51:35.0893 3752  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:51:35.0940 3752  RDPREFMP - ok
19:51:35.0986 3752  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:51:36.0049 3752  RDPWD - ok
19:51:36.0096 3752  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:51:36.0127 3752  rdyboost - ok
19:51:36.0158 3752  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:51:36.0220 3752  RemoteAccess - ok
19:51:36.0267 3752  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:51:36.0330 3752  RemoteRegistry - ok
19:51:36.0376 3752  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:51:36.0439 3752  RpcEptMapper - ok
19:51:36.0470 3752  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:51:36.0548 3752  RpcLocator - ok
19:51:36.0595 3752  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
19:51:36.0642 3752  RpcSs - ok
19:51:36.0673 3752  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:51:36.0751 3752  rspndr - ok
19:51:36.0782 3752  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:51:36.0844 3752  s3cap - ok
19:51:36.0876 3752  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
19:51:36.0891 3752  SamSs - ok
19:51:36.0922 3752  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:51:36.0954 3752  sbp2port - ok
19:51:37.0000 3752  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:51:37.0047 3752  SCardSvr - ok
19:51:37.0063 3752  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:51:37.0125 3752  scfilter - ok
19:51:37.0172 3752  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
19:51:37.0266 3752  Schedule - ok
19:51:37.0281 3752  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:51:37.0328 3752  SCPolicySvc - ok
19:51:37.0375 3752  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:51:37.0422 3752  SDRSVC - ok
19:51:37.0531 3752  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:51:37.0578 3752  SDScannerService - ok
19:51:37.0702 3752  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:51:37.0749 3752  SDUpdateService - ok
19:51:37.0780 3752  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:51:37.0812 3752  SDWSCService - ok
19:51:37.0858 3752  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:51:37.0952 3752  secdrv - ok
19:51:37.0983 3752  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:51:38.0061 3752  seclogon - ok
19:51:38.0077 3752  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
19:51:38.0139 3752  SENS - ok
19:51:38.0202 3752  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:51:38.0264 3752  SensrSvc - ok
19:51:38.0295 3752  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:51:38.0326 3752  Serenum - ok
19:51:38.0342 3752  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:51:38.0389 3752  Serial - ok
19:51:38.0404 3752  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:51:38.0436 3752  sermouse - ok
19:51:38.0498 3752  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:51:38.0545 3752  SessionEnv - ok
19:51:38.0576 3752  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:51:38.0654 3752  sffdisk - ok
19:51:38.0670 3752  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:51:38.0716 3752  sffp_mmc - ok
19:51:38.0763 3752  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:51:38.0794 3752  sffp_sd - ok
19:51:38.0826 3752  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:51:38.0872 3752  sfloppy - ok
19:51:38.0950 3752  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:51:38.0997 3752  SharedAccess - ok
19:51:39.0044 3752  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:51:39.0122 3752  ShellHWDetection - ok
19:51:39.0153 3752  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:51:39.0184 3752  sisagp - ok
19:51:39.0216 3752  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:51:39.0247 3752  SiSRaid2 - ok
19:51:39.0262 3752  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:51:39.0294 3752  SiSRaid4 - ok
19:51:39.0372 3752  [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:51:39.0403 3752  SkypeUpdate - ok
19:51:39.0465 3752  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:51:39.0512 3752  Smb - ok
19:51:39.0559 3752  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:51:39.0590 3752  SNMPTRAP - ok
19:51:40.0027 3752  [ 9CD6FFC9F5B999EB5DF69B9177D9848F ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
19:51:40.0510 3752  SNPSTD3 - ok
19:51:40.0542 3752  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:51:40.0573 3752  spldr - ok
19:51:40.0620 3752  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
19:51:40.0713 3752  Spooler - ok
19:51:40.0869 3752  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:51:40.0978 3752  sppsvc - ok
19:51:41.0025 3752  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:51:41.0072 3752  sppuinotify - ok
19:51:41.0119 3752  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:51:41.0197 3752  srv - ok
19:51:41.0228 3752  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:51:41.0275 3752  srv2 - ok
19:51:41.0306 3752  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:51:41.0353 3752  srvnet - ok
19:51:41.0400 3752  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:51:41.0446 3752  SSDPSRV - ok
19:51:41.0462 3752  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:51:41.0524 3752  SstpSvc - ok
19:51:41.0571 3752  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:51:41.0618 3752  stexstor - ok
19:51:41.0665 3752  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:51:41.0727 3752  StiSvc - ok
19:51:41.0758 3752  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:51:41.0805 3752  storflt - ok
19:51:41.0836 3752  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
19:51:41.0883 3752  StorSvc - ok
19:51:41.0930 3752  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:51:41.0946 3752  storvsc - ok
19:51:41.0961 3752  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:51:41.0992 3752  swenum - ok
19:51:42.0039 3752  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
19:51:42.0117 3752  swprv - ok
19:51:42.0180 3752  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
19:51:42.0242 3752  SysMain - ok
19:51:42.0273 3752  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:42.0351 3752  TabletInputService - ok
19:51:42.0398 3752  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:51:42.0476 3752  TapiSrv - ok
19:51:42.0507 3752  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
19:51:42.0585 3752  TBS - ok
19:51:42.0663 3752  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:51:42.0741 3752  Tcpip - ok
19:51:42.0788 3752  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:51:42.0835 3752  TCPIP6 - ok
19:51:42.0866 3752  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:51:42.0913 3752  tcpipreg - ok
19:51:42.0960 3752  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:51:43.0038 3752  TDPIPE - ok
19:51:43.0069 3752  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:51:43.0100 3752  TDTCP - ok
19:51:43.0131 3752  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:51:43.0225 3752  tdx - ok
19:51:43.0256 3752  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:51:43.0287 3752  TermDD - ok
19:51:43.0334 3752  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
19:51:43.0396 3752  TermService - ok
19:51:43.0428 3752  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:51:43.0459 3752  Themes - ok
19:51:43.0490 3752  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:51:43.0537 3752  THREADORDER - ok
19:51:43.0584 3752  [ FBD16717FD68B206C4CE3BB3C9EE5CB3 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
19:51:43.0630 3752  TomTomHOMEService - ok
19:51:43.0646 3752  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:51:43.0724 3752  TrkWks - ok
19:51:43.0833 3752  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:43.0911 3752  TrustedInstaller - ok
19:51:43.0942 3752  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:44.0005 3752  tssecsrv - ok
19:51:44.0052 3752  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:51:44.0114 3752  TsUsbFlt - ok
19:51:44.0161 3752  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:51:44.0208 3752  tunnel - ok
19:51:44.0254 3752  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:51:44.0301 3752  uagp35 - ok
19:51:44.0379 3752  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:51:44.0457 3752  udfs - ok
19:51:44.0504 3752  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:51:44.0566 3752  UI0Detect - ok
19:51:44.0598 3752  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:51:44.0629 3752  uliagpkx - ok
19:51:44.0660 3752  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
19:51:44.0707 3752  umbus - ok
19:51:44.0769 3752  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:51:44.0832 3752  UmPass - ok
19:51:44.0878 3752  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:51:44.0925 3752  UmRdpService - ok
19:51:44.0988 3752  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:51:45.0066 3752  upnphost - ok
19:51:45.0097 3752  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:51:45.0159 3752  usbaudio - ok
19:51:45.0206 3752  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:45.0268 3752  usbccgp - ok
19:51:45.0331 3752  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:51:45.0362 3752  usbcir - ok
19:51:45.0393 3752  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:51:45.0440 3752  usbehci - ok
19:51:45.0471 3752  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:51:45.0518 3752  usbhub - ok
19:51:45.0565 3752  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:51:45.0643 3752  usbohci - ok
19:51:45.0690 3752  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:51:45.0736 3752  usbprint - ok
19:51:45.0768 3752  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:51:45.0846 3752  usbscan - ok
19:51:45.0877 3752  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:45.0939 3752  USBSTOR - ok
19:51:45.0955 3752  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:51:45.0986 3752  usbuhci - ok
19:51:46.0033 3752  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
19:51:46.0080 3752  UxSms - ok
19:51:46.0111 3752  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
19:51:46.0142 3752  VaultSvc - ok
19:51:46.0189 3752  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:51:46.0204 3752  vdrvroot - ok
19:51:46.0282 3752  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
19:51:46.0407 3752  vds - ok
19:51:46.0454 3752  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:46.0501 3752  vga - ok
19:51:46.0516 3752  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:51:46.0563 3752  VgaSave - ok
19:51:46.0610 3752  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:51:46.0641 3752  vhdmp - ok
19:51:46.0672 3752  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:51:46.0704 3752  viaagp - ok
19:51:46.0766 3752  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
19:51:46.0813 3752  ViaC7 - ok
19:51:46.0844 3752  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
19:51:46.0875 3752  viaide - ok
19:51:46.0922 3752  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:51:46.0969 3752  vmbus - ok
19:51:47.0031 3752  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:51:47.0078 3752  VMBusHID - ok
19:51:47.0125 3752  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:51:47.0234 3752  volmgr - ok
19:51:47.0281 3752  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:51:47.0312 3752  volmgrx - ok
19:51:47.0359 3752  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:51:47.0406 3752  volsnap - ok
19:51:47.0437 3752  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:51:47.0468 3752  vsmraid - ok
19:51:47.0671 3752  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
19:51:47.0780 3752  VSS - ok
19:51:47.0811 3752  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:47.0874 3752  vwifibus - ok
19:51:47.0905 3752  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:48.0030 3752  vwififlt - ok
19:51:48.0108 3752  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:51:48.0139 3752  vwifimp - ok
19:51:48.0264 3752  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
19:51:48.0388 3752  W32Time - ok
19:51:48.0435 3752  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:51:48.0466 3752  WacomPen - ok
19:51:48.0576 3752  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files\Wajam\Updater\WajamUpdater.exe
19:51:48.0638 3752  WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
19:51:48.0638 3752  WajamUpdater - detected UnsignedFile.Multi.Generic (1)
19:51:48.0732 3752  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:51:48.0856 3752  WANARP - ok
19:51:48.0872 3752  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:51:48.0919 3752  Wanarpv6 - ok
19:51:49.0184 3752  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:51:49.0262 3752  WatAdminSvc - ok
19:51:49.0340 3752  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
19:51:49.0434 3752  wbengine - ok
19:51:49.0480 3752  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:51:49.0558 3752  WbioSrvc - ok
19:51:49.0652 3752  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:51:49.0714 3752  wcncsvc - ok
19:51:49.0761 3752  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:49.0855 3752  WcsPlugInService - ok
19:51:49.0948 3752  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:51:49.0964 3752  Wd - ok
19:51:50.0042 3752  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
19:51:50.0120 3752  WDC_SAM - ok
19:51:50.0245 3752  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:51:50.0292 3752  Wdf01000 - ok
19:51:50.0323 3752  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:51:50.0494 3752  WdiServiceHost - ok
19:51:50.0510 3752  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:51:50.0541 3752  WdiSystemHost - ok
19:51:50.0572 3752  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
19:51:50.0635 3752  WebClient - ok
19:51:50.0713 3752  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:51:50.0760 3752  Wecsvc - ok
19:51:50.0791 3752  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:51:50.0853 3752  wercplsupport - ok
19:51:50.0900 3752  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:51:50.0978 3752  WerSvc - ok
19:51:51.0009 3752  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:51.0072 3752  WfpLwf - ok
19:51:51.0103 3752  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:51:51.0165 3752  WIMMount - ok
19:51:51.0306 3752  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:51:51.0384 3752  WinDefend - ok
19:51:51.0415 3752  WinHttpAutoProxySvc - ok
19:51:51.0540 3752  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:51:51.0586 3752  Winmgmt - ok
19:51:51.0711 3752  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
19:51:51.0805 3752  WinRM - ok
19:51:51.0914 3752  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:51:51.0976 3752  WinUsb - ok
19:51:52.0054 3752  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:51:52.0117 3752  Wlansvc - ok
19:51:52.0132 3752  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:51:52.0195 3752  WmiAcpi - ok
19:51:52.0257 3752  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:51:52.0304 3752  wmiApSrv - ok
19:51:52.0491 3752  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:51:52.0569 3752  WMPNetworkSvc - ok
19:51:52.0616 3752  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:51:52.0663 3752  WPCSvc - ok
19:51:52.0694 3752  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:51:52.0772 3752  WPDBusEnum - ok
19:51:52.0834 3752  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:51:52.0928 3752  ws2ifsl - ok
19:51:53.0006 3752  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:51:53.0084 3752  wscsvc - ok
19:51:53.0100 3752  WSearch - ok
19:51:53.0474 3752  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:51:53.0599 3752  wuauserv - ok
19:51:53.0661 3752  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:51:53.0708 3752  WudfPf - ok
19:51:53.0786 3752  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:53.0817 3752  WUDFRd - ok
19:51:53.0864 3752  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:51:53.0911 3752  wudfsvc - ok
19:51:53.0973 3752  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:51:54.0004 3752  WwanSvc - ok
19:51:54.0082 3752  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
19:51:54.0114 3752  yukonw7 - ok
19:51:54.0160 3752  ================ Scan global ===============================
19:51:54.0192 3752  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:51:54.0238 3752  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:51:54.0254 3752  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:51:54.0285 3752  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:51:54.0316 3752  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:51:54.0316 3752  [Global] - ok
19:51:54.0316 3752  ================ Scan MBR ==================================
19:51:54.0348 3752  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:51:55.0596 3752  \Device\Harddisk0\DR0 - ok
19:51:55.0596 3752  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
19:51:59.0199 3752  \Device\Harddisk1\DR1 - ok
19:51:59.0199 3752  ================ Scan VBR ==================================
19:51:59.0215 3752  [ 8BA36A6B90B3BC61500248CB95C5AFE2 ] \Device\Harddisk0\DR0\Partition1
19:51:59.0215 3752  \Device\Harddisk0\DR0\Partition1 - ok
19:51:59.0246 3752  [ DFEC95D37A81712264515104AD888221 ] \Device\Harddisk0\DR0\Partition2
19:51:59.0277 3752  \Device\Harddisk0\DR0\Partition2 - ok
19:51:59.0293 3752  [ 40C9E516A967F8E9C2EA91203199C90C ] \Device\Harddisk1\DR1\Partition1
19:51:59.0293 3752  \Device\Harddisk1\DR1\Partition1 - ok
19:51:59.0293 3752  ============================================================
19:51:59.0293 3752  Scan finished
19:51:59.0293 3752  ============================================================
19:51:59.0324 3512  Detected object count: 2
19:51:59.0324 3512  Actual detected object count: 2
19:52:25.0454 3512  Afc ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:25.0454 3512  Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:25.0454 3512  WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:25.0454 3512  WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 21.04.2013, 23:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hast du MBAR ein 2. Mal laufen lassen, um sicherzugehen, dass es nichts mehr fand?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.04.2013, 19:00   #11
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Ja, ich halte mich genau an die Anweisungen :-)
Beim 2. Mal wurde nichts mehr gefunden. Hier der Log

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.21.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
afshin3 :: AFSHIN3-PC [administrator]

21.04.2013 13:31:03
mbar-log-2013-04-21 (13-31-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27398
Time elapsed: 13 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Geändert von Sava (22.04.2013 um 19:06 Uhr)

Alt 22.04.2013, 21:29   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.04.2013, 18:59   #13
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hier das Ergebnis
Code:
ATTFilter
ComboFix 13-04-23.02 - afshin3 23.04.2013  19:34:34.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1790.1048 [GMT 2:00]
Running from: c:\users\afshin3\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\37673988
c:\users\afshin3\HashTab v5.1.0.23 - Commercial Setup.exe
c:\users\afshin3\HashTab v5.1.0.23 Setup.exe
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\windows\system32\AF15BDAEX.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-23 to 2013-04-23  )))))))))))))))))))))))))))))))
.
.
2013-04-23 17:43 . 2013-04-23 17:43	--------	d-----w-	c:\users\afshin3\AppData\Local\temp
2013-04-23 17:43 . 2013-04-23 17:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-22 17:10 . 2013-04-22 17:10	737072	----a-w-	c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2013-04-21 12:10 . 2013-02-19 12:01	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-04-21 09:48 . 2013-04-21 09:48	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-21 08:46 . 2013-03-01 03:09	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-04-21 08:46 . 2013-01-24 04:47	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-21 08:46 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-21 08:46 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-21 08:46 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-21 08:46 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-21 08:46 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-04-21 08:46 . 2013-02-15 04:34	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-04-21 08:46 . 2013-02-15 03:25	36864	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-07 15:05 . 2013-04-07 15:05	--------	d-----w-	c:\users\afshin3\AppData\Local\Eraser 6
2013-04-07 14:31 . 2013-04-07 14:31	2876528	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2013-04-06 20:24 . 2013-04-23 17:19	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-04-06 20:23 . 2013-04-23 17:23	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-04-06 20:18 . 2013-04-06 20:18	--------	d-----w-	c:\users\afshin3\AppData\Local\Programs
2013-04-06 20:04 . 2013-04-06 20:04	--------	d-----w-	c:\program files\HashTab Shell Extension
2013-04-02 18:43 . 2012-10-08 08:05	225792	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2013-04-02 18:37 . 2013-04-02 18:37	--------	d-----w-	c:\program files\PrintProjects
2013-04-02 18:37 . 2013-04-02 18:37	--------	d-----w-	c:\programdata\PrintProjects
2013-04-02 18:37 . 2013-04-02 18:37	--------	d-----w-	c:\programdata\Visan
2013-04-02 18:16 . 2013-04-02 18:16	--------	d-----w-	c:\users\Default\AppData\Roaming\KODAK AiO Home Center1851351363
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 17:09 . 2013-03-04 13:59	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2013-04-07 14:31 . 2013-03-05 08:43	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-4\StartResources.dll
2013-04-03 16:23 . 2013-03-04 13:59	539984	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-3\SpotlightResources.dll
2013-03-17 18:01 . 2012-04-09 17:40	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-17 18:01 . 2011-05-17 16:38	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 17:03 . 2013-03-12 17:03	539984	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-4\SpotlightResources.dll
2013-02-12 04:48 . 2013-03-14 18:09	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 18:09	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-21 17:27	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2006-07-28 11:33 . 2006-07-28 11:33	212992	----a-w-	c:\program files\CardBurner.exe
2003-03-18 19:20 . 2003-03-18 19:20	1060864	----a-w-	c:\program files\mfc71.dll
2003-03-18 19:12 . 2003-03-18 19:12	1047552	----a-w-	c:\program files\mfc71u.dll
2003-02-21 02:42 . 2003-02-21 02:42	348160	----a-w-	c:\program files\msvcr71.dll
2013-04-21 09:21 . 2013-04-21 09:21	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ILO_Office_Manager"="IntEdReg.exe" [2002-10-14 53760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:01]
.
2013-04-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-09-19 18:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:60444
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}\75C414E4D2332443732333: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=HP_ss&mntrId=16c9c051000000000000061b9ea0b266
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=KW_ss&mntrId=16c9c051000000000000061b9ea0b266&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,ce,46,77,10,c7,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,f9,1d,58,f0,29,7a,49,be,6b,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,f9,1d,58,f0,29,7a,49,be,6b,4b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\guard32.dll
.
Completion time: 2013-04-23  19:45:57
ComboFix-quarantined-files.txt  2013-04-23 17:45
.
Pre-Run: 29.554.016.256 bytes free
Post-Run: 30.096.699.392 bytes free
.
- - End Of File - - 3B5CEE77DCEF2EB723AFC6204098910D
         
Eine Frage, wie ist das eigentlich mit den Datenträgern, bei denen mir das Problem aufgefallen ist (USB-Stick,...)? Hätte ich die bei dem Scan anschließen müssen? Oder sitzt das Problem nur auf dem Rechner? Bitte gib mir Bescheid, wenn ich die Datenträger anschließen muss.

Alt 23.04.2013, 23:20   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.04.2013, 19:29   #15
Sava
 
MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Standard

MP3 Player und USB Stick zeigen nur noch Verknüpfungen



Hier die Logfiles

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Professional x86
Ran by afshin3 on 24.04.2013 at 18:17:44,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] wajamupdater 
Successfully deleted: [Service] wajamupdater 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\surf canyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoods_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilivid_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividmediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividmediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\afshin3\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\afshin3\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\afshin3\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\afshin3\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Users\afshin3\AppData\Roaming\microsoft\windows\start menu\programs\wajam"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2013 at 18:20:07,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.202 - Logfile created 04/24/2013 at 18:34:45
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : afshin3 - AFSHIN3-PC
# Boot Mode : Normal
# Running from : C:\Users\afshin3\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\afshin3\AppData\Local\PackageAware
Folder Deleted : C:\Users\afshin3\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\afshin3\AppData\LocalLow\facemoods.com

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\prefs.js

C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=HP_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4812_[...]
Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.log_send_info", "false");
Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Deleted : user_pref("extensions.wajam.supported_sites.amazon_product.priam_se_js", "try {window['APP_LABEL_NAM[...]
Deleted : user_pref("extensions.wajam.supported_sites.amazon_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Deleted : user_pref("extensions.wajam.supported_sites.ebay_product.wajam_se_js", "try {window['APP_LABEL_NAME'[...]
Deleted : user_pref("extensions.wajam.supported_sites.ebay_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = '[...]
Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Deleted : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Deleted : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wa[...]
Deleted : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME[...]
Deleted : user_pref("extensions.wajam.trace_log", "1356976618717 - onFlagInfoReceived - Server mapping version[...]
Deleted : user_pref("extensions.wajam.unique_id", "D6FE8B73C8A3F2F8DE3960D9267BB3BF");
Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Deleted : user_pref("extensions.wajam.version", "1.26");
Deleted : user_pref("extensions.wajam.website_version", "1.00266.0");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110824&tt=4812_3&babsrc=KW_ss&mntrId=16c9[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.7] : search_url = "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=16c9c05100000000[...]
Deleted [l.92] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=16c9c051000000000000001377649987&tlve[...]

*************************

AdwCleaner[R1].txt - [6088 octets] - [24/04/2013 18:34:17]
AdwCleaner[S1].txt - [6168 octets] - [24/04/2013 18:34:45]

########## EOF - C:\AdwCleaner[S1].txt - [6228 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 24.04.2013 19:26:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\afshin3\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,21% Memory free
3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,79 Gb Total Space | 27,89 Gb Free Space | 54,91% Space Free | Partition Type: NTFS
Drive D: | 51,00 Gb Total Space | 21,51 Gb Free Space | 42,17% Space Free | Partition Type: NTFS
 
Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\afshin3\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Intense Language Office\Common\OffMan.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Intense Language Office\Common\OffMan.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (catchme) -- C:\Users\afshin3\AppData\Local\Temp\catchme.sys File not found
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech                  )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 5B 68 E9 1A F2 CB 01  [binary data]
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{26ED5B98-2585-48BC-9A12-50E2336F61D6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110415,16987,0,8,0
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60444
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.04 04:46:56 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.21 11:21:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.21 11:21:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.21 11:21:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.21 11:21:48 | 000,000,000 | ---D | M]
 
[2012.11.13 20:31:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions
[2012.10.03 17:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013.04.24 18:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions
[2013.04.21 13:51:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\afshin3\AppData\Roaming\Mozilla\Firefox\Profiles\6vvjwyse.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.21 11:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.21 11:21:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.24 09:56:39 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.19 20:38:50 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) ()
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\afshin3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2013.04.23 19:43:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [ILO_Office_Manager] C:\Windows\System32\intedreg.exe ()
O4 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA8658-2237-452F-8942-D2F2235D4E29}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F35B6E81-FB01-421F-BBF3-52D02468DC4B}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.24 18:17:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.24 18:17:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.24 17:59:29 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\afshin3\Desktop\JRT.exe
[2013.04.23 19:46:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.23 19:46:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.23 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\temp
[2013.04.23 19:31:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.23 19:31:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.23 19:31:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.23 19:18:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.23 19:18:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.23 19:14:30 | 005,059,674 | R--- | C] (Swearware) -- C:\Users\afshin3\Desktop\ComboFix.exe
[2013.04.21 14:10:00 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.21 14:09:58 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.21 14:09:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.21 14:09:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.21 14:09:57 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.21 14:09:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.21 14:09:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.21 14:09:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.21 14:09:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.21 14:09:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.21 14:02:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\afshin3\Desktop\tdsskiller.exe
[2013.04.21 13:53:33 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\afshin3\Desktop\aswMBR.exe
[2013.04.21 12:41:28 | 000,000,000 | ---D | C] -- C:\Avenger
[2013.04.21 11:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.21 11:44:42 | 000,000,000 | ---D | C] -- C:\Users\afshin3\Desktop\mbar
[2013.04.21 11:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.21 10:46:23 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.21 10:46:19 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.21 10:46:18 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.21 10:46:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.21 10:46:03 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.21 10:46:03 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.07 18:04:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe
[2013.04.07 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Eraser 6
[2013.04.06 22:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.06 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.06 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\afshin3\AppData\Local\Programs
[2013.04.06 22:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension
[2013.04.02 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
[2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects
[2013.04.02 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\PrintProjects
[2013.03.30 18:19:38 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.30 18:19:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.30 18:19:27 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.30 18:19:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.30 18:19:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.30 18:19:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.30 18:19:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.30 18:19:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.30 18:19:19 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.30 18:19:18 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.30 18:19:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.30 18:19:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.30 18:19:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.30 18:19:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.30 18:19:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.30 18:19:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.30 18:19:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.30 18:19:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.30 18:19:09 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.30 18:19:08 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.30 18:19:08 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.30 18:19:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.30 18:19:06 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.30 18:19:06 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.30 18:19:05 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.30 18:19:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.10.23 11:50:41 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Users\afshin3\taskmgr.exe
[2011.04.04 05:09:21 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- C:\Users\afshin3\DTLite4402-0131.exe
[2011.04.04 04:45:15 | 000,606,560 | ---- | C] (RealNetworks, Inc.) -- C:\Users\afshin3\RealPlayer_de.exe
[2006.07.28 13:33:26 | 000,212,992 | ---- | C] (OXY Solution) -- C:\Program Files\CardBurner.exe
[2003.03.18 21:20:00 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71.dll
[2003.03.18 21:12:12 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc71u.dll
[2003.02.21 04:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.24 20:06:49 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013.04.24 19:58:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.24 18:44:21 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 18:44:21 | 000,014,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 18:37:24 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.24 18:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.24 18:36:53 | 1407,848,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 18:00:37 | 000,619,461 | ---- | M] () -- C:\Users\afshin3\Desktop\adwcleaner.exe
[2013.04.24 17:59:35 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\afshin3\Desktop\JRT.exe
[2013.04.23 19:43:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.23 19:14:36 | 005,059,674 | R--- | M] (Swearware) -- C:\Users\afshin3\Desktop\ComboFix.exe
[2013.04.22 20:14:14 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 20:14:14 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.21 19:45:47 | 000,286,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.21 14:02:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\afshin3\Desktop\tdsskiller.exe
[2013.04.21 14:00:17 | 000,000,512 | ---- | M] () -- C:\Users\afshin3\Desktop\MBR.dat
[2013.04.21 13:54:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\afshin3\Desktop\aswMBR.exe
[2013.04.08 17:52:52 | 000,044,848 | ---- | M] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm
[2013.04.07 19:10:56 | 000,377,856 | ---- | M] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe
[2013.04.07 18:04:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afshin3\Desktop\OTL.exe
[2013.04.07 18:03:29 | 000,000,000 | ---- | M] () -- C:\Users\afshin3\defogger_reenable
[2013.04.02 20:33:39 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2013.04.02 20:30:58 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2013.03.30 18:19:38 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.30 18:19:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.30 18:19:27 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.30 18:19:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.30 18:19:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.30 18:19:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.30 18:19:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.30 18:19:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.30 18:19:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.30 18:19:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.30 18:19:17 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.30 18:19:17 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.30 18:19:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.30 18:19:16 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.30 18:19:14 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.30 18:19:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.30 18:19:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.30 18:19:10 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.30 18:19:09 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.30 18:19:08 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.30 18:19:08 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.30 18:19:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.30 18:19:07 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.30 18:19:06 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.30 18:19:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.30 18:19:05 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.30 18:19:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
 
========== Files Created - No Company Name ==========
 
[2013.04.24 18:00:35 | 000,619,461 | ---- | C] () -- C:\Users\afshin3\Desktop\adwcleaner.exe
[2013.04.23 19:31:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.23 19:31:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.23 19:31:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.23 19:31:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.23 19:31:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.21 14:00:17 | 000,000,512 | ---- | C] () -- C:\Users\afshin3\Desktop\MBR.dat
[2013.04.08 17:52:52 | 000,044,848 | ---- | C] () -- C:\Users\afshin3\Desktop\Comodo Log 08.04.2013.htm
[2013.04.07 19:10:54 | 000,377,856 | ---- | C] () -- C:\Users\afshin3\Desktop\gmer_2.1.19163.exe
[2013.04.07 18:03:29 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\defogger_reenable
[2013.04.02 20:33:39 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2013.04.02 20:30:58 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2013.03.30 18:19:07 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.14 20:49:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.08.24 08:22:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.11 17:08:52 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011.07.26 17:22:00 | 000,015,428 | ---- | C] () -- C:\Users\afshin3\RefEdit.exd
[2011.07.15 09:42:53 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{ED8D64B9-37E5-435F-A739-1A5B063B4035}
[2011.06.15 21:11:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.28 02:54:09 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~37673988
[2011.05.21 19:33:54 | 000,000,000 | ---- | C] () -- C:\Users\afshin3\AppData\Local\{BB9D2246-53EC-47D6-B18C-E16A21D48890}
[2011.04.05 21:34:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.05 20:12:03 | 000,005,115 | -H-- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2006.07.28 13:29:14 | 000,000,367 | ---- | C] () -- C:\Program Files\MyList.mft
[2006.05.30 16:03:32 | 000,025,893 | ---- | C] () -- C:\Program Files\Card Burner upotreba.xml
[2005.11.15 11:25:50 | 005,823,050 | ---- | C] () -- C:\Program Files\Salif Keita - 03 - Madan.mp3
[2005.11.01 15:46:06 | 002,753,515 | ---- | C] () -- C:\Program Files\La_Flaca.mp3
[2003.10.18 06:37:10 | 004,006,266 | ---- | C] () -- C:\Program Files\ABBA - Super Trooper.mp3
[2003.10.18 06:36:58 | 003,658,106 | ---- | C] () -- C:\Program Files\Blonde - Atomic.mp3
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2013 19:26:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\afshin3\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,21% Memory free
3,50 Gb Paging File | 2,56 Gb Available in Paging File | 73,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,79 Gb Total Space | 27,89 Gb Free Space | 54,91% Space Free | Partition Type: NTFS
Drive D: | 51,00 Gb Total Space | 21,51 Gb Free Space | 42,17% Space Free | Partition Type: NTFS
 
Computer Name: AFSHIN3-PC | User Name: afshin3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5B3B02-B9EA-4261-AC8F-57CC13F3CCE8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24A73305-7487-4D37-81FB-C561EAB47B6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52443A2A-29EF-4CBE-B331-EF35E18CB1BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{585FFDE5-E5A4-4F80-95D3-19430175BB2A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5FC414DF-7217-40CE-B4EE-5090CB7ED6A8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6DAD194B-864A-4AB7-87B4-8B4CE340B683}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{6EE563F1-2273-422B-BCB2-0C8BCF87AFDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70EEB091-2935-463F-94F2-FE589F288ED1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{7D4F7821-1A14-4EAC-A26C-0AD0824D4E5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B178C977-397F-4768-B556-3E47BF33BF4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B6EC3B30-BBB6-44E5-AACE-47CD0F303260}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{CAAE12F8-AF9A-4F6E-9112-ED74115B11DF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{ECB3E4FF-B004-4B32-86B6-2EEE599B0943}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE40B3-B02F-4D2C-931A-80F82027ED01}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe | 
"{0CD39F31-2967-4791-896E-450D7B2F3A90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1045495B-BCA2-4FCE-B902-5EEC2D0FB210}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{10A6A2B1-0522-46BF-96E1-E9F891A716D8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{18F82BF0-B855-41D8-89F8-DD354F59C23E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C9EAC22-707C-430C-885B-4FD64EA6F422}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1E8061EB-A0E6-4449-ABDC-335386A88E77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C942CBE-7A47-4AC9-94FE-47ABB3860C28}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{314C04AA-2DD2-4E58-9603-1994027C2945}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe | 
"{410DF6CD-5162-4864-BEBE-422F30B63648}" = protocol=6 | dir=out | app=system | 
"{49CC08C6-A875-403B-9300-B5F394738ED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C8978BF-DDAD-4778-B02A-3ACF01F2FABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50FBDCB5-AF22-4266-B8F4-5EBE335F3AC8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{575009AE-140A-42EF-887F-BA645B75D044}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{6046089B-C609-4B12-9119-E87429D9F276}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe | 
"{6E7226CD-5C1F-4FBC-B8C7-81EBD3085198}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{6FD34CB4-E4B2-4062-BE08-C08823FA15AD}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{70AA399A-697C-4531-9800-0CFFCE4BC10D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B76BC7B-9DB1-4A2F-9C18-F46DBC393120}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe | 
"{9DFE6763-E414-42B4-B7A8-65376C154C7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30858AB-FECF-42B8-9625-EDE00FC6249F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{A6DFB519-CA89-40F9-A0E0-C4A9BF6A6878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A80B1371-3858-402B-837E-917477B071E7}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe | 
"{B7B2B037-F638-4057-974E-9BE0B38C6AB2}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe | 
"{BAFCEDA9-D32C-48BD-A55A-A1CA725F2232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2A5B77E-25E4-4C7E-A384-CD56BCE17CA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F89ABEEB-87E6-4E2C-A64A-AE8753B88211}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{524D615B-881E-406A-A2E0-D62F500F58E2}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{79F2F4D8-5D30-48E0-85EB-77F13F0BAD05}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"TCP Query User{FA8F0533-7F43-4C38-BFB0-61000A7EE68D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{102C492B-D110-4DC9-8CF9-D24DE3141D71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{840598D4-427D-44E3-99B9-F8D347D4C76B}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
"UDP Query User{9C34D2E7-0ED3-4614-9D4F-8823A6F45056}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1686816B-367A-4EA6-9C20-F694A5511C13}" = AS Lernen
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CC5825C2-2F59-459B-84ED-D0D1958101FA}" = CardBurner
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}" = ArcSoft TotalMedia 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Glary Utilities_is1" = Glary Utilities 2.42.0.1389
"HashTab" = HashTab 5.1.0.23
"Intense Language Office" = Intense Language Office
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nano" = Nano 1.1.1
"PrintProjects" = PrintProjects
"RealPlayer 12.0" = RealPlayer
"TIPP10_is1" = TIPP10 Version 2.1.0
"TomTom HOME" = TomTom HOME 2.7.3.1894
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2499919780-2418098726-987346099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
< End of report >
         

Antwort

Themen zu MP3 Player und USB Stick zeigen nur noch Verknüpfungen
backdoor.ircbot, dateien, einstellungen, firefox, funktioniert, gmer, leerer ordner, mp3, mp3-player, ordner, programm, pup.datamngr, pup.offerbundler.st, spybot, trojan.agent.gen, usb stick, usb stick dateien, verknüfungen, verknüpfungen, versteckte, versteckte dateien



Ähnliche Themen: MP3 Player und USB Stick zeigen nur noch Verknüpfungen


  1. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 01.09.2015 (64)
  2. USB-Stick Dateien sind nur noch Verknüpfungen
    Log-Analyse und Auswertung - 17.08.2015 (44)
  3. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  4. Usb Stick zeigt nur noch Ordner in Verknüpfungen an #2
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (33)
  5. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (17)
  6. Windows 8.1: USB-Stick enthält nur noch Verknüpfungen
    Log-Analyse und Auswertung - 19.06.2014 (11)
  7. Windows 7: USB Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 28.05.2014 (20)
  8. Win 7: USB-Stick erstellt nur noch Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (13)
  9. USB-Stick zeigt nur noch Verknüpfungen an-->Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (27)
  10. Windows 7 - Nur noch Verknüpfungen auf USB-Stick
    Log-Analyse und Auswertung - 16.02.2014 (8)
  11. Ordner auf USB-Stick nur noch als Verknüpfungen sichtbar
    Log-Analyse und Auswertung - 29.01.2014 (11)
  12. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  13. USB-Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 10.10.2013 (1)
  14. Ordner auf USB-Stick nur noch Verknüpfungen!
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (11)
  15. Usb stick & sd karte zeigen nur noch verknüpfungen an (shortcut)
    Log-Analyse und Auswertung - 19.02.2012 (3)
  16. Nur noch Verknüpfungen auf USB-Stick/CF-Karten
    Log-Analyse und Auswertung - 23.11.2011 (2)
  17. USB Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 08.11.2011 (31)

Zum Thema MP3 Player und USB Stick zeigen nur noch Verknüpfungen - Hallo, auf meinem MP3-Player und einem USB stick zeigt es seit einiger Zeit nur noch Verknüfungen an. Ich habe im Internet irgendwo gelesen, dass man die Dateien evtl. wieder sichtbar - MP3 Player und USB Stick zeigen nur noch Verknüpfungen...
Archiv
Du betrachtest: MP3 Player und USB Stick zeigen nur noch Verknüpfungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.