| |
| |||||||
Log-Analyse und Auswertung: Falsche google WeiterleitungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.11.2012, 14:31
| #1 |
 |  Falsche google Weiterleitung Hallo, ich habe das Problem, dass ich mit sämtlichen Webbrowser (Opera, FireFox) mit Google falsch auf Sex- und Shopseiten weitergeleitet werde. Ich starte Google, gebe was in die Suchmaschine ein, und wenn ich auf die gefundenen Suchseiten klicke werde ich anstatt auf die Seite auf andere Seiten weitergeleitet. Kurz vor der falschen Weiterleitung taucht in der Adressleiste die Seite "antivieh" auf. Erhoffe mir hier Hilfe. Gruß OTL.txt Code:
ATTFilter OTL logfile created on: 19.11.2012 14:10:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aydin\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 83,88% Memory free 15,83 Gb Paging File | 14,42 Gb Available in Paging File | 91,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 881,94 Gb Free Space | 94,69% Space Free | Partition Type: NTFS Drive F: | 1,86 Gb Total Space | 1,75 Gb Free Space | 94,21% Space Free | Partition Type: FAT Computer Name: AYDIN-PC | User Name: Aydin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.19 14:09:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aydin\Desktop\OTL.exe PRC - [2012.11.15 08:46:36 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 18:13:56 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 18:13:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe PRC - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.02 21:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.11.10 16:58:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.10.30 18:13:56 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 18:13:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.10 13:35:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.24 05:57:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.08.24 05:57:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.08.24 05:57:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2011.07.22 13:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2011.02.22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.15 08:46:47 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.15 08:46:47 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.05.25 05:55:57 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.04 17:05:26 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.08.24 05:55:19 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.04.10 04:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 10:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2009.11.10 17:34:52 | 006,108,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.09.30 02:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb) DRV - [2011.05.22 21:51:28 | 000,028,032 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS -- (HWiNFO32) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F D7 18 C6 B6 8F CC 01 [binary data] IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{38B10804-2C2C-437C-ABBC-1DC361C2CC65}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=TKR&o=15589&src=kw&q={searchTerms}&locale=&apn_ptnrs=IY&apn_dtid=YYYYYYYYDE&apn_uid=3453ac37-611d-4f92-b7b2-65e64d6b3a28&apn_sauid=EACE567E-4984-4F29-88B8-C1CFF9125327 IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc} IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{9FDDDDD1-2C86-4D4F-A031-C30A29327BC9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\SearchScopes\{E9ABDB30-63F4-4fb2-893E-7E8A22ABA19C}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.16 23:21:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.24 21:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aydin\AppData\Roaming\mozilla\Extensions [2012.08.08 19:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aydin\AppData\Roaming\mozilla\Firefox\Profiles\c2zd0oxl.default\extensions [2012.08.08 19:15:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Aydin\AppData\Roaming\mozilla\firefox\profiles\c2zd0oxl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.16 23:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-843483253-1178590098-1577449472-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-843483253-1178590098-1577449472-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-843483253-1178590098-1577449472-1000..\Run: [zASRockInstantBoot] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{899B1EDC-8794-42E3-8B02-0641B7F16E51}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.19 14:09:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aydin\Desktop\OTL.exe [2012.11.19 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{A35C0FC2-E2DC-425A-B19A-8603BFEE4CF7} [2012.11.10 19:49:20 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{5323B29B-9109-4C75-A501-EE3ADD2C4B1C} [2012.11.09 20:00:58 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{3235ED3E-0255-4432-8C36-BBDC6FDE79B0} [2012.11.07 15:38:22 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{79B81A02-0BC4-411B-A18F-714E4824DC8E} [2012.10.25 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{364E26DD-29BD-492A-94D6-1944C503A0DF} [2012.10.25 08:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.10.25 08:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.23 04:45:06 | 000,000,000 | ---D | C] -- C:\Users\Aydin\AppData\Local\{404278AA-C7EF-4FAC-907D-FBDE78DF625D} [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.19 14:09:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aydin\Desktop\OTL.exe [2012.11.19 14:09:06 | 000,000,000 | ---- | M] () -- C:\Users\Aydin\defogger_reenable [2012.11.19 14:09:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1005UA.job [2012.11.19 14:02:47 | 035,227,242 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 14:02:47 | 011,089,764 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 14:02:47 | 010,969,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 14:02:47 | 009,984,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 14:02:47 | 000,006,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 14:02:22 | 000,050,477 | ---- | M] () -- C:\Users\Aydin\Desktop\Defogger.exe [2012.11.19 13:58:16 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.19 13:57:58 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\PCRVUIL.job [2012.11.19 13:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.19 13:57:51 | 2078,806,015 | -HS- | M] () -- C:\hiberfil.sys [2012.11.18 18:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.18 18:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.18 10:44:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1001UA.job [2012.11.18 03:33:31 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 03:33:31 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 02:09:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1005Core.job [2012.11.18 01:44:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-843483253-1178590098-1577449472-1001Core.job [2012.11.18 01:29:43 | 000,294,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.16 23:21:18 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.15 08:46:47 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.15 08:46:47 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.07 06:31:07 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.19 14:09:06 | 000,000,000 | ---- | C] () -- C:\Users\Aydin\defogger_reenable [2012.11.19 14:02:21 | 000,050,477 | ---- | C] () -- C:\Users\Aydin\Desktop\Defogger.exe [2012.10.25 08:33:33 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.02 04:10:51 | 000,110,592 | RHS- | C] () -- C:\Windows\SysWow64\nlmgp4.dll [2012.06.13 14:10:24 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini [2012.04.28 15:47:45 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011.11.02 04:36:11 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.04 14:46:38 | 001,575,304 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.26 20:00:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.24 05:58:15 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2011.08.24 05:58:15 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2011.08.24 05:58:15 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2011.08.24 05:58:04 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.08.24 05:58:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.08.24 05:50:20 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.24 05:50:19 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.08.24 05:50:19 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.24 05:50:19 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.24 05:50:19 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2011.11.17 08:14:10 | 000,002,048 | -HS- | M] () -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\@ [2011.11.17 08:14:10 | 000,000,000 | -HSD | M] -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\L [2012.10.14 12:55:30 | 000,000,000 | -HSD | M] -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\U [2012.09.27 16:45:48 | 000,000,928 | ---- | M] () -- C:\Users\kadir\AppData\Local\{28cee756-b4f9-9a2c-4422-cd119bee26f2}\U\00000001.@ [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.24 06:09:02 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\DeviceVm [2012.04.14 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\DVDVideoSoft [2012.10.01 19:16:56 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\GHISLER [2011.08.24 06:08:40 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\Opera [2012.05.05 14:04:22 | 000,000,000 | ---D | M] -- C:\Users\Aydin\AppData\Roaming\pokerth [2012.01.26 09:13:11 | 000,000,000 | ---D | M] -- C:\Users\K D R\AppData\Roaming\Canon [2011.08.29 13:01:41 | 000,000,000 | ---D | M] -- C:\Users\K D R\AppData\Roaming\Opera [2012.05.19 06:02:38 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\Canon [2012.05.30 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\DAEMON Tools Lite [2012.03.31 15:59:34 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\Opera [2012.05.05 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\kadir\AppData\Roaming\pokerth [2012.02.28 12:36:37 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\Canon [2012.05.25 05:57:50 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\DAEMON Tools Lite [2011.10.19 14:39:17 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\GetRightToGo [2011.08.30 05:19:54 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\Opera [2011.10.19 14:26:12 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\SuperEasy Software [2012.09.25 20:45:07 | 000,000,000 | ---D | M] -- C:\Users\lütfiye\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.11.2012 14:10:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aydin\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 83,88% Memory free
15,83 Gb Paging File | 14,42 Gb Available in Paging File | 91,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 881,94 Gb Free Space | 94,69% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,75 Gb Free Space | 94,21% Space Free | Partition Type: FAT
Computer Name: AYDIN-PC | User Name: Aydin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-843483253-1178590098-1577449472-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12DA1A75-1E14-4F8B-9CA8-DC012DE2AE92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{28137224-BFE6-433A-8782-10BA4EE63880}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39E784F7-815C-4206-BAFE-6FC5A5E9307F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6D9B0CBB-81B0-4EC8-A335-616CC3D417BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D6C09A8D-3EBC-4DFD-BA1A-7434AFE43556}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22D648E4-E988-4C31-9B8F-00D86377481C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{535BB904-B9B6-4A93-8AB6-A0BBCE5C5A83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{53D2DB47-F55D-464E-8529-2D190969C6BB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{69A25577-5D51-4814-AF4B-D49F9198C20F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9837CD40-5D10-4242-AD19-AE516C84F22A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D5E8AA6-B0A4-47FF-8737-950168815C10}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A870EE6A-0D9B-4E6F-82DE-66752DF81127}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D8CE3D03-CA97-400B-BDB3-7A8CC0EB15B6}" = dir=in | app=c:\users\lütfiye\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{187EBB5D-DC5F-44AA-916A-24D23BB97038}C:\windows\system32\mspaint.exe" = protocol=6 | dir=in | app=c:\windows\system32\mspaint.exe |
"TCP Query User{209C82FF-91D8-41A0-A8AF-8928E0B4A2DB}C:\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd64.exe |
"TCP Query User{2F58E1B4-CB49-4895-9B74-F9B6521E11C6}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{43E4E80A-52D0-4BB5-81C8-6DCC6678C320}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BAF3BB1B-67A0-49EB-8B28-7CE3781FBCCF}C:\users\k d r\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\k d r\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{CE1F9217-B2D9-4FBA-993B-E3663D33006B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{14975B32-2071-4AAF-8E6D-EAE4974EFBED}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{53CC1D83-2068-4C9D-A692-526655527B00}C:\users\k d r\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\k d r\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{80611D47-CB58-423C-8AA4-AF13DEA5C053}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{93001508-FF33-446C-B1C0-6E6FDB37FE02}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{9B451BBC-C5C8-4A0D-A42D-76A1EFAFB417}C:\windows\system32\mspaint.exe" = protocol=17 | dir=in | app=c:\windows\system32\mspaint.exe |
"UDP Query User{CE210735-6F79-4F86-8DE0-007EA200BE2D}C:\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd64.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 1.0
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8AAE8CB9-F81F-5D8B-7A5B-7E752C5B3A0F}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D08C812A-2C35-6151-E597-442886FC4E45}" = ATI AVIVO64 Codecs
"{D2A2F59A-E2A2-3FFC-6625-1BF6FD15404D}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF0E5BB-3000-B250-AFE3-2CE2CC8A674A}" = Catalyst Control Center Graphics Light
"{15CF27BF-4F98-D22B-273D-6CF83B7DBE74}" = Catalyst Control Center Graphics Previews Vista
"{1629D458-416F-AA45-F9EA-D6425AC4087C}" = Catalyst Control Center Core Implementation
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{306A54B5-65AC-3B75-AB17-2E3D3FE249F9}" = Catalyst Control Center Graphics Full New
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52F7A893-C867-F785-0BC6-C2215D711FAE}" = Catalyst Control Center Graphics Full Existing
"{5364B250-C32E-94A6-E604-B09F461DB163}" = Catalyst Control Center Localization All
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94531B9D-7924-F3BE-71E2-CC646EF4627E}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Audio Pack 1
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD9803C1-A7A9-F06B-4DC0-AB3666B2D423}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3CFC03A-8CA2-5EDC-56E3-46FE58478526}" = ccc-core-static
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.78
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP490 series Benutzerregistrierung" = Canon MP490 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HWiNFO32_is1" = HWiNFO32 Version 3.84
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Opera 12.02.1578" = Opera 12.02
"Picasa 3" = Picasa 3
"Video Converter" = Video Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XFastUsb" = XFastUsb
"xvid" = XviD MPEG-4 Video Codec
"YouTube Song Downloader_is1" = YouTube Song Downloader
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2012 12:56:01 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 18.11.2012 12:56:01 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 18.11.2012 22:22:50 | Computer Name = Aydin-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 18.11.2012 22:27:03 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 18.11.2012 22:27:03 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 18.11.2012 22:27:03 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.11.2012 08:58:15 | Computer Name = Aydin-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 19.11.2012 09:02:44 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.11.2012 09:02:44 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.11.2012 09:02:44 | Computer Name = Aydin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:10 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:11 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 13:55:11 | Computer Name = Aydin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 18.11.2012 22:23:49 | Computer Name = Aydin-PC | Source = DCOM | ID = 10001
Description =
< End of report >
|
|
20.11.2012, 12:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Falsche google Weiterleitung Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Schon irgendwelche Scans mit anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
20.11.2012, 20:23
| #3 |
| | Falsche google Weiterleitung Gelesen und Verstanden
__________________Hoffe hab bis jetzt alles richtig gemacht  |
|
20.11.2012, 21:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche google Weiterleitung Ganz unten bei meiner ersten AW hatte ich noch eine Frage 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2012, 10:45
| #5 |
| | Falsche google Weiterleitung Ich habe mit Malwarebytes gescant (Quick-Scan), aber es wurde nix gefunden. |
|
21.11.2012, 16:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche google Weiterleitung Es geht aber nicht nur um Malwarebytes sondern auch um andere Virenscanner - und dazu hätte ich gern alle Logs gesehen sofern da Funde bei sind
__________________ --> Falsche google Weiterleitung |
|
23.11.2012, 16:02
| #7 |
| | Falsche google Weiterleitung Ich hatte mal vor 3-4 Wochen mit AntiVir gescannt und es wurden auch 3 Dateien gelöscht. Hatte das Problem trotzdem nicht gelöst. Kann man die Logs dazu noch finden ? Danach hab ich kein Scan mehr durchgeführt. |
|
23.11.2012, 16:26
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche google WeiterleitungZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2012, 16:34
| #9 |
| | Falsche google Weiterleitung Ereignisse.txt Code:
ATTFilter Exportierte Ereignisse:
03.11.2012 00:13 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\kadir\AppData\Local\Temp\plugtmp\plugin-changes_days.php'
wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dld' [exploit] gefunden.
Ausgeführte Aktion: Zugriff verweigern
28.10.2012 20:34 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\A\
2F\F7445d01'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Pidief.dis' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58a11a56.qua'
verschoben!
28.10.2012 20:33 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\A\
2F\F7445d01'
wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dis' [exploit] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
28.10.2012 20:20 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\0\
59\BD76Bd01'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Pidief.dkg' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '575d107d.qua'
verschoben!
28.10.2012 20:19 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\kadir\AppData\Local\Mozilla\Firefox\Profiles\xgtmjevw.default\Cache\0\
59\BD76Bd01'
wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dkm' [exploit] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
|
|
23.11.2012, 17:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche google Weiterleitung 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.11.2012, 02:43
| #11 |
| | Falsche google Weiterleitung aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-25 02:27:12
-----------------------------
02:27:12.464 OS Version: Windows x64 6.1.7600
02:27:12.464 Number of processors: 4 586 0x2A07
02:27:12.464 ComputerName: AYDIN-PC UserName: Aydin
02:27:13.198 Initialize success
02:28:59.274 AVAST engine defs: 12112401
02:29:29.210 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
02:29:29.210 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
02:29:29.226 Disk 0 MBR read successfully
02:29:29.226 Disk 0 MBR scan
02:29:29.226 Disk 0 Windows 7 default MBR code
02:29:29.241 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:29:29.257 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
02:29:29.273 Disk 0 scanning C:\Windows\system32\drivers
02:29:35.747 Service scanning
02:29:49.428 Modules scanning
02:29:49.428 Disk 0 trace - called modules:
02:29:49.443 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
02:29:49.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080bd060]
02:29:49.958 3 CLASSPNP.SYS[fffff880018a743f] -> nt!IofCallDriver -> [0xfffffa8007a589b0]
02:29:49.958 5 ACPI.sys[fffff88000f8b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa8007a6b060]
02:29:50.769 AVAST engine scan C:\Windows
02:29:57.415 AVAST engine scan C:\Windows\system32
02:32:05.413 AVAST engine scan C:\Windows\system32\drivers
02:32:25.615 AVAST engine scan C:\Users\Aydin
02:33:44.895 AVAST engine scan C:\ProgramData
02:36:51.065 Scan finished successfully
02:37:47.444 Disk 0 MBR has been saved successfully to "C:\Users\Aydin\Desktop\MBR.dat"
02:37:47.444 The log file has been saved successfully to "C:\Users\Aydin\Desktop\aswMBR.txt"
Code:
ATTFilter
02:38:22.0122 1928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:38:22.0262 1928 ============================================================
02:38:22.0262 1928 Current date / time: 2012/11/25 02:38:22.0262
02:38:22.0262 1928 SystemInfo:
02:38:22.0262 1928
02:38:22.0262 1928 OS Version: 6.1.7600 ServicePack: 0.0
02:38:22.0262 1928 Product type: Workstation
02:38:22.0262 1928 ComputerName: AYDIN-PC
02:38:22.0262 1928 UserName: Aydin
02:38:22.0262 1928 Windows directory: C:\Windows
02:38:22.0262 1928 System windows directory: C:\Windows
02:38:22.0262 1928 Running under WOW64
02:38:22.0262 1928 Processor architecture: Intel x64
02:38:22.0262 1928 Number of processors: 4
02:38:22.0262 1928 Page size: 0x1000
02:38:22.0262 1928 Boot type: Normal boot
02:38:22.0262 1928 ============================================================
02:38:23.0307 1928 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:38:23.0307 1928 Drive \Device\Harddisk1\DR1 - Size: 0x7840FE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:38:23.0307 1928 ============================================================
02:38:23.0307 1928 \Device\Harddisk0\DR0:
02:38:23.0307 1928 MBR partitions:
02:38:23.0307 1928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:38:23.0307 1928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
02:38:23.0307 1928 \Device\Harddisk1\DR1:
02:38:23.0307 1928 MBR partitions:
02:38:23.0307 1928 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
02:38:23.0307 1928 ============================================================
02:38:23.0338 1928 C: <-> \Device\Harddisk0\DR0\Partition2
02:38:23.0338 1928 ============================================================
02:38:23.0338 1928 Initialize success
02:38:23.0338 1928 ============================================================
02:38:39.0672 2508 ============================================================
02:38:39.0672 2508 Scan started
02:38:39.0672 2508 Mode: Manual; SigCheck; TDLFS;
02:38:39.0672 2508 ============================================================
02:38:40.0186 2508 ================ Scan system memory ========================
02:38:40.0186 2508 System memory - ok
02:38:40.0186 2508 ================ Scan services =============================
02:38:40.0296 2508 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
02:38:40.0374 2508 1394ohci - ok
02:38:40.0389 2508 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
02:38:40.0405 2508 ACPI - ok
02:38:40.0420 2508 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
02:38:40.0452 2508 AcpiPmi - ok
02:38:40.0530 2508 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:38:40.0545 2508 AdobeARMservice - ok
02:38:40.0623 2508 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:38:40.0639 2508 AdobeFlashPlayerUpdateSvc - ok
02:38:40.0670 2508 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:38:40.0686 2508 adp94xx - ok
02:38:40.0701 2508 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:38:40.0717 2508 adpahci - ok
02:38:40.0717 2508 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:38:40.0732 2508 adpu320 - ok
02:38:40.0764 2508 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:38:40.0857 2508 AeLookupSvc - ok
02:38:40.0888 2508 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
02:38:40.0920 2508 AFD - ok
02:38:40.0935 2508 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
02:38:40.0951 2508 agp440 - ok
02:38:40.0966 2508 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:38:41.0013 2508 ALG - ok
02:38:41.0013 2508 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
02:38:41.0029 2508 aliide - ok
02:38:41.0138 2508 ALSysIO - ok
02:38:41.0169 2508 [ 0D9598C1FD091F07757B45C6A6F6C535 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:38:41.0216 2508 AMD External Events Utility - ok
02:38:41.0232 2508 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
02:38:41.0247 2508 amdide - ok
02:38:41.0247 2508 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:38:41.0278 2508 AmdK8 - ok
02:38:41.0278 2508 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:38:41.0310 2508 AmdPPM - ok
02:38:41.0341 2508 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:38:41.0356 2508 amdsata - ok
02:38:41.0372 2508 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:38:41.0388 2508 amdsbs - ok
02:38:41.0388 2508 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:38:41.0403 2508 amdxata - ok
02:38:41.0450 2508 [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
02:38:41.0466 2508 AntiVirSchedulerService - ok
02:38:41.0512 2508 [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
02:38:41.0512 2508 AntiVirService - ok
02:38:41.0544 2508 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
02:38:41.0606 2508 AppID - ok
02:38:41.0622 2508 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:38:41.0668 2508 AppIDSvc - ok
02:38:41.0684 2508 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
02:38:41.0700 2508 Appinfo - ok
02:38:41.0715 2508 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:38:41.0731 2508 arc - ok
02:38:41.0731 2508 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:38:41.0746 2508 arcsas - ok
02:38:41.0824 2508 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:38:41.0840 2508 aspnet_state - ok
02:38:41.0871 2508 [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
02:38:41.0887 2508 AsrAppCharger - ok
02:38:41.0902 2508 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
02:38:41.0918 2508 asusgsb ( UnsignedFile.Multi.Generic ) - warning
02:38:41.0918 2508 asusgsb - detected UnsignedFile.Multi.Generic (1)
02:38:41.0949 2508 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:38:42.0012 2508 AsyncMac - ok
02:38:42.0027 2508 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
02:38:42.0043 2508 atapi - ok
02:38:42.0058 2508 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
02:38:42.0074 2508 AtiHdmiService - ok
02:38:42.0168 2508 [ 7052120D5AB25AB292E8C9DA46BB2FE1 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
02:38:42.0261 2508 atikmdag - ok
02:38:42.0277 2508 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:38:42.0324 2508 AudioEndpointBuilder - ok
02:38:42.0324 2508 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:38:42.0355 2508 AudioSrv - ok
02:38:42.0386 2508 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
02:38:42.0386 2508 avgntflt - ok
02:38:42.0417 2508 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
02:38:42.0417 2508 avipbb - ok
02:38:42.0433 2508 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
02:38:42.0448 2508 avkmgr - ok
02:38:42.0480 2508 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:38:42.0542 2508 AxInstSV - ok
02:38:42.0573 2508 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:38:42.0620 2508 b06bdrv - ok
02:38:42.0636 2508 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:38:42.0682 2508 b57nd60a - ok
02:38:42.0714 2508 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:38:42.0745 2508 BDESVC - ok
02:38:42.0760 2508 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:38:42.0807 2508 Beep - ok
02:38:42.0854 2508 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
02:38:42.0901 2508 BFE - ok
02:38:42.0932 2508 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
02:38:42.0963 2508 BITS - ok
02:38:42.0979 2508 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:38:42.0994 2508 blbdrive - ok
02:38:43.0026 2508 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:38:43.0057 2508 bowser - ok
02:38:43.0072 2508 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:38:43.0104 2508 BrFiltLo - ok
02:38:43.0104 2508 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:38:43.0119 2508 BrFiltUp - ok
02:38:43.0150 2508 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
02:38:43.0182 2508 Browser - ok
02:38:43.0197 2508 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:38:43.0228 2508 Brserid - ok
02:38:43.0228 2508 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:38:43.0244 2508 BrSerWdm - ok
02:38:43.0275 2508 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:38:43.0291 2508 BrUsbMdm - ok
02:38:43.0291 2508 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:38:43.0306 2508 BrUsbSer - ok
02:38:43.0322 2508 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:38:43.0338 2508 BTHMODEM - ok
02:38:43.0353 2508 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:38:43.0384 2508 bthserv - ok
02:38:43.0400 2508 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:38:43.0431 2508 cdfs - ok
02:38:43.0447 2508 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:38:43.0447 2508 cdrom - ok
02:38:43.0462 2508 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
02:38:43.0494 2508 CertPropSvc - ok
02:38:43.0494 2508 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:38:43.0509 2508 circlass - ok
02:38:43.0525 2508 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:38:43.0540 2508 CLFS - ok
02:38:43.0587 2508 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:38:43.0603 2508 clr_optimization_v2.0.50727_32 - ok
02:38:43.0618 2508 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:38:43.0634 2508 clr_optimization_v2.0.50727_64 - ok
02:38:43.0696 2508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:38:43.0743 2508 clr_optimization_v4.0.30319_32 - ok
02:38:43.0759 2508 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:38:43.0774 2508 clr_optimization_v4.0.30319_64 - ok
02:38:43.0790 2508 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:38:43.0821 2508 CmBatt - ok
02:38:43.0837 2508 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
02:38:43.0852 2508 cmdide - ok
02:38:43.0868 2508 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
02:38:43.0899 2508 CNG - ok
02:38:43.0915 2508 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:38:43.0915 2508 Compbatt - ok
02:38:43.0946 2508 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
02:38:43.0962 2508 CompositeBus - ok
02:38:43.0962 2508 COMSysApp - ok
02:38:43.0977 2508 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:38:43.0993 2508 crcdisk - ok
02:38:44.0024 2508 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
02:38:44.0040 2508 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:38:44.0040 2508 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:38:44.0071 2508 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
02:38:44.0086 2508 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:38:44.0086 2508 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:38:44.0133 2508 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:38:44.0149 2508 CryptSvc - ok
02:38:44.0180 2508 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
02:38:44.0211 2508 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
02:38:44.0211 2508 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
02:38:44.0227 2508 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:38:44.0289 2508 DcomLaunch - ok
02:38:44.0305 2508 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:38:44.0367 2508 defragsvc - ok
02:38:44.0398 2508 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:38:44.0430 2508 DfsC - ok
02:38:44.0445 2508 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
02:38:44.0508 2508 Dhcp - ok
02:38:44.0523 2508 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:38:44.0586 2508 discache - ok
02:38:44.0617 2508 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:38:44.0617 2508 Disk - ok
02:38:44.0632 2508 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:38:44.0664 2508 Dnscache - ok
02:38:44.0695 2508 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
02:38:44.0742 2508 dot3svc - ok
02:38:44.0757 2508 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
02:38:44.0773 2508 DPS - ok
02:38:44.0804 2508 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:38:44.0820 2508 drmkaud - ok
02:38:44.0851 2508 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:38:44.0866 2508 dtsoftbus01 - ok
02:38:44.0898 2508 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:38:44.0929 2508 DXGKrnl - ok
02:38:44.0929 2508 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:38:44.0960 2508 EapHost - ok
02:38:45.0038 2508 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:38:45.0100 2508 ebdrv - ok
02:38:45.0116 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
02:38:45.0163 2508 EFS - ok
02:38:45.0210 2508 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:38:45.0256 2508 ehRecvr - ok
02:38:45.0272 2508 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:38:45.0319 2508 ehSched - ok
02:38:45.0319 2508 EIO64 - ok
02:38:45.0334 2508 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:38:45.0366 2508 elxstor - ok
02:38:45.0381 2508 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
02:38:45.0412 2508 ErrDev - ok
02:38:45.0428 2508 [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
02:38:45.0444 2508 EtronHub3 - ok
02:38:45.0459 2508 [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
02:38:45.0490 2508 EtronXHCI - ok
02:38:45.0506 2508 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:38:45.0537 2508 EventSystem - ok
02:38:45.0553 2508 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:38:45.0584 2508 exfat - ok
02:38:45.0600 2508 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:38:45.0631 2508 fastfat - ok
02:38:45.0662 2508 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
02:38:45.0693 2508 Fax - ok
02:38:45.0693 2508 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:38:45.0693 2508 fdc - ok
02:38:45.0724 2508 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:38:45.0771 2508 fdPHost - ok
02:38:45.0787 2508 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:38:45.0802 2508 FDResPub - ok
02:38:45.0818 2508 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:38:45.0834 2508 FileInfo - ok
02:38:45.0834 2508 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:38:45.0865 2508 Filetrace - ok
02:38:45.0865 2508 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:38:45.0880 2508 flpydisk - ok
02:38:45.0880 2508 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:38:45.0896 2508 FltMgr - ok
02:38:45.0927 2508 [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
02:38:45.0943 2508 FNETTBOH_305 - ok
02:38:45.0958 2508 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
02:38:45.0974 2508 FNETURPX - ok
02:38:46.0005 2508 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
02:38:46.0052 2508 FontCache - ok
02:38:46.0099 2508 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:38:46.0099 2508 FontCache3.0.0.0 - ok
02:38:46.0114 2508 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:38:46.0130 2508 FsDepends - ok
02:38:46.0146 2508 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
02:38:46.0161 2508 fssfltr - ok
02:38:46.0224 2508 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:38:46.0255 2508 fsssvc - ok
02:38:46.0270 2508 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:38:46.0270 2508 Fs_Rec - ok
02:38:46.0302 2508 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:38:46.0317 2508 fvevol - ok
02:38:46.0333 2508 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:38:46.0333 2508 gagp30kx - ok
02:38:46.0348 2508 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
02:38:46.0380 2508 gpsvc - ok
02:38:46.0458 2508 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:38:46.0473 2508 gupdate - ok
02:38:46.0473 2508 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:38:46.0489 2508 gupdatem - ok
02:38:46.0520 2508 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:38:46.0520 2508 gusvc - ok
02:38:46.0551 2508 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:38:46.0582 2508 hcw85cir - ok
02:38:46.0614 2508 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:38:46.0645 2508 HdAudAddService - ok
02:38:46.0676 2508 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
02:38:46.0707 2508 HDAudBus - ok
02:38:46.0723 2508 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:38:46.0738 2508 HidBatt - ok
02:38:46.0754 2508 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:38:46.0770 2508 HidBth - ok
02:38:46.0785 2508 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:38:46.0801 2508 HidIr - ok
02:38:46.0816 2508 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
02:38:46.0863 2508 hidserv - ok
02:38:46.0879 2508 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:38:46.0894 2508 HidUsb - ok
02:38:46.0926 2508 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:38:46.0972 2508 hkmsvc - ok
02:38:46.0988 2508 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:38:47.0019 2508 HomeGroupListener - ok
02:38:47.0035 2508 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:38:47.0050 2508 HomeGroupProvider - ok
02:38:47.0066 2508 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
02:38:47.0082 2508 HpSAMD - ok
02:38:47.0097 2508 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:38:47.0144 2508 HTTP - ok
02:38:47.0191 2508 [ 17EFF7B20F4D110BAEC9652F126A8379 ] HWiNFO32 C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS
02:38:47.0191 2508 HWiNFO32 - ok
02:38:47.0206 2508 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:38:47.0206 2508 hwpolicy - ok
02:38:47.0222 2508 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:38:47.0222 2508 i8042prt - ok
02:38:47.0269 2508 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:38:47.0284 2508 iaStorV - ok
02:38:47.0316 2508 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:38:47.0331 2508 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:38:47.0331 2508 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:38:47.0378 2508 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:38:47.0409 2508 idsvc - ok
02:38:47.0581 2508 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
02:38:47.0784 2508 igfx - ok
02:38:47.0799 2508 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:38:47.0815 2508 iirsp - ok
02:38:47.0846 2508 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
02:38:47.0908 2508 IKEEXT - ok
02:38:47.0986 2508 [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:38:48.0018 2508 IntcAzAudAddService - ok
02:38:48.0064 2508 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
02:38:48.0096 2508 IntcDAud - ok
02:38:48.0111 2508 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
02:38:48.0127 2508 intelide - ok
02:38:48.0174 2508 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:38:48.0189 2508 intelppm - ok
02:38:48.0220 2508 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:38:48.0267 2508 IPBusEnum - ok
02:38:48.0283 2508 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:38:48.0298 2508 IpFilterDriver - ok
02:38:48.0314 2508 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:38:48.0361 2508 iphlpsvc - ok
02:38:48.0361 2508 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:38:48.0376 2508 IPMIDRV - ok
02:38:48.0392 2508 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:38:48.0423 2508 IPNAT - ok
02:38:48.0439 2508 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:38:48.0439 2508 IRENUM - ok
02:38:48.0454 2508 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
02:38:48.0470 2508 isapnp - ok
02:38:48.0486 2508 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
02:38:48.0501 2508 iScsiPrt - ok
02:38:48.0517 2508 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:38:48.0517 2508 kbdclass - ok
02:38:48.0532 2508 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:38:48.0548 2508 kbdhid - ok
02:38:48.0564 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
02:38:48.0564 2508 KeyIso - ok
02:38:48.0595 2508 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:38:48.0595 2508 KSecDD - ok
02:38:48.0610 2508 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:38:48.0610 2508 KSecPkg - ok
02:38:48.0626 2508 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:38:48.0642 2508 ksthunk - ok
02:38:48.0673 2508 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:38:48.0704 2508 KtmRm - ok
02:38:48.0751 2508 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
02:38:48.0782 2508 LanmanServer - ok
02:38:48.0798 2508 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:38:48.0844 2508 LanmanWorkstation - ok
02:38:48.0860 2508 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:38:48.0891 2508 lltdio - ok
02:38:48.0907 2508 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:38:48.0938 2508 lltdsvc - ok
02:38:48.0954 2508 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:38:48.0969 2508 lmhosts - ok
02:38:49.0047 2508 [ 9AD4BEE2FE76D4CA39AC969B617E94FB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:38:49.0063 2508 LMS - ok
02:38:49.0094 2508 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:38:49.0110 2508 LSI_FC - ok
02:38:49.0125 2508 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:38:49.0141 2508 LSI_SAS - ok
02:38:49.0141 2508 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:38:49.0156 2508 LSI_SAS2 - ok
02:38:49.0172 2508 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:38:49.0188 2508 LSI_SCSI - ok
02:38:49.0203 2508 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:38:49.0234 2508 luafv - ok
02:38:49.0266 2508 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
02:38:49.0266 2508 MBAMProtector - ok
02:38:49.0297 2508 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:38:49.0312 2508 MBAMScheduler - ok
02:38:49.0328 2508 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:38:49.0344 2508 MBAMService - ok
02:38:49.0406 2508 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe
02:38:49.0422 2508 McComponentHostService - ok
02:38:49.0453 2508 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:38:49.0484 2508 Mcx2Svc - ok
02:38:49.0484 2508 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:38:49.0484 2508 megasas - ok
02:38:49.0500 2508 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:38:49.0515 2508 MegaSR - ok
02:38:49.0531 2508 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
02:38:49.0531 2508 MEIx64 - ok
02:38:49.0531 2508 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:38:49.0562 2508 MMCSS - ok
02:38:49.0593 2508 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:38:49.0640 2508 Modem - ok
02:38:49.0656 2508 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:38:49.0687 2508 monitor - ok
02:38:49.0718 2508 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:38:49.0734 2508 mouclass - ok
02:38:49.0749 2508 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:38:49.0765 2508 mouhid - ok
02:38:49.0780 2508 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:38:49.0796 2508 mountmgr - ok
02:38:49.0827 2508 MozillaMaintenance - ok
02:38:49.0843 2508 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
02:38:49.0858 2508 mpio - ok
02:38:49.0858 2508 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:38:49.0874 2508 mpsdrv - ok
02:38:49.0905 2508 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:38:49.0952 2508 MpsSvc - ok
02:38:49.0952 2508 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:38:49.0968 2508 MRxDAV - ok
02:38:49.0983 2508 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:38:50.0014 2508 mrxsmb - ok
02:38:50.0014 2508 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:38:50.0046 2508 mrxsmb10 - ok
02:38:50.0046 2508 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:38:50.0061 2508 mrxsmb20 - ok
02:38:50.0077 2508 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
02:38:50.0077 2508 msahci - ok
02:38:50.0092 2508 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
02:38:50.0092 2508 msdsm - ok
02:38:50.0108 2508 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:38:50.0124 2508 MSDTC - ok
02:38:50.0124 2508 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:38:50.0155 2508 Msfs - ok
02:38:50.0170 2508 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:38:50.0202 2508 mshidkmdf - ok
02:38:50.0217 2508 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
02:38:50.0217 2508 msisadrv - ok
02:38:50.0248 2508 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:38:50.0264 2508 MSiSCSI - ok
02:38:50.0264 2508 msiserver - ok
02:38:50.0280 2508 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:38:50.0311 2508 MSKSSRV - ok
02:38:50.0326 2508 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:38:50.0342 2508 MSPCLOCK - ok
02:38:50.0373 2508 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:38:50.0389 2508 MSPQM - ok
02:38:50.0404 2508 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:38:50.0420 2508 MsRPC - ok
02:38:50.0436 2508 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
02:38:50.0436 2508 mssmbios - ok
02:38:50.0451 2508 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:38:50.0482 2508 MSTEE - ok
02:38:50.0498 2508 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:38:50.0514 2508 MTConfig - ok
02:38:50.0514 2508 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:38:50.0529 2508 Mup - ok
02:38:50.0545 2508 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
02:38:50.0607 2508 napagent - ok
02:38:50.0638 2508 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:38:50.0670 2508 NativeWifiP - ok
02:38:50.0732 2508 [ 7F79DA9E719D0774BDBC3622ABD3AFD9 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
02:38:50.0763 2508 NAUpdate - ok
02:38:50.0779 2508 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
02:38:50.0794 2508 NDIS - ok
02:38:50.0810 2508 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:38:50.0826 2508 NdisCap - ok
02:38:50.0841 2508 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:38:50.0872 2508 NdisTapi - ok
02:38:50.0872 2508 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:38:50.0904 2508 Ndisuio - ok
02:38:50.0919 2508 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:38:50.0935 2508 NdisWan - ok
02:38:50.0950 2508 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:38:50.0982 2508 NDProxy - ok
02:38:50.0982 2508 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:38:51.0013 2508 NetBIOS - ok
02:38:51.0028 2508 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:38:51.0060 2508 NetBT - ok
02:38:51.0075 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
02:38:51.0075 2508 Netlogon - ok
02:38:51.0091 2508 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:38:51.0122 2508 Netman - ok
02:38:51.0153 2508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0153 2508 NetMsmqActivator - ok
02:38:51.0184 2508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0184 2508 NetPipeActivator - ok
02:38:51.0200 2508 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:38:51.0231 2508 netprofm - ok
02:38:51.0231 2508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0231 2508 NetTcpActivator - ok
02:38:51.0231 2508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:38:51.0247 2508 NetTcpPortSharing - ok
02:38:51.0262 2508 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:38:51.0278 2508 nfrd960 - ok
02:38:51.0294 2508 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:38:51.0356 2508 NlaSvc - ok
02:38:51.0356 2508 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:38:51.0387 2508 Npfs - ok
02:38:51.0403 2508 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:38:51.0418 2508 nsi - ok
02:38:51.0434 2508 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:38:51.0465 2508 nsiproxy - ok
02:38:51.0496 2508 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:38:51.0528 2508 Ntfs - ok
02:38:51.0543 2508 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:38:51.0574 2508 Null - ok
02:38:51.0606 2508 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:38:51.0621 2508 nvraid - ok
02:38:51.0621 2508 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:38:51.0637 2508 nvstor - ok
02:38:51.0637 2508 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
02:38:51.0652 2508 nv_agp - ok
02:38:51.0668 2508 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
02:38:51.0684 2508 ohci1394 - ok
02:38:51.0699 2508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:38:51.0746 2508 p2pimsvc - ok
02:38:51.0762 2508 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:38:51.0777 2508 p2psvc - ok
02:38:51.0793 2508 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:38:51.0808 2508 Parport - ok
02:38:51.0824 2508 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:38:51.0840 2508 partmgr - ok
02:38:51.0840 2508 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:38:51.0871 2508 PcaSvc - ok
02:38:51.0886 2508 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
02:38:51.0886 2508 pci - ok
02:38:51.0918 2508 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
02:38:51.0918 2508 pciide - ok
02:38:51.0933 2508 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:38:51.0933 2508 pcmcia - ok
02:38:51.0964 2508 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:38:51.0964 2508 pcw - ok
02:38:51.0980 2508 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:38:52.0011 2508 PEAUTH - ok
02:38:52.0058 2508 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:38:52.0089 2508 PerfHost - ok
02:38:52.0105 2508 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
02:38:52.0167 2508 pla - ok
02:38:52.0214 2508 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:38:52.0276 2508 PlugPlay - ok
02:38:52.0308 2508 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:38:52.0354 2508 PNRPAutoReg - ok
02:38:52.0386 2508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:38:52.0401 2508 PNRPsvc - ok
02:38:52.0417 2508 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:38:52.0464 2508 PolicyAgent - ok
02:38:52.0479 2508 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:38:52.0510 2508 Power - ok
02:38:52.0526 2508 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:38:52.0557 2508 PptpMiniport - ok
02:38:52.0557 2508 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:38:52.0573 2508 Processor - ok
02:38:52.0604 2508 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
02:38:52.0635 2508 ProfSvc - ok
02:38:52.0635 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:38:52.0651 2508 ProtectedStorage - ok
02:38:52.0666 2508 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:38:52.0729 2508 Psched - ok
02:38:52.0744 2508 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:38:52.0776 2508 ql2300 - ok
02:38:52.0791 2508 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:38:52.0807 2508 ql40xx - ok
02:38:52.0822 2508 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:38:52.0838 2508 QWAVE - ok
02:38:52.0854 2508 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:38:52.0869 2508 QWAVEdrv - ok
02:38:52.0869 2508 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:38:52.0900 2508 RasAcd - ok
02:38:52.0932 2508 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:38:52.0947 2508 RasAgileVpn - ok
02:38:52.0963 2508 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:38:52.0994 2508 RasAuto - ok
02:38:53.0010 2508 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:38:53.0041 2508 Rasl2tp - ok
02:38:53.0056 2508 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
02:38:53.0088 2508 RasMan - ok
02:38:53.0103 2508 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:38:53.0150 2508 RasPppoe - ok
02:38:53.0166 2508 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:38:53.0212 2508 RasSstp - ok
02:38:53.0228 2508 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:38:53.0275 2508 rdbss - ok
02:38:53.0290 2508 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:38:53.0306 2508 rdpbus - ok
02:38:53.0322 2508 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:38:53.0353 2508 RDPCDD - ok
02:38:53.0353 2508 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:38:53.0384 2508 RDPENCDD - ok
02:38:53.0400 2508 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:38:53.0431 2508 RDPREFMP - ok
02:38:53.0446 2508 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:38:53.0493 2508 RDPWD - ok
02:38:53.0493 2508 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:38:53.0509 2508 rdyboost - ok
02:38:53.0540 2508 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:38:53.0571 2508 RemoteAccess - ok
02:38:53.0587 2508 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:38:53.0618 2508 RemoteRegistry - ok
02:38:53.0618 2508 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:38:53.0665 2508 RpcEptMapper - ok
02:38:53.0665 2508 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:38:53.0680 2508 RpcLocator - ok
02:38:53.0712 2508 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
02:38:53.0743 2508 RpcSs - ok
02:38:53.0758 2508 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:38:53.0805 2508 rspndr - ok
02:38:53.0836 2508 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:38:53.0852 2508 RTL8167 - ok
02:38:53.0852 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
02:38:53.0868 2508 SamSs - ok
02:38:53.0883 2508 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
02:38:53.0883 2508 sbp2port - ok
02:38:53.0899 2508 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:38:53.0930 2508 SCardSvr - ok
02:38:53.0946 2508 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:38:53.0961 2508 scfilter - ok
02:38:53.0992 2508 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
02:38:54.0024 2508 Schedule - ok
02:38:54.0055 2508 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:38:54.0086 2508 SCPolicySvc - ok
02:38:54.0102 2508 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:38:54.0133 2508 SDRSVC - ok
02:38:54.0148 2508 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:38:54.0211 2508 secdrv - ok
02:38:54.0226 2508 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
02:38:54.0242 2508 seclogon - ok
02:38:54.0258 2508 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
02:38:54.0289 2508 SENS - ok
02:38:54.0289 2508 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:38:54.0304 2508 SensrSvc - ok
02:38:54.0304 2508 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:38:54.0320 2508 Serenum - ok
02:38:54.0336 2508 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:38:54.0367 2508 Serial - ok
02:38:54.0382 2508 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:38:54.0398 2508 sermouse - ok
02:38:54.0414 2508 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
02:38:54.0460 2508 SessionEnv - ok
02:38:54.0460 2508 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
02:38:54.0476 2508 sffdisk - ok
02:38:54.0492 2508 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:38:54.0492 2508 sffp_mmc - ok
02:38:54.0492 2508 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
02:38:54.0507 2508 sffp_sd - ok
02:38:54.0523 2508 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:38:54.0523 2508 sfloppy - ok
02:38:54.0538 2508 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:38:54.0601 2508 SharedAccess - ok
02:38:54.0632 2508 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:38:54.0663 2508 ShellHWDetection - ok
02:38:54.0679 2508 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:38:54.0694 2508 SiSRaid2 - ok
02:38:54.0710 2508 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:38:54.0726 2508 SiSRaid4 - ok
02:38:54.0741 2508 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:38:54.0788 2508 Smb - ok
02:38:54.0804 2508 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:38:54.0835 2508 SNMPTRAP - ok
02:38:54.0850 2508 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
02:38:54.0866 2508 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:38:54.0866 2508 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:38:54.0882 2508 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:38:54.0897 2508 spldr - ok
02:38:54.0928 2508 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
02:38:54.0960 2508 Spooler - ok
02:38:55.0006 2508 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
02:38:55.0053 2508 sppsvc - ok
02:38:55.0084 2508 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:38:55.0131 2508 sppuinotify - ok
02:38:55.0147 2508 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
02:38:55.0178 2508 srv - ok
02:38:55.0194 2508 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:38:55.0225 2508 srv2 - ok
02:38:55.0256 2508 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:38:55.0272 2508 srvnet - ok
02:38:55.0303 2508 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:38:55.0334 2508 SSDPSRV - ok
02:38:55.0350 2508 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:38:55.0381 2508 SstpSvc - ok
02:38:55.0396 2508 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:38:55.0396 2508 stexstor - ok
02:38:55.0428 2508 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
02:38:55.0443 2508 stisvc - ok
02:38:55.0459 2508 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
02:38:55.0459 2508 swenum - ok
02:38:55.0474 2508 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:38:55.0521 2508 swprv - ok
02:38:55.0552 2508 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
02:38:55.0584 2508 SysMain - ok
02:38:55.0599 2508 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:38:55.0615 2508 TabletInputService - ok
02:38:55.0630 2508 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
02:38:55.0662 2508 TapiSrv - ok
02:38:55.0677 2508 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:38:55.0693 2508 TBS - ok
02:38:55.0740 2508 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:38:55.0786 2508 Tcpip - ok
02:38:55.0818 2508 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:38:55.0833 2508 TCPIP6 - ok
02:38:55.0849 2508 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:38:55.0880 2508 tcpipreg - ok
02:38:55.0880 2508 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:38:55.0896 2508 TDPIPE - ok
02:38:55.0927 2508 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:38:55.0958 2508 TDTCP - ok
02:38:55.0958 2508 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:38:55.0989 2508 tdx - ok
02:38:56.0005 2508 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
02:38:56.0020 2508 TermDD - ok
02:38:56.0036 2508 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
02:38:56.0067 2508 TermService - ok
02:38:56.0098 2508 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:38:56.0114 2508 Themes - ok
02:38:56.0130 2508 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:38:56.0161 2508 THREADORDER - ok
02:38:56.0161 2508 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:38:56.0192 2508 TrkWks - ok
02:38:56.0223 2508 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:38:56.0239 2508 TrustedInstaller - ok
02:38:56.0254 2508 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:38:56.0286 2508 tssecsrv - ok
02:38:56.0317 2508 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:38:56.0364 2508 tunnel - ok
02:38:56.0364 2508 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:38:56.0379 2508 uagp35 - ok
02:38:56.0395 2508 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:38:56.0442 2508 udfs - ok
02:38:56.0473 2508 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:38:56.0473 2508 UI0Detect - ok
02:38:56.0488 2508 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
02:38:56.0504 2508 uliagpkx - ok
02:38:56.0504 2508 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:38:56.0520 2508 umbus - ok
02:38:56.0520 2508 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:38:56.0535 2508 UmPass - ok
02:38:56.0629 2508 [ CD114CE02A10FA79C229770788106842 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:38:56.0660 2508 UNS - ok
02:38:56.0676 2508 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:38:56.0707 2508 upnphost - ok
02:38:56.0722 2508 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:38:56.0738 2508 usbccgp - ok
02:38:56.0754 2508 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
02:38:56.0769 2508 usbcir - ok
02:38:56.0769 2508 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
02:38:56.0785 2508 usbehci - ok
02:38:56.0800 2508 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:38:56.0816 2508 usbhub - ok
02:38:56.0816 2508 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:38:56.0832 2508 usbohci - ok
02:38:56.0863 2508 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:38:56.0894 2508 usbprint - ok
02:38:56.0925 2508 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:38:56.0941 2508 usbscan - ok
02:38:56.0956 2508 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:38:56.0988 2508 USBSTOR - ok
02:38:57.0003 2508 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
02:38:57.0019 2508 usbuhci - ok
02:38:57.0034 2508 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:38:57.0050 2508 UxSms - ok
02:38:57.0066 2508 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
02:38:57.0066 2508 VaultSvc - ok
02:38:57.0081 2508 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
02:38:57.0081 2508 vdrvroot - ok
02:38:57.0097 2508 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
02:38:57.0128 2508 vds - ok
02:38:57.0144 2508 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:38:57.0159 2508 vga - ok
02:38:57.0175 2508 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:38:57.0206 2508 VgaSave - ok
02:38:57.0206 2508 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
02:38:57.0222 2508 vhdmp - ok
02:38:57.0222 2508 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
02:38:57.0237 2508 viaide - ok
02:38:57.0253 2508 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
02:38:57.0253 2508 volmgr - ok
02:38:57.0268 2508 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:38:57.0268 2508 volmgrx - ok
02:38:57.0300 2508 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
02:38:57.0300 2508 volsnap - ok
02:38:57.0331 2508 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:38:57.0331 2508 vsmraid - ok
02:38:57.0362 2508 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
02:38:57.0409 2508 VSS - ok
02:38:57.0424 2508 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
02:38:57.0440 2508 vwifibus - ok
02:38:57.0456 2508 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:38:57.0487 2508 W32Time - ok
02:38:57.0487 2508 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:38:57.0502 2508 WacomPen - ok
02:38:57.0518 2508 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:38:57.0565 2508 WANARP - ok
02:38:57.0565 2508 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:38:57.0580 2508 Wanarpv6 - ok
02:38:57.0643 2508 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:38:57.0674 2508 WatAdminSvc - ok
02:38:57.0705 2508 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
02:38:57.0736 2508 wbengine - ok
02:38:57.0752 2508 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:38:57.0768 2508 WbioSrvc - ok
02:38:57.0783 2508 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:38:57.0814 2508 wcncsvc - ok
02:38:57.0814 2508 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:38:57.0830 2508 WcsPlugInService - ok
02:38:57.0892 2508 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
02:38:57.0908 2508 WCUService_STC_IE - ok
02:38:57.0924 2508 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:38:57.0939 2508 Wd - ok
02:38:57.0939 2508 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:38:57.0955 2508 Wdf01000 - ok
02:38:57.0970 2508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:38:58.0002 2508 WdiServiceHost - ok
02:38:58.0002 2508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:38:58.0002 2508 WdiSystemHost - ok
02:38:58.0033 2508 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
02:38:58.0048 2508 WebClient - ok
02:38:58.0064 2508 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:38:58.0111 2508 Wecsvc - ok
02:38:58.0126 2508 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:38:58.0189 2508 wercplsupport - ok
02:38:58.0204 2508 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:38:58.0220 2508 WerSvc - ok
02:38:58.0236 2508 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:38:58.0251 2508 WfpLwf - ok
02:38:58.0267 2508 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:38:58.0282 2508 WIMMount - ok
02:38:58.0298 2508 WinDefend - ok
02:38:58.0298 2508 WinHttpAutoProxySvc - ok
02:38:58.0329 2508 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:38:58.0376 2508 Winmgmt - ok
02:38:58.0423 2508 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
02:38:58.0454 2508 WinRM - ok
02:38:58.0501 2508 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:38:58.0532 2508 WinUsb - ok
02:38:58.0548 2508 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:38:58.0579 2508 Wlansvc - ok
02:38:58.0641 2508 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:38:58.0657 2508 wlcrasvc - ok
02:38:58.0735 2508 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:38:58.0766 2508 wlidsvc - ok
02:38:58.0782 2508 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
02:38:58.0782 2508 WmiAcpi - ok
02:38:58.0797 2508 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:38:58.0828 2508 wmiApSrv - ok
02:38:58.0828 2508 WMPNetworkSvc - ok
02:38:58.0844 2508 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:38:58.0860 2508 WPCSvc - ok
02:38:58.0875 2508 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:38:58.0922 2508 WPDBusEnum - ok
02:38:58.0922 2508 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:38:58.0984 2508 ws2ifsl - ok
02:38:59.0000 2508 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
02:38:59.0016 2508 wscsvc - ok
02:38:59.0016 2508 WSearch - ok
02:38:59.0078 2508 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
02:38:59.0125 2508 wuauserv - ok
02:38:59.0140 2508 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:38:59.0172 2508 WudfPf - ok
02:38:59.0203 2508 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:38:59.0218 2508 WUDFRd - ok
02:38:59.0234 2508 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:38:59.0265 2508 wudfsvc - ok
02:38:59.0281 2508 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:38:59.0296 2508 WwanSvc - ok
02:38:59.0296 2508 ================ Scan global ===============================
02:38:59.0312 2508 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:38:59.0328 2508 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
02:38:59.0328 2508 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
02:38:59.0359 2508 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:38:59.0374 2508 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:38:59.0374 2508 [Global] - ok
02:38:59.0374 2508 ================ Scan MBR ==================================
02:38:59.0390 2508 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:38:59.0546 2508 \Device\Harddisk0\DR0 - ok
02:38:59.0546 2508 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk1\DR1
02:38:59.0686 2508 \Device\Harddisk1\DR1 - ok
02:38:59.0686 2508 ================ Scan VBR ==================================
02:38:59.0686 2508 [ DDAB35212EAF7CD46AA5AAAEFF1F1F0D ] \Device\Harddisk0\DR0\Partition1
02:38:59.0686 2508 \Device\Harddisk0\DR0\Partition1 - ok
02:38:59.0718 2508 [ B8EB3376BF3FE0BBEE9400EBFA6894A1 ] \Device\Harddisk0\DR0\Partition2
02:38:59.0718 2508 \Device\Harddisk0\DR0\Partition2 - ok
02:38:59.0718 2508 [ EBE63DDAE4DD5E8AFEB29838BBB7FFD0 ] \Device\Harddisk1\DR1\Partition1
02:38:59.0718 2508 \Device\Harddisk1\DR1\Partition1 - ok
02:38:59.0718 2508 ============================================================
02:38:59.0718 2508 Scan finished
02:38:59.0718 2508 ============================================================
02:38:59.0733 1256 Detected object count: 6
02:38:59.0733 1256 Actual detected object count: 6
02:39:12.0338 1256 asusgsb ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256 asusgsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:39:12.0338 1256 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:39:12.0338 1256 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:39:12.0338 1256 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:39:12.0338 1256 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:39:12.0338 1256 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:39:12.0338 1256 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:39:48.0022 1416 Deinitialize success
|
|
26.11.2012, 16:44
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche google Weiterleitung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2012, 08:49
| #13 |
| | Falsche google WeiterleitungCode:
ATTFilter Combofix Logfile: |
|
05.12.2012, 15:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Falsche google Weiterleitung adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2012, 22:34
| #15 |
| | Falsche google Weiterleitung AdwCleaner[R2].txt Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 05/12/2012 um 22:33:58 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Aydin - AYDIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aydin\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.1 (de)
Profilname : default
Datei : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\prefs.js
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{972ce4c6-7e08-4474-a285-320[...]
Profilname : default
Datei : C:\Users\K D R\AppData\Roaming\Mozilla\Firefox\Profiles\6riju77y.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\kadir\AppData\Roaming\Mozilla\Firefox\Profiles\xgtmjevw.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\mcjolb7e.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.2.1578.0
Datei : C:\Users\Aydin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\lütfiye\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\K D R\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\kadir\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4250 octets] - [14/10/2012 13:31:13]
AdwCleaner[R2].txt - [1895 octets] - [05/12/2012 22:33:58]
AdwCleaner[S1].txt - [4157 octets] - [14/10/2012 13:31:30]
########## EOF - C:\AdwCleaner[R2].txt - [2015 octets] ##########
---- AdwCleaner[R1].txt Code:
ATTFilter # AdwCleaner v2.004 - Datei am 14/10/2012 um 14:31:13 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Aydin - AYDIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aydin\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\splashtop
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\splashtop
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\K D R\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\kadir\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\kadir\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\lütfiye\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\lütfiye\AppData\LocalLow\Search Settings
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKU\S-1-5-21-843483253-1178590098-1577449472-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Profilname : default
Datei : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{972ce4c6-7e08-4474-a285-320[...]
Profilname : default
Datei : C:\Users\K D R\AppData\Roaming\Mozilla\Firefox\Profiles\6riju77y.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\kadir\AppData\Roaming\Mozilla\Firefox\Profiles\xgtmjevw.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=d[...]
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\mcjolb7e.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.2.1578.0
Datei : C:\Users\Aydin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\lütfiye\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\K D R\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\kadir\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4127 octets] - [14/10/2012 14:31:13]
########## EOF - C:\AdwCleaner[R1].txt - [4187 octets] ##########
Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 14/10/2012 um 14:31:30 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Aydin - AYDIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aydin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\searchplugins\Askcom.xml
Gelöscht mit Neustart : C:\Program Files (x86)\splashtop
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\splashtop
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\K D R\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\kadir\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\kadir\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\lütfiye\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\lütfiye\AppData\LocalLow\Search Settings
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Aydin\AppData\Roaming\Mozilla\Firefox\Profiles\c2zd0oxl.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Profilname : default
Datei : C:\Users\lütfiye\AppData\Roaming\Mozilla\Firefox\Profiles\x47lumlg.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{972ce4c6-7e08-4474-a285-320[...]
Profilname : default
Datei : C:\Users\K D R\AppData\Roaming\Mozilla\Firefox\Profiles\6riju77y.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\kadir\AppData\Roaming\Mozilla\Firefox\Profiles\xgtmjevw.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=d[...]
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\mcjolb7e.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.2.1578.0
Datei : C:\Users\Aydin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\lütfiye\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\K D R\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\kadir\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4250 octets] - [14/10/2012 14:31:13]
AdwCleaner[S1].txt - [4034 octets] - [14/10/2012 14:31:30]
########## EOF - C:\AdwCleaner[S1].txt - [4094 octets] ##########
Geändert von Kunde7 (05.12.2012 um 22:38 Uhr) Grund: alte Logs von AdwCleaner hinzugefügt |
|
| Themen zu Falsche google Weiterleitung |
| antivir, application/pdf:, autorun, avira, bho, converter, downloader, error, fehler, firefox, flash player, google, helper, home, install.exe, logfile, plug-in, problem, prozess, realtek, registry, rundll, scan, security, shopseite, software, suchmaschine, total commander, usb, windows, youtube downloader |
Linear-Darstellung
