| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: IncrediBarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.09.2012, 14:19
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  IncrediBar Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=eda76485-7be8-42e7-892e-90d50e1ec4d0&affid=111583&searchtype=ds&babsrc=lnkry&q="
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chrissy.Chrissy-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD - Verknüpfung.lnk = C:\Program Files (x86)\QuietHDD\quietHDD.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-367710948-1802681718-1598313182-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed4946a5-e1da-11e1-8bdf-c5ad293d02f6}\Shell - "" = AutoRun
O33 - MountPoints2\{ed4946a5-e1da-11e1-8bdf-c5ad293d02f6}\Shell\AutoRun\command - "" = E:\Startme.exe
:Files
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{*
C:\Users\Chrissy.Chrissy-PC\FreeYouTubeDownload3131706.exe
C:\Windows\dsez4196.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.09.2012, 12:29
| #17 |
 | IncrediBar Als ich auf Fix geklickt habe, hab ich ausversehen Firefox noch offen gehabt, wurde aber automatisch geschlossen. Nach dem Fix erfolgte ein Neustart, mystart.incredibar aber nach wie vor da.
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=eda76485-7be8-42e7-892e-90d50e1ec4d0&affid=111583&searchtype=ds&babsrc=lnkry&q=" removed from keyword.URL
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD - Verknüpfung.lnk moved successfully.
C:\Program Files (x86)\QuietHDD\quietHDD.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed4946a5-e1da-11e1-8bdf-c5ad293d02f6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed4946a5-e1da-11e1-8bdf-c5ad293d02f6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed4946a5-e1da-11e1-8bdf-c5ad293d02f6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed4946a5-e1da-11e1-8bdf-c5ad293d02f6}\ not found.
File E:\Startme.exe not found.
========== FILES ==========
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{00471C80-FF91-4A50-8B8E-048939378107} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{01000B7F-FA69-45A9-BB85-EF330F458B6F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{01121D3D-5F0A-4929-BA06-F0934213AC89} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{011372F8-7811-475A-BE36-1F6D1D43E9EB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{013B00D2-0FB9-47EA-8B19-3A43563A09D3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0153BC91-20CE-42EC-9035-73DFD892F3AF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{01E005BE-C56B-4489-B9CE-F32B1F054FFB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{02752FC0-7333-42A8-B743-8FD1ABDCFD8E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{03E0D3BD-6009-475F-923B-93D6B282820C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{045CDA0C-9427-4050-B01E-C402989A6A8A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{04B3A584-7C3E-46DF-84A0-BB1E8ECB5C17} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{05AEE628-7C36-4BE8-A5D5-E4435489C1CF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{06767D08-9773-4F79-8C30-8B73F2AC3E21} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{06D7C87A-625B-4993-BA62-53DCD56FD632} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{072B4090-963F-4383-A948-B0D201E8CB8F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0745B969-860E-490D-9620-9637B3D4C61F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{076A6CD4-B94A-4A25-9C37-5F9389456C00} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{088B7618-6896-4177-8265-4AE61FDD4373} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{094FAAD9-1281-451B-BEC6-56314AD218B4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0C06CC46-9DD8-4C20-B57F-4F88683D28B3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0CA0DC45-1ABB-4E91-A414-E36F8AD6DB23} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0D3BC676-E9AA-42B9-ADC9-AC691DA1D05D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0E5A34B8-CC40-4EA6-A1BA-60A601A9D142} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0E75D002-9380-42D4-BB3A-234B26B4A981} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0E8F189E-9E80-44A3-9932-695B009A3AFE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0EBB5D60-D238-42AB-AF14-1CFE7722F5A5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0F0EAE54-41B7-47C5-893A-852BD85AC733} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0FC9381A-46C0-43EE-888D-275A2228E354} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{0FF8ADBE-8E89-4BC3-80A5-512B1BC6AF0A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{10AABF93-9000-47F8-B648-D1D1CEA75605} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1141870B-488C-44E0-A192-AE9F7F426E4B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{11B3E1E3-9B78-4A17-82A2-29CBEEE17B1F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{11F42C54-191A-4DC1-A594-29894BF7AA2D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{129D3CEE-C610-4C57-B22C-1CCFFA6BE4D3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{13C75DE6-3452-4A98-B7BD-7D2794A02784} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1427D96B-5558-47BA-ABE4-4AF4B64A949E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1480C395-E34C-489E-A885-B412EB2382A8} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{14A9575D-8C39-49A4-9059-B70B32F74A03} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1542D559-CF6A-455B-B580-E8396DE86197} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1611047B-E28D-4B05-A068-EF6E8546D4D9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1624E0CD-8697-4FF1-A596-A5CF47CB0368} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{162A9878-837A-4ADF-966C-013DCC475538} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1661F033-3A1F-4E4B-B298-AAA4905E3E5B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{17002780-70D3-4F73-9BCF-1D69EA8F2851} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{18A494B2-56BB-41DA-AEAB-989AE14651D7} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{18DCB2CC-D1FB-4E96-AD90-D63C40CE77A7} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{19C24439-9AD5-42A6-9F73-14B07B4FFF43} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1A104598-8079-4AC0-9EE0-E2F2F8FC1187} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1B2359ED-10F5-423B-9014-E4E1F1D342D1} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1B894FFC-6C7F-4AD6-939C-49FA52025272} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1BC2ED76-1911-4AD9-A1B5-A1BC8F2CD923} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1BE5A1BC-03B8-424F-9B2A-6CC42CB15647} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1CA0824C-32D1-49A0-8599-C7B78089168A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1F07CA1B-821D-45A2-B196-2E65232D0DD4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1F8D5A30-CAEE-4725-9910-E130B7560F69} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{1F8F4F21-23BD-40AA-BD19-33404DCE145F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{214176EF-D13A-4511-9C88-EEB0DB478FBB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{228A00C3-4A68-4F0B-9FC0-14CF151C681C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{22F43920-0673-4DE3-BC90-E84EB8F95234} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{236D5288-8D5F-45F9-803E-57C42FFAE877} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{23BA76DD-D9DF-4D7B-8BBE-1E08C1ADF3A6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{251745C6-6CB8-448E-8D35-43D862416935} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{25AEB218-E40C-44D0-8BF9-64CAB714DB5F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{25CD3788-AFF5-4E24-B68B-42A110F5E4CC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{26159BA4-D30A-4FA3-9E87-3D801DF6DF71} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{261A53CB-9340-43A7-821E-10F62F860575} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{26DE1BD5-1320-4C43-9B6F-A84CF6A612FD} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{2779E8D2-E9C5-43DB-A1CA-75E57ECAAD3F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{28CC213A-E531-49CA-BFEC-D2901727C78C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{290EB4FC-E767-45EA-A521-1E583FFFF997} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{296A77CF-0916-4CB3-ABE8-26B0BEF1EBFE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{2CA91DC4-A3EC-4CC9-9302-3C0A2B45FC2A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{2D07C8D3-0214-4ABA-985E-4D1A2EACB5C9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{2D46E801-B6D5-4294-AC60-D9CCD8C99FF1} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{2DE61AC3-D1D9-45C1-95C8-E514FD42E0FC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{2EFA77B2-819C-4CF0-BBC4-29BDA4235293} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{311D9038-BC9F-460C-8B09-78DFD700728E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3177F58A-4378-435B-8B54-E8E95C5043A9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3183E06E-8B39-4008-8569-0C176FF1E669} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{31F73FDD-950F-4431-A1B7-22D5EF6B9F21} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{321DF445-B1C7-48D2-A752-7FA65EA2E9A9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{346F531C-4F46-4BA7-B192-B709923FC6AD} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{35AF156C-D8D1-42F7-AB82-17F0CFD809B9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{35BF6F28-6382-4AAD-ABAA-D63D2BCBDADC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{36EF7E72-2A16-42DB-831A-8B6059AF002E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3732DF46-5AF1-4CAF-B9F9-82B922B41864} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{373E5B9C-B88B-4E58-A50A-69E016D88BE1} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3756CDCB-ABC4-4E6C-BAC0-1AED95CB900E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{37EA3A82-6829-4B3C-B1FD-B13E02DAE9D0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{38885621-12E3-46AF-A144-4FF26E36BB26} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{388931CC-C766-4C53-8B3A-30EE8F71FB82} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3897D760-855C-4FE8-AE28-7F2AD084EF52} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{389C8542-B925-4148-A35B-2F480A2A25F0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3A86D292-9907-49C3-9E5F-48F26598F433} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3B9E8182-F249-429B-883C-F566628B5F70} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3E7F076C-3AFE-4B10-92FD-116D575F3FDB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{3F232D92-F4FE-4F53-A361-2B655AF64EBE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{40345CA7-4614-48F8-9D93-C93F0BDC6FA6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{40BB53EB-9ABB-4487-8B21-CD5B2EFBA891} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{40C9B15C-0582-4E7D-8E0F-08B5EE3DC9DD} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4164AAB3-36E8-482F-A65A-D9FD3CFDACF0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{430D93E1-99CB-43E1-924D-3978C66A3614} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{432F39E0-DB18-48C0-BFD1-B786077602B5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{434819E4-F100-4FA3-BA7F-44F549F4739E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4405D21E-75E8-443C-A4CC-2EE2CDC84B5B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{486872D6-E7CB-4A6F-8BDD-E62583C7C8CE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{48AD7A6E-F326-4A34-A29D-E8135F73E575} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{496CDBA9-C8F2-485C-AAFB-5E42652ED468} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4973A741-19C6-4CBA-9173-AE21CAC6B4DF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{49E4875C-68D6-43BA-BB0C-53F34317C686} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4BC528B3-D362-4FBD-A250-E7A822EAF8B0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4C083621-05D9-41FA-B2DB-A44BDF3DF8A8} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4CC39524-C315-4263-8851-FEEBCBEF3940} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4F100D38-82C0-4B3A-ABDC-2324E40A960A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4F7C4FA9-67A8-4111-A4E6-C1B1125CFEA6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{4FC4C2A6-6F59-407D-A0D2-56366472FC03} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{50F5F91F-5E69-4CBE-B154-7476E6264884} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{51EC0A3E-5C3C-42F3-9628-DEB7AC03FC13} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{53BA84E7-8576-4EA5-B4E8-3FA57D166A3A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{556F7893-AE26-4DB5-B1B2-D8A631F66C60} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5570CD7B-E934-426E-A363-EC4C612E947C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{56E795C3-ECDE-4D80-8353-763344751CF1} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5748BE49-2440-4FDA-8D81-7F8FD76FA628} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{57D656CD-A7FD-4035-8ABB-1FA49BEA078F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{58040C17-3BF8-484A-A444-5AF0EF3CC15C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{582DC747-591D-4EF5-A56A-6B30BB43DE60} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5A4E4A12-8E0C-4C64-B384-5B4B0FE62CB9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5A4EFA86-FCFE-41B0-8FC0-1358692C4774} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5AF015AC-AA15-413D-B261-4BC3D22DDA6F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5BFA3004-8C1B-4E49-A5D7-BEDC5641357D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5C31DC27-2206-404C-9B6A-5E938AD8DDCB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5CAFFA75-3266-427D-B116-1416E20AD4DB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5DC5AC65-23FF-43E6-A2B8-12497BB51FC6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5DCA47CA-A6D9-4E7E-9A11-73E8A2E18DA0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5DD8456C-832B-422C-AA8D-DDE962B651D2} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5E20B99E-599F-4F18-9381-209D561686E3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5F38E850-967D-4F71-B3A4-E3FD0DCC1F05} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{5F8422ED-8273-4FD2-B823-1EADDFBFD008} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6013C16B-358A-4EB4-A9AE-124926721805} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{617B205E-1DF5-45A9-9E8C-AE44AABC05F5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{61C2ECCD-5433-4079-83B8-3EEAAE5F5D91} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{629FEAF4-C333-4B23-8FCA-7A00874919B3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6358A295-A1E6-45EB-917E-9FF90A1AF15A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{63B9D60E-E664-4701-9227-5E6DF7CFC88A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6431A744-8C10-4751-AEDD-555A4AC7EA20} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{64E2DCFB-B5A9-402B-B9FA-DD0DCD0BB0F4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{65791155-D74D-4EE7-93FD-283D241111AC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{660E1CC8-9FE1-4E1D-8FC6-C86F025D54C9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{66C566C0-958E-4AD4-BBA8-1769BBC1566A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{66E659A5-9499-4065-A121-E48BA20E8944} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{66EAA9CC-EF30-48B4-A72D-286D57E226D5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{672E635A-7D52-4139-B71D-F650BA8919B9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{686B98F9-2FB4-41C4-88AF-B913BD70EAF6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{68AD771A-3E36-4887-A627-50A9A5262313} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{693619FA-A09E-4F9E-A016-8A1E0D9C138C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6ADE2F6B-8DDC-40DB-A88B-6F64621E4D44} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6B345762-3284-4F37-BFD0-C7F80932746F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6B816FC3-A034-4A51-BDCC-8A3947A3A5EF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6C123741-4894-4E1A-8AAA-96D973DB17DD} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6C1DC4FE-ABD7-4A0A-8406-15303C0ED167} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6CD77B8C-6A31-4768-A1F8-59608E3FB250} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6E15CFCE-767A-42DA-B07C-7B21E1F03525} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6E40E075-9D0B-4DF3-8FBF-F5523D1A9D07} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{6FB98564-4E9B-47B2-95D0-70C2050A9C5D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7007BAFA-0E9B-4741-B022-3D0F11C7672B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{704B0C50-E2E3-4B2B-8A46-950B915C7574} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7099906B-9E09-4761-B5F5-7C979A214BE9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{71604BAC-39B9-4F44-981A-CD90C8831DFE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{71C24742-5C85-44BA-8210-F6EE22017061} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{72AFA06E-D781-4854-9764-642F4B3D0E4D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{73BAC846-A913-48C8-85B8-8260158DA773} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{73FC4C38-AB1D-48B8-AD17-07DC3C31E1ED} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{75C947C1-0B54-4062-9452-3BC9FB6366BA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{75DF32A3-F664-411F-944D-856B576D7F2E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{760E6F34-861E-43C4-8BD6-E29942B4C317} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{765B9051-9C8E-4D6C-8A82-15F1A1E691CB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7731E720-A6B2-4312-8262-A376C816B7DE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{778D6AD8-404B-4A0B-B14C-9F84383C4DB2} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7790D7F9-BA45-4BF9-8133-0420E0AA40B7} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{788DAE77-9348-4816-8AB2-32862B9FD032} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{78F9581F-ED7B-48EA-A190-252416A61F48} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7950BD34-DA8B-4411-BD13-60CC79EBB38E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{79D7372B-C1A7-4B11-AA0F-5CDA1DBBB1AA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7BC3BEDB-64D0-4DF0-B3F8-1061C86F92FC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7C339FF0-7EF1-4E51-B676-4A7270EB0DF5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7E53B24E-E2F4-44D2-9678-35702846F33D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7EAE7DFD-2394-4A17-98B0-002FA8674B5C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{7EBD479F-BE2C-4EE3-83E9-01FF6EF0159D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8004921E-8961-4526-AEE7-BB6F629B850E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{809496E3-DF4E-4291-80E2-B105056FB523} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{80BE7F63-DFF6-479E-8CBF-1B4DD61C9849} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{829750D5-9109-40C3-AD28-8D87FFF10FB4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{841D643B-1C5D-4420-9208-38459E3C7AC8} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8441E814-6FB1-4C05-95FB-DE7FA28B2BD4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{844E5224-75F3-4412-8321-72649D8C9E04} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8477FC15-8396-48FF-8ADF-FE955BB746AD} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{85B8560E-9CD5-45A5-8424-FC467A3A43EF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{86413C64-83C9-4CF9-803A-672B400B9AFF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8906652A-7B47-48B4-ABE8-3E7397FDCEED} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{89AA96AD-C18D-42E2-9129-FA0D8B591A3C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8C2D72E4-D09A-479F-BB51-3B44E6911202} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8C5251E5-40EC-434C-9427-C2574007C0A2} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8C6A366F-CA7D-4A17-AF6C-F4BA3CF10F9B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{8F212FAE-274C-454A-BDD3-73DF34251BAA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9071CCBD-80AC-45C7-A250-047587A1999D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{90CAC770-FCDA-44DF-8173-6FECB8049555} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9282FA45-CD23-4BFF-A298-CECE611B8CBE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{92DF1A58-FD11-4007-897A-497061D99B89} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{932757A7-676E-4329-8067-BA1EFFEF9ADC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9419E911-37FC-4F8E-8ED1-88BC9DB50CEF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{94C501AE-FCA0-49B3-8A00-CBA3570AF9D4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{94DC08D8-22A4-42DB-A886-CAC6CE5FF374} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{95153B7A-471C-4598-961B-E21512A48CA7} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{95585C4A-1047-49D9-B871-4BADC5244651} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{95CC90A9-FEDA-4A7A-8C5C-816E782B1506} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{960A63F8-A8F1-4A19-9689-ED8F9E884332} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9651AAF6-FFAF-4AD6-8243-34982EB2B758} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{97929621-2D3F-40C8-95D1-098CFF0F12AA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{97FB20C3-5137-44D8-AA3E-FEC32A83DDDB} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{984028EE-6A43-45D0-ABF7-B295970F6094} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{993C6162-88CE-4E6A-82FD-B69D68CDB9FC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{998AE0FB-0BA9-41B8-9681-A6EFB92A61D9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9B2C9937-CF9A-461C-AA93-DB5C724B5C7B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9BDC250C-7C31-45CE-8496-5B05DCA1A400} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9C11F493-2CCF-47A8-9DC9-34DD8B830F65} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9D5D7065-8368-43A5-82CE-69C17E3E0401} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9DB64394-B17B-4EA6-8DDB-57719502319D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9E4270BD-47CC-4A56-83EA-9A9B6D2DA54F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9E7F763E-3A25-4534-859E-FD7AC8F197B9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9EC31C55-4617-4207-A11C-5CBE52E58DEA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9F0BA3FF-686F-4517-A144-A76A2FB0FE71} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{9F66962B-236C-4055-8B7A-11A4407A72FF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A009FEE4-CB6E-49A6-9743-E6778A7A429B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A372030F-60CF-4C5D-B2D9-163270D5EC8C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A42921AB-62B2-4953-A113-E0F17A441E86} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A44371C4-F822-4DB7-9E14-EA4D2A465808} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A5476C98-A594-4C1B-B60A-14E350AC967B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A55D2022-2492-43A6-B68E-A62ED6A9FAFC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A5CA8109-1751-4801-86A2-C431BDA9BBD5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A5D627D4-F17D-48ED-972B-92715E672845} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A5E20856-1519-4FE8-A36E-B98CB866D5B9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A6CF1F1F-A53C-4D5E-A385-6EC5F3C5E485} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A80E6349-E22D-4F12-A52E-231C47D7589D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A841740E-F19A-4C1D-B1C9-43759DEA19D9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{A865DFD0-AE01-4502-A1C2-B9F0611EE496} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{ACE43C9C-EADD-44D0-B4DA-54E3970F55C0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{AD9901AC-B0B8-42E0-9269-EB763BCA6FC0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{ADBFDF57-CCC5-432F-8879-F2BE859124B3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{AE040DDC-3262-4B4E-9E86-04BD477442F1} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{AF685DEC-2A5D-459D-9A61-63E551A8CCC7} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B01A2721-00AD-4C9A-882D-1F9EC9F40D57} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B0E49E56-0E62-4687-A001-3520D0A75DE0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B1217520-B291-4576-8D38-775B7101E564} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B19CBC9D-8044-4134-B48C-B4916A55E46C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B1C7B8D7-284D-4137-9CB0-A519ADDA90FD} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B373BC7F-8269-4FA1-92AD-C8FF2BE2D9DE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B3898F43-A15C-4324-96DF-C86FBA3F91BD} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B38D73A6-F5D8-4BEC-BE85-1A68E21BBF4A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B422325B-9850-4BE6-9DD9-4961B68FE649} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B4258195-7F53-495D-8546-A00726D36B3D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B5D953C7-B1BC-4F72-8118-272F8928AC64} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B6B825E4-3DD2-4967-B9BA-5E7E9D3423C9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B6CD7871-2F33-498D-A438-8533D91F4C97} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B70E321E-353F-4DB8-A8A1-A620B65A40F2} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B73EDABC-07AB-4284-990D-32E6A35DE7D3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B8A06D65-4869-4437-8F47-9970F3E89741} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B8BAB62E-B7AD-43EF-BF06-9435E3F1B305} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{B8CAF2C7-BB71-4C5C-B97D-E73D72E678AF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BAEE612F-CD6B-473F-AD5D-3BCA6D140C99} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BB5C16B6-0C56-4588-A3C1-92273E1FB62D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BB90F6EB-D86A-411C-8AC2-1E593CAEF039} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BBBB1485-8C96-4B05-922B-C82893E2AE61} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BC7B5334-E561-4ADF-A7FE-360B9048FA42} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BC86C280-144D-4FF4-96CD-80C3E2C6A653} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BCC7E26E-3830-4EB7-A940-C8202C2B6A64} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BD66EEFA-ACA0-47E3-AD85-4B24C329DDD6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BDCBF30A-35BA-4769-8A56-A7157C2273AA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BE2A6F0E-28C4-4359-BE56-72FB6D72B700} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BE458CB8-F673-4BBC-9B70-A46F6AE7A2BA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BE46B08D-ACD9-49D2-8D6F-9372E573512E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{BE972D7D-3291-410A-9AD0-0F7AAA3D028E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C0330076-F3DB-4ECD-BE8F-6C4154F17974} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C0D167D1-43BB-40E2-B717-35AABD856086} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C1CF43D9-ED20-45D3-BCD3-6DB65D7C14EC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C273485A-0B20-45E6-A8D8-DA067EE189D3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C37A3946-1603-451F-8A53-C6DEA07211D9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C454B140-D52E-48B5-A0D3-54FF6917788B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C520DAA9-07A6-4E4C-8C3B-ACF842639B52} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C72BC50A-ADB5-46A7-A9BD-E14BAC069BD5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C75A2DA7-CFF3-4D7D-94EC-89D816A1F04B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C84C7D31-86E2-4571-9879-13115B20F653} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C8687859-294D-478F-93D3-A0BD211D8432} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C8F634EC-2322-41D0-83B1-9A8C8144DD3F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{C9BC0F83-9936-4B0C-A338-00011BFD068F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{CAA18828-AB8C-4D77-B6C3-71D500B3C7D7} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{CBAFED4A-C24C-4C00-98E1-BAC42CBBFDEE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{CC82B620-0F0B-490F-8F4A-11620B0F5B65} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{CCA2386F-5FCB-47E5-9703-C7D9DCC25A4B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{CD701D42-F490-48BB-922C-D386A030DA60} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{CF11A99A-445C-493F-8CC8-8FCCC08E9FE6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{CF8E6460-DD60-46A8-8CF0-736D8E493A09} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D0BFD479-7CC1-4BA6-819A-2BB145161B41} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D1F4A787-2594-4183-B755-842F2F112340} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D3FC4E46-EA41-4C41-84DE-1F46FA9D55F5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D4C022C9-835B-4658-BC29-C9FAADF703B8} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D4D934B5-70C8-41A0-84E0-20F639CEA654} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D53D1B8F-7A21-451A-8D2C-31F57CB0469C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D6349CA8-B442-4E03-90DD-895FD1885CB1} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D677323E-3593-47D1-BE32-DFA657CC1081} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D70C577A-E5CF-4D0D-8951-99E1E4312BE3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D7AF9DE3-BB83-4503-992F-D27C5E74C32D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D84EE429-83B9-41C1-9A5B-15DA07289A55} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D8F2A9FB-1E80-4A91-A7CF-FAF5CFA32C1D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{D91AC834-9134-4AA1-9C36-F5640DDAEF96} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{DB3F2C47-DC87-46C1-A40F-D6ECF4F55031} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{DC0A67E9-93E7-4B11-AFB3-0904895A4202} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{DC53EF1F-BEF4-4332-9A6E-4B62B9ADD364} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{DDEF28E9-0E3B-42BC-8562-083B33C83B11} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{E3104A40-CE20-4790-87E4-13FA30FDE5D0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{E57DC1D0-B189-43D0-BC44-F8EAF151034D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{E60C4389-1BF0-4986-A675-6EAD3DD247B4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{E6608E99-3377-4073-B7B1-4DE625332847} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{E6625F87-2038-4AE7-8285-A3001972174B} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{E80E59CA-B0A8-407C-968F-6D58E14686F5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{E823B25A-3EC7-41E9-8E11-EAA9B4E95A3A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{EBDBDDBD-6227-45A7-B423-6CCBB718B3CF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{EC325C1A-8870-4AD3-9AC2-5091A1CBC4B8} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{EC83923E-E8FE-4A4C-8CA7-2A69E24C5CC2} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{ED079CA4-5918-4E1B-8C5C-4DA077C1CEDA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{ED4FE05A-B2F9-49D0-AD91-E0E528F34EC1} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{EEA35AC4-F93D-43E3-A12E-6134C1B7D4C9} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{EFCA1A3E-FAB1-4526-B23A-328875189D8C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F013DBC7-FE33-401C-80A8-D92A29D497A6} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F01E98B0-795E-46EE-9697-44EF1DF87D07} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F029820B-1A8F-41D1-9529-650B2056D94E} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F16C4221-F802-4117-AC16-48E67BF7B611} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F26A6D50-3D2C-4A1A-A683-7EF2B04F09CC} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F3ABBA81-E355-413F-83F1-FEF96854267C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F46E7EF4-107A-441A-B8FA-29DA1B4F9A62} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F5842936-D566-4306-B238-263935A3991D} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F687B5D1-5D9A-4C5B-A8E6-BFEEEA4E4CBF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F69F4BE5-CFCB-4B23-B546-29CE50E8D4CA} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F6F0D42E-C972-40F5-8278-1596E9EC1ED5} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F727E4A0-9D68-4113-A751-7FE371AD91B0} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F7AE945F-1FA8-41E8-8C44-71EC1E75D950} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F7B855CA-52E0-4E54-A162-5D2A990102FE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F806C562-6A97-432E-AA47-76DAE7FEF4BE} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F89984CA-BB29-4E54-893C-54E20938A189} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F91A4217-637E-4E8C-9649-7BA8D8FA8E48} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F96F7936-2AF6-4E27-BCAB-3996B0656956} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{F9B2D188-CA0D-4896-8C42-486839119EA3} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{FA354BD5-E18B-437B-AC08-F34C553EADB4} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{FB37D9A2-EAA9-41CA-A708-FA272CBDA71C} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{FDFAC760-1FD0-4E2C-B7BD-CB96C5B6A09A} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{FE18F141-4CF0-4239-BA1F-3348EA40BF53} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{FE2E38CF-2A2F-41A2-B88E-4C3D5E1EF0BF} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{FF9EE941-5E8E-4F4C-BF71-8C54E12E29D7} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\AppData\Local\{FFFB433E-C329-4173-88D8-C6BDF78AEB3F} folder moved successfully.
C:\Users\Chrissy.Chrissy-PC\FreeYouTubeDownload3131706.exe moved successfully.
C:\Windows\dsez4196.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Chrissy.Chrissy-PC\Desktop\cmd.bat deleted successfully.
C:\Users\Chrissy.Chrissy-PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Chrissy
->Temp folder emptied: 50175 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Chrissy.Chrissy-PC
->Temp folder emptied: 267501515 bytes
->Temporary Internet Files folder emptied: 2478605 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1132050122 bytes
->Flash cache emptied: 1805 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3146148 bytes
Session Manager Temp folder emptied: 75903310 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes
RecycleBin emptied: 1774881723 bytes
Total Files Cleaned = 3.105,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.68.0 log created on 09282012_132135
Files\Folders moved on Reboot...
C:\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
28.09.2012, 14:24
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IncrediBar Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
28.09.2012, 19:09
| #19 |
| | IncrediBarCode:
ATTFilter 20:05:14.0069 1236 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:05:14.0193 1236 ============================================================
20:05:14.0193 1236 Current date / time: 2012/09/28 20:05:14.0193
20:05:14.0193 1236 SystemInfo:
20:05:14.0193 1236
20:05:14.0193 1236 OS Version: 6.1.7601 ServicePack: 1.0
20:05:14.0193 1236 Product type: Workstation
20:05:14.0193 1236 ComputerName: CHRISSY-PC
20:05:14.0193 1236 UserName: Chrissy
20:05:14.0193 1236 Windows directory: C:\Windows
20:05:14.0193 1236 System windows directory: C:\Windows
20:05:14.0193 1236 Running under WOW64
20:05:14.0193 1236 Processor architecture: Intel x64
20:05:14.0193 1236 Number of processors: 4
20:05:14.0193 1236 Page size: 0x1000
20:05:14.0193 1236 Boot type: Normal boot
20:05:14.0193 1236 ============================================================
20:05:15.0098 1236 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:05:15.0098 1236 ============================================================
20:05:15.0098 1236 \Device\Harddisk0\DR0:
20:05:15.0098 1236 MBR partitions:
20:05:15.0098 1236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:05:15.0098 1236 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:05:15.0098 1236 ============================================================
20:05:15.0129 1236 C: <-> \Device\Harddisk0\DR0\Partition2
20:05:15.0129 1236 ============================================================
20:05:15.0129 1236 Initialize success
20:05:15.0129 1236 ============================================================
20:06:57.0694 1428 ============================================================
20:06:57.0694 1428 Scan started
20:06:57.0694 1428 Mode: Manual; SigCheck; TDLFS;
20:06:57.0694 1428 ============================================================
20:06:57.0803 1428 ================ Scan system memory ========================
20:06:57.0803 1428 System memory - ok
20:06:57.0818 1428 ================ Scan services =============================
20:06:58.0037 1428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:06:58.0349 1428 1394ohci - ok
20:06:58.0396 1428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:06:58.0427 1428 ACPI - ok
20:06:58.0458 1428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:06:58.0567 1428 AcpiPmi - ok
20:06:58.0661 1428 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:06:58.0692 1428 AdobeARMservice - ok
20:06:58.0723 1428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:06:58.0770 1428 adp94xx - ok
20:06:58.0801 1428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:06:58.0832 1428 adpahci - ok
20:06:58.0848 1428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:06:58.0879 1428 adpu320 - ok
20:06:58.0910 1428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:06:59.0098 1428 AeLookupSvc - ok
20:06:59.0144 1428 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
20:06:59.0222 1428 AFD - ok
20:06:59.0269 1428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:06:59.0285 1428 agp440 - ok
20:06:59.0300 1428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:06:59.0363 1428 ALG - ok
20:06:59.0394 1428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:06:59.0410 1428 aliide - ok
20:06:59.0425 1428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:06:59.0441 1428 amdide - ok
20:06:59.0472 1428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:06:59.0519 1428 AmdK8 - ok
20:06:59.0534 1428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:06:59.0566 1428 AmdPPM - ok
20:06:59.0581 1428 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:06:59.0612 1428 amdsata - ok
20:06:59.0628 1428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:06:59.0659 1428 amdsbs - ok
20:06:59.0675 1428 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:06:59.0690 1428 amdxata - ok
20:06:59.0722 1428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:06:59.0987 1428 AppID - ok
20:07:00.0034 1428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:07:00.0143 1428 AppIDSvc - ok
20:07:00.0174 1428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:07:00.0268 1428 Appinfo - ok
20:07:00.0314 1428 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:07:00.0377 1428 AppMgmt - ok
20:07:00.0408 1428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:07:00.0424 1428 arc - ok
20:07:00.0455 1428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:07:00.0470 1428 arcsas - ok
20:07:00.0517 1428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:00.0626 1428 AsyncMac - ok
20:07:00.0642 1428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:07:00.0658 1428 atapi - ok
20:07:00.0720 1428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:07:00.0860 1428 AudioEndpointBuilder - ok
20:07:00.0876 1428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:07:00.0970 1428 AudioSrv - ok
20:07:01.0016 1428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:07:01.0126 1428 AxInstSV - ok
20:07:01.0172 1428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:07:01.0235 1428 b06bdrv - ok
20:07:01.0266 1428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:01.0313 1428 b57nd60a - ok
20:07:01.0360 1428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:07:01.0422 1428 BDESVC - ok
20:07:01.0438 1428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:07:01.0531 1428 Beep - ok
20:07:01.0578 1428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:07:01.0703 1428 BFE - ok
20:07:01.0765 1428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:07:01.0921 1428 BITS - ok
20:07:01.0937 1428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:07:01.0968 1428 blbdrive - ok
20:07:01.0999 1428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:07:02.0046 1428 bowser - ok
20:07:02.0062 1428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:07:02.0108 1428 BrFiltLo - ok
20:07:02.0124 1428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:07:02.0155 1428 BrFiltUp - ok
20:07:02.0202 1428 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
20:07:02.0311 1428 Browser - ok
20:07:02.0311 1428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:07:02.0374 1428 Brserid - ok
20:07:02.0374 1428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:02.0420 1428 BrSerWdm - ok
20:07:02.0420 1428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:02.0467 1428 BrUsbMdm - ok
20:07:02.0467 1428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:02.0498 1428 BrUsbSer - ok
20:07:02.0514 1428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:07:02.0561 1428 BTHMODEM - ok
20:07:02.0623 1428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:07:02.0717 1428 bthserv - ok
20:07:02.0732 1428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:07:02.0873 1428 cdfs - ok
20:07:02.0920 1428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:07:02.0935 1428 cdrom - ok
20:07:02.0982 1428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:07:03.0076 1428 CertPropSvc - ok
20:07:03.0107 1428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:07:03.0154 1428 circlass - ok
20:07:03.0185 1428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:07:03.0216 1428 CLFS - ok
20:07:03.0294 1428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:03.0310 1428 clr_optimization_v2.0.50727_32 - ok
20:07:03.0372 1428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:03.0388 1428 clr_optimization_v2.0.50727_64 - ok
20:07:03.0403 1428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:07:03.0434 1428 CmBatt - ok
20:07:03.0466 1428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:07:03.0481 1428 cmdide - ok
20:07:03.0528 1428 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
20:07:03.0590 1428 CNG - ok
20:07:03.0622 1428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:07:03.0637 1428 Compbatt - ok
20:07:03.0653 1428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:07:03.0715 1428 CompositeBus - ok
20:07:03.0731 1428 COMSysApp - ok
20:07:03.0762 1428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:07:03.0778 1428 crcdisk - ok
20:07:03.0824 1428 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:07:03.0918 1428 CryptSvc - ok
20:07:03.0965 1428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:07:04.0027 1428 CSC - ok
20:07:04.0058 1428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:07:04.0152 1428 CscService - ok
20:07:04.0214 1428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:07:04.0339 1428 DcomLaunch - ok
20:07:04.0370 1428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:07:04.0480 1428 defragsvc - ok
20:07:04.0495 1428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:07:04.0604 1428 DfsC - ok
20:07:04.0636 1428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:07:04.0729 1428 Dhcp - ok
20:07:04.0760 1428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:07:04.0854 1428 discache - ok
20:07:04.0916 1428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:07:04.0948 1428 Disk - ok
20:07:04.0979 1428 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:07:05.0026 1428 dmvsc - ok
20:07:05.0057 1428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:07:05.0119 1428 Dnscache - ok
20:07:05.0150 1428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:07:05.0260 1428 dot3svc - ok
20:07:05.0291 1428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:07:05.0384 1428 DPS - ok
20:07:05.0416 1428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:07:05.0462 1428 drmkaud - ok
20:07:05.0509 1428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:07:05.0572 1428 DXGKrnl - ok
20:07:05.0587 1428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:07:05.0696 1428 EapHost - ok
20:07:05.0790 1428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:07:05.0946 1428 ebdrv - ok
20:07:05.0993 1428 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
20:07:06.0024 1428 EFS - ok
20:07:06.0102 1428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:07:06.0180 1428 ehRecvr - ok
20:07:06.0196 1428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:07:06.0242 1428 ehSched - ok
20:07:06.0305 1428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:07:06.0336 1428 elxstor - ok
20:07:06.0352 1428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:07:06.0383 1428 ErrDev - ok
20:07:06.0461 1428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:07:06.0570 1428 EventSystem - ok
20:07:06.0601 1428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:07:06.0695 1428 exfat - ok
20:07:06.0726 1428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:07:06.0820 1428 fastfat - ok
20:07:06.0866 1428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:07:06.0960 1428 Fax - ok
20:07:06.0991 1428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:07:07.0022 1428 fdc - ok
20:07:07.0054 1428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:07:07.0147 1428 fdPHost - ok
20:07:07.0163 1428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:07:07.0272 1428 FDResPub - ok
20:07:07.0288 1428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:07:07.0303 1428 FileInfo - ok
20:07:07.0350 1428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:07:07.0444 1428 Filetrace - ok
20:07:07.0459 1428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:07:07.0475 1428 flpydisk - ok
20:07:07.0506 1428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:07:07.0537 1428 FltMgr - ok
20:07:07.0584 1428 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
20:07:07.0724 1428 FontCache - ok
20:07:07.0787 1428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:07:07.0802 1428 FontCache3.0.0.0 - ok
20:07:07.0818 1428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:07:07.0834 1428 FsDepends - ok
20:07:07.0880 1428 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:07:07.0896 1428 Fs_Rec - ok
20:07:07.0927 1428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:07:07.0958 1428 fvevol - ok
20:07:08.0005 1428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:07:08.0021 1428 gagp30kx - ok
20:07:08.0083 1428 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
20:07:08.0208 1428 ggflt - ok
20:07:08.0270 1428 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
20:07:08.0286 1428 ggsemc - ok
20:07:08.0348 1428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:07:08.0458 1428 gpsvc - ok
20:07:08.0504 1428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:07:08.0551 1428 hcw85cir - ok
20:07:08.0614 1428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:07:08.0660 1428 HdAudAddService - ok
20:07:08.0692 1428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:07:08.0738 1428 HDAudBus - ok
20:07:08.0738 1428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:07:08.0770 1428 HidBatt - ok
20:07:08.0785 1428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:07:08.0832 1428 HidBth - ok
20:07:08.0848 1428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:07:08.0879 1428 HidIr - ok
20:07:08.0910 1428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:07:08.0988 1428 hidserv - ok
20:07:09.0019 1428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:07:09.0050 1428 HidUsb - ok
20:07:09.0066 1428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:07:09.0160 1428 hkmsvc - ok
20:07:09.0175 1428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:07:09.0238 1428 HomeGroupListener - ok
20:07:09.0269 1428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:07:09.0316 1428 HomeGroupProvider - ok
20:07:09.0331 1428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:07:09.0362 1428 HpSAMD - ok
20:07:09.0409 1428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:07:09.0534 1428 HTTP - ok
20:07:09.0550 1428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:07:09.0565 1428 hwpolicy - ok
20:07:09.0581 1428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:07:09.0612 1428 i8042prt - ok
20:07:09.0674 1428 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:07:09.0706 1428 iaStor - ok
20:07:09.0752 1428 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:07:09.0768 1428 IAStorDataMgrSvc - ok
20:07:09.0799 1428 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:07:09.0830 1428 iaStorV - ok
20:07:09.0893 1428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:07:09.0971 1428 idsvc - ok
20:07:10.0314 1428 [ 33FAA40B288002C89529DBD14F3AB72C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:07:10.0844 1428 igfx - ok
20:07:10.0907 1428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:07:10.0922 1428 iirsp - ok
20:07:10.0969 1428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:07:11.0094 1428 IKEEXT - ok
20:07:11.0156 1428 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:07:11.0188 1428 IntcDAud - ok
20:07:11.0203 1428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:07:11.0234 1428 intelide - ok
20:07:11.0266 1428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:07:11.0297 1428 intelppm - ok
20:07:11.0344 1428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:07:11.0437 1428 IPBusEnum - ok
20:07:11.0484 1428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:07:11.0562 1428 IpFilterDriver - ok
20:07:11.0593 1428 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:07:11.0702 1428 iphlpsvc - ok
20:07:11.0718 1428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:07:11.0734 1428 IPMIDRV - ok
20:07:11.0765 1428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:07:11.0858 1428 IPNAT - ok
20:07:11.0890 1428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:07:11.0936 1428 IRENUM - ok
20:07:11.0952 1428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:07:11.0968 1428 isapnp - ok
20:07:11.0999 1428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:07:12.0030 1428 iScsiPrt - ok
20:07:12.0061 1428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:07:12.0092 1428 kbdclass - ok
20:07:12.0124 1428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:07:12.0155 1428 kbdhid - ok
20:07:12.0170 1428 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
20:07:12.0202 1428 KeyIso - ok
20:07:12.0217 1428 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:07:12.0233 1428 KSecDD - ok
20:07:12.0248 1428 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:07:12.0264 1428 KSecPkg - ok
20:07:12.0295 1428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:07:12.0389 1428 ksthunk - ok
20:07:12.0420 1428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:07:12.0529 1428 KtmRm - ok
20:07:12.0560 1428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:07:12.0685 1428 LanmanServer - ok
20:07:12.0732 1428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:07:12.0826 1428 LanmanWorkstation - ok
20:07:12.0872 1428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:07:12.0950 1428 lltdio - ok
20:07:12.0982 1428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:07:13.0091 1428 lltdsvc - ok
20:07:13.0122 1428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:07:13.0216 1428 lmhosts - ok
20:07:13.0247 1428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:07:13.0278 1428 LSI_FC - ok
20:07:13.0309 1428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:07:13.0325 1428 LSI_SAS - ok
20:07:13.0340 1428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:07:13.0356 1428 LSI_SAS2 - ok
20:07:13.0387 1428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:07:13.0403 1428 LSI_SCSI - ok
20:07:13.0418 1428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:07:13.0528 1428 luafv - ok
20:07:13.0559 1428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:07:13.0590 1428 Mcx2Svc - ok
20:07:13.0606 1428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:07:13.0621 1428 megasas - ok
20:07:13.0715 1428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:07:13.0746 1428 MegaSR - ok
20:07:13.0777 1428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:07:13.0871 1428 MMCSS - ok
20:07:13.0886 1428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:07:13.0964 1428 Modem - ok
20:07:14.0027 1428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:07:14.0074 1428 monitor - ok
20:07:14.0105 1428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:07:14.0120 1428 mouclass - ok
20:07:14.0152 1428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:07:14.0167 1428 mouhid - ok
20:07:14.0198 1428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:07:14.0230 1428 mountmgr - ok
20:07:14.0323 1428 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:07:14.0339 1428 MozillaMaintenance - ok
20:07:14.0370 1428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:07:14.0386 1428 mpio - ok
20:07:14.0417 1428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:07:14.0510 1428 mpsdrv - ok
20:07:14.0557 1428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:07:14.0698 1428 MpsSvc - ok
20:07:14.0713 1428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:07:14.0776 1428 MRxDAV - ok
20:07:14.0807 1428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:07:14.0854 1428 mrxsmb - ok
20:07:14.0869 1428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:07:14.0932 1428 mrxsmb10 - ok
20:07:14.0963 1428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:07:14.0978 1428 mrxsmb20 - ok
20:07:15.0010 1428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:07:15.0025 1428 msahci - ok
20:07:15.0041 1428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:07:15.0072 1428 msdsm - ok
20:07:15.0088 1428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:07:15.0119 1428 MSDTC - ok
20:07:15.0134 1428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:07:15.0228 1428 Msfs - ok
20:07:15.0244 1428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:07:15.0337 1428 mshidkmdf - ok
20:07:15.0353 1428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:07:15.0368 1428 msisadrv - ok
20:07:15.0400 1428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:07:15.0509 1428 MSiSCSI - ok
20:07:15.0509 1428 msiserver - ok
20:07:15.0540 1428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:07:15.0680 1428 MSKSSRV - ok
20:07:15.0680 1428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:07:15.0774 1428 MSPCLOCK - ok
20:07:15.0774 1428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:07:15.0868 1428 MSPQM - ok
20:07:15.0899 1428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:07:15.0930 1428 MsRPC - ok
20:07:15.0946 1428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:07:15.0961 1428 mssmbios - ok
20:07:15.0977 1428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:07:16.0055 1428 MSTEE - ok
20:07:16.0070 1428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:07:16.0086 1428 MTConfig - ok
20:07:16.0102 1428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:07:16.0133 1428 Mup - ok
20:07:16.0164 1428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:07:16.0273 1428 napagent - ok
20:07:16.0320 1428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:07:16.0398 1428 NativeWifiP - ok
20:07:16.0445 1428 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:07:16.0523 1428 NDIS - ok
20:07:16.0538 1428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:07:16.0632 1428 NdisCap - ok
20:07:16.0648 1428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:07:16.0741 1428 NdisTapi - ok
20:07:16.0741 1428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:07:16.0835 1428 Ndisuio - ok
20:07:16.0850 1428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:07:16.0944 1428 NdisWan - ok
20:07:16.0975 1428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:07:17.0053 1428 NDProxy - ok
20:07:17.0084 1428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:07:17.0178 1428 NetBIOS - ok
20:07:17.0209 1428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:07:17.0287 1428 NetBT - ok
20:07:17.0318 1428 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
20:07:17.0334 1428 Netlogon - ok
20:07:17.0381 1428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:07:17.0474 1428 Netman - ok
20:07:17.0506 1428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:07:17.0615 1428 netprofm - ok
20:07:17.0677 1428 [ 570813483F26B5C8D984BCA5BB70B50D ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
20:07:17.0771 1428 netr28x - ok
20:07:17.0802 1428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:07:17.0818 1428 NetTcpPortSharing - ok
20:07:17.0864 1428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:07:17.0880 1428 nfrd960 - ok
20:07:17.0911 1428 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:07:18.0020 1428 NlaSvc - ok
20:07:18.0036 1428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:07:18.0130 1428 Npfs - ok
20:07:18.0145 1428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:07:18.0254 1428 nsi - ok
20:07:18.0270 1428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:07:18.0348 1428 nsiproxy - ok
20:07:18.0410 1428 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:07:18.0504 1428 Ntfs - ok
20:07:18.0520 1428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:07:18.0629 1428 Null - ok
20:07:18.0644 1428 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:07:18.0676 1428 nvraid - ok
20:07:18.0691 1428 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:07:18.0707 1428 nvstor - ok
20:07:18.0754 1428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:07:18.0769 1428 nv_agp - ok
20:07:18.0769 1428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:07:18.0816 1428 ohci1394 - ok
20:07:18.0847 1428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:07:18.0894 1428 p2pimsvc - ok
20:07:18.0941 1428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:07:18.0972 1428 p2psvc - ok
20:07:18.0988 1428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:07:19.0003 1428 Parport - ok
20:07:19.0019 1428 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:07:19.0050 1428 partmgr - ok
20:07:19.0066 1428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:07:19.0128 1428 PcaSvc - ok
20:07:19.0144 1428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:07:19.0175 1428 pci - ok
20:07:19.0190 1428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:07:19.0206 1428 pciide - ok
20:07:19.0222 1428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:07:19.0253 1428 pcmcia - ok
20:07:19.0268 1428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:07:19.0284 1428 pcw - ok
20:07:19.0315 1428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:07:19.0440 1428 PEAUTH - ok
20:07:19.0502 1428 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:07:19.0612 1428 PeerDistSvc - ok
20:07:19.0721 1428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:07:19.0752 1428 PerfHost - ok
20:07:19.0830 1428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:07:19.0986 1428 pla - ok
20:07:20.0048 1428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:07:20.0111 1428 PlugPlay - ok
20:07:20.0142 1428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:07:20.0173 1428 PNRPAutoReg - ok
20:07:20.0204 1428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:07:20.0236 1428 PNRPsvc - ok
20:07:20.0267 1428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:07:20.0392 1428 PolicyAgent - ok
20:07:20.0407 1428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:07:20.0516 1428 Power - ok
20:07:20.0563 1428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:07:20.0657 1428 PptpMiniport - ok
20:07:20.0672 1428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:07:20.0704 1428 Processor - ok
20:07:20.0750 1428 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
20:07:20.0844 1428 ProfSvc - ok
20:07:20.0860 1428 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
20:07:20.0891 1428 ProtectedStorage - ok
20:07:20.0922 1428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:07:21.0016 1428 Psched - ok
20:07:21.0078 1428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:07:21.0172 1428 ql2300 - ok
20:07:21.0203 1428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:07:21.0218 1428 ql40xx - ok
20:07:21.0265 1428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:07:21.0312 1428 QWAVE - ok
20:07:21.0328 1428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:07:21.0374 1428 QWAVEdrv - ok
20:07:21.0374 1428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:07:21.0468 1428 RasAcd - ok
20:07:21.0515 1428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:07:21.0608 1428 RasAgileVpn - ok
20:07:21.0640 1428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:07:21.0718 1428 RasAuto - ok
20:07:21.0749 1428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:07:21.0842 1428 Rasl2tp - ok
20:07:21.0858 1428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:07:21.0952 1428 RasMan - ok
20:07:21.0983 1428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:07:22.0076 1428 RasPppoe - ok
20:07:22.0092 1428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:07:22.0201 1428 RasSstp - ok
20:07:22.0232 1428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:07:22.0310 1428 rdbss - ok
20:07:22.0342 1428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:07:22.0373 1428 rdpbus - ok
20:07:22.0388 1428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:07:22.0466 1428 RDPCDD - ok
20:07:22.0513 1428 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:07:22.0560 1428 RDPDR - ok
20:07:22.0560 1428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:07:22.0654 1428 RDPENCDD - ok
20:07:22.0669 1428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:07:22.0747 1428 RDPREFMP - ok
20:07:22.0778 1428 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:07:22.0810 1428 RdpVideoMiniport - ok
20:07:22.0841 1428 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:07:22.0919 1428 RDPWD - ok
20:07:22.0966 1428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:07:22.0981 1428 rdyboost - ok
20:07:23.0012 1428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:07:23.0122 1428 RemoteAccess - ok
20:07:23.0168 1428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:07:23.0262 1428 RemoteRegistry - ok
20:07:23.0278 1428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:07:23.0371 1428 RpcEptMapper - ok
20:07:23.0402 1428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:07:23.0449 1428 RpcLocator - ok
20:07:23.0480 1428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:07:23.0574 1428 RpcSs - ok
20:07:23.0605 1428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:07:23.0699 1428 rspndr - ok
20:07:23.0714 1428 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:07:23.0746 1428 s3cap - ok
20:07:23.0761 1428 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
20:07:23.0792 1428 SamSs - ok
20:07:23.0808 1428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:07:23.0824 1428 sbp2port - ok
20:07:23.0870 1428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:07:23.0964 1428 SCardSvr - ok
20:07:23.0980 1428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:07:24.0073 1428 scfilter - ok
20:07:24.0104 1428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:07:24.0245 1428 Schedule - ok
20:07:24.0260 1428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:07:24.0338 1428 SCPolicySvc - ok
20:07:24.0370 1428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:07:24.0416 1428 SDRSVC - ok
20:07:24.0448 1428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:07:24.0541 1428 secdrv - ok
20:07:24.0572 1428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:07:24.0650 1428 seclogon - ok
20:07:24.0666 1428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:07:24.0760 1428 SENS - ok
20:07:24.0791 1428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:07:24.0838 1428 SensrSvc - ok
20:07:24.0869 1428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:07:24.0900 1428 Serenum - ok
20:07:24.0916 1428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:07:24.0947 1428 Serial - ok
20:07:24.0962 1428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:07:25.0009 1428 sermouse - ok
20:07:25.0056 1428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:07:25.0150 1428 SessionEnv - ok
20:07:25.0165 1428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:07:25.0196 1428 sffdisk - ok
20:07:25.0196 1428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:07:25.0243 1428 sffp_mmc - ok
20:07:25.0243 1428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:07:25.0290 1428 sffp_sd - ok
20:07:25.0290 1428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:07:25.0321 1428 sfloppy - ok
20:07:25.0352 1428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:07:25.0446 1428 SharedAccess - ok
20:07:25.0493 1428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:07:25.0586 1428 ShellHWDetection - ok
20:07:25.0633 1428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:07:25.0649 1428 SiSRaid2 - ok
20:07:25.0680 1428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:07:25.0696 1428 SiSRaid4 - ok
20:07:25.0727 1428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:07:25.0820 1428 Smb - ok
20:07:25.0867 1428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:07:25.0898 1428 SNMPTRAP - ok
20:07:26.0023 1428 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
20:07:26.0039 1428 Sony PC Companion - ok
20:07:26.0070 1428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:07:26.0086 1428 spldr - ok
20:07:26.0101 1428 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:07:26.0210 1428 Spooler - ok
20:07:26.0320 1428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:07:26.0554 1428 sppsvc - ok
20:07:26.0569 1428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:07:26.0663 1428 sppuinotify - ok
20:07:26.0694 1428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:07:26.0756 1428 srv - ok
20:07:26.0772 1428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:07:26.0834 1428 srv2 - ok
20:07:26.0850 1428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:07:26.0881 1428 srvnet - ok
20:07:26.0928 1428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:07:27.0006 1428 SSDPSRV - ok
20:07:27.0037 1428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:07:27.0115 1428 SstpSvc - ok
20:07:27.0224 1428 [ 7BF818B11C1FEDC3E76D233124470A30 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:07:27.0302 1428 STacSV - ok
20:07:27.0334 1428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:07:27.0349 1428 stexstor - ok
20:07:27.0396 1428 [ EBC1A5E076A9BE314D3D9E8ED19ABB0A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:07:27.0458 1428 STHDA - ok
20:07:27.0521 1428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:07:27.0599 1428 stisvc - ok
20:07:27.0614 1428 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:07:27.0646 1428 storflt - ok
20:07:27.0661 1428 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:07:27.0677 1428 storvsc - ok
20:07:27.0692 1428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:07:27.0708 1428 swenum - ok
20:07:27.0755 1428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:07:27.0864 1428 swprv - ok
20:07:27.0895 1428 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
20:07:27.0911 1428 Synth3dVsc - ok
20:07:27.0989 1428 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:07:28.0051 1428 SynTP - ok
20:07:28.0129 1428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:07:28.0254 1428 SysMain - ok
20:07:28.0270 1428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:07:28.0316 1428 TabletInputService - ok
20:07:28.0332 1428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:07:28.0441 1428 TapiSrv - ok
20:07:28.0457 1428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:07:28.0550 1428 TBS - ok
20:07:28.0628 1428 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:07:28.0738 1428 Tcpip - ok
20:07:28.0816 1428 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:07:28.0909 1428 TCPIP6 - ok
20:07:28.0940 1428 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:07:29.0034 1428 tcpipreg - ok
20:07:29.0065 1428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:07:29.0159 1428 TDPIPE - ok
20:07:29.0159 1428 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:07:29.0237 1428 TDTCP - ok
20:07:29.0268 1428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:07:29.0362 1428 tdx - ok
20:07:29.0362 1428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:07:29.0393 1428 TermDD - ok
20:07:29.0424 1428 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
20:07:29.0455 1428 terminpt - ok
20:07:29.0518 1428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:07:29.0642 1428 TermService - ok
20:07:29.0658 1428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:07:29.0689 1428 Themes - ok
20:07:29.0705 1428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:07:29.0798 1428 THREADORDER - ok
20:07:29.0814 1428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:07:29.0908 1428 TrkWks - ok
20:07:29.0970 1428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:07:30.0064 1428 TrustedInstaller - ok
20:07:30.0095 1428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:07:30.0173 1428 tssecsrv - ok
20:07:30.0204 1428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:07:30.0266 1428 TsUsbFlt - ok
20:07:30.0282 1428 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:07:30.0298 1428 TsUsbGD - ok
20:07:30.0329 1428 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
20:07:30.0344 1428 tsusbhub - ok
20:07:30.0376 1428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:07:30.0469 1428 tunnel - ok
20:07:30.0485 1428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:07:30.0516 1428 uagp35 - ok
20:07:30.0532 1428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:07:30.0656 1428 udfs - ok
20:07:30.0703 1428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:07:30.0734 1428 UI0Detect - ok
20:07:30.0766 1428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:07:30.0781 1428 uliagpkx - ok
20:07:30.0812 1428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:07:30.0875 1428 umbus - ok
20:07:30.0875 1428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:07:30.0906 1428 UmPass - ok
20:07:30.0937 1428 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:07:30.0984 1428 UmRdpService - ok
20:07:31.0015 1428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:07:31.0124 1428 upnphost - ok
20:07:31.0156 1428 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:07:31.0187 1428 usbccgp - ok
20:07:31.0202 1428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:07:31.0249 1428 usbcir - ok
20:07:31.0265 1428 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:07:31.0280 1428 usbehci - ok
20:07:31.0312 1428 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:07:31.0358 1428 usbhub - ok
20:07:31.0374 1428 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:07:31.0405 1428 usbohci - ok
20:07:31.0436 1428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:07:31.0483 1428 usbprint - ok
20:07:31.0546 1428 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:07:31.0577 1428 usbscan - ok
20:07:31.0592 1428 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:07:31.0639 1428 USBSTOR - ok
20:07:31.0639 1428 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:07:31.0670 1428 usbuhci - ok
20:07:31.0717 1428 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:07:31.0764 1428 usbvideo - ok
20:07:31.0780 1428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:07:31.0889 1428 UxSms - ok
20:07:31.0904 1428 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
20:07:31.0936 1428 VaultSvc - ok
20:07:31.0967 1428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:07:31.0982 1428 vdrvroot - ok
20:07:31.0998 1428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:07:32.0107 1428 vds - ok
20:07:32.0138 1428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:07:32.0170 1428 vga - ok
20:07:32.0201 1428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:07:32.0294 1428 VgaSave - ok
20:07:32.0294 1428 VGPU - ok
20:07:32.0310 1428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:07:32.0341 1428 vhdmp - ok
20:07:32.0372 1428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:07:32.0388 1428 viaide - ok
20:07:32.0419 1428 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:07:32.0450 1428 vmbus - ok
20:07:32.0466 1428 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:07:32.0513 1428 VMBusHID - ok
20:07:32.0528 1428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:07:32.0544 1428 volmgr - ok
20:07:32.0575 1428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:07:32.0606 1428 volmgrx - ok
20:07:32.0622 1428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:07:32.0653 1428 volsnap - ok
20:07:32.0684 1428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:07:32.0716 1428 vsmraid - ok
20:07:32.0778 1428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:07:32.0950 1428 VSS - ok
20:07:32.0965 1428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:07:33.0012 1428 vwifibus - ok
20:07:33.0028 1428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:07:33.0074 1428 vwififlt - ok
20:07:33.0137 1428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:07:33.0230 1428 W32Time - ok
20:07:33.0262 1428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:07:33.0308 1428 WacomPen - ok
20:07:33.0340 1428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:07:33.0418 1428 WANARP - ok
20:07:33.0433 1428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:07:33.0511 1428 Wanarpv6 - ok
20:07:33.0574 1428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:07:33.0667 1428 wbengine - ok
20:07:33.0698 1428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:07:33.0745 1428 WbioSrvc - ok
20:07:33.0776 1428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:07:33.0839 1428 wcncsvc - ok
20:07:33.0854 1428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:07:33.0901 1428 WcsPlugInService - ok
20:07:33.0932 1428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:07:33.0948 1428 Wd - ok
20:07:33.0979 1428 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:07:34.0026 1428 Wdf01000 - ok
20:07:34.0042 1428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:07:34.0151 1428 WdiServiceHost - ok
20:07:34.0151 1428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:07:34.0198 1428 WdiSystemHost - ok
20:07:34.0229 1428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:07:34.0291 1428 WebClient - ok
20:07:34.0322 1428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:07:34.0432 1428 Wecsvc - ok
20:07:34.0447 1428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:07:34.0541 1428 wercplsupport - ok
20:07:34.0572 1428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:07:34.0666 1428 WerSvc - ok
20:07:34.0681 1428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:07:34.0759 1428 WfpLwf - ok
20:07:34.0790 1428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:07:34.0806 1428 WIMMount - ok
20:07:34.0822 1428 WinDefend - ok
20:07:34.0822 1428 WinHttpAutoProxySvc - ok
20:07:34.0884 1428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:07:34.0978 1428 Winmgmt - ok
20:07:35.0056 1428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:07:35.0227 1428 WinRM - ok
20:07:35.0305 1428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:07:35.0352 1428 WinUsb - ok
20:07:35.0399 1428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:07:35.0492 1428 Wlansvc - ok
20:07:35.0602 1428 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:07:35.0742 1428 wlidsvc - ok
20:07:35.0758 1428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:07:35.0789 1428 WmiAcpi - ok
20:07:35.0820 1428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:07:35.0867 1428 wmiApSrv - ok
20:07:35.0898 1428 WMPNetworkSvc - ok
20:07:35.0929 1428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:07:35.0976 1428 WPCSvc - ok
20:07:35.0992 1428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:07:36.0038 1428 WPDBusEnum - ok
20:07:36.0070 1428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:07:36.0148 1428 ws2ifsl - ok
20:07:36.0163 1428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:07:36.0210 1428 wscsvc - ok
20:07:36.0226 1428 WSearch - ok
20:07:36.0304 1428 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
20:07:36.0491 1428 wuauserv - ok
20:07:36.0506 1428 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:07:36.0616 1428 WudfPf - ok
20:07:36.0662 1428 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:07:36.0756 1428 WUDFRd - ok
20:07:36.0787 1428 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:07:36.0881 1428 wudfsvc - ok
20:07:36.0912 1428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:07:36.0959 1428 WwanSvc - ok
20:07:36.0959 1428 ================ Scan global ===============================
20:07:36.0990 1428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:07:37.0021 1428 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:07:37.0037 1428 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:07:37.0068 1428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:07:37.0099 1428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:07:37.0115 1428 [Global] - ok
20:07:37.0115 1428 ================ Scan MBR ==================================
20:07:37.0130 1428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:07:38.0082 1428 \Device\Harddisk0\DR0 - ok
20:07:38.0082 1428 ================ Scan VBR ==================================
20:07:38.0082 1428 [ 5EB09DF73C208B9B169E9438CF9FB9A8 ] \Device\Harddisk0\DR0\Partition1
20:07:38.0082 1428 \Device\Harddisk0\DR0\Partition1 - ok
20:07:38.0113 1428 [ 75DC86F8FD32C936E15B55B740BC5F24 ] \Device\Harddisk0\DR0\Partition2
20:07:38.0129 1428 \Device\Harddisk0\DR0\Partition2 - ok
20:07:38.0129 1428 ============================================================
20:07:38.0129 1428 Scan finished
20:07:38.0129 1428 ============================================================
20:07:38.0144 2008 Detected object count: 0
20:07:38.0144 2008 Actual detected object count: 0
|
|
28.09.2012, 19:45
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IncrediBar Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.09.2012, 18:12
| #21 |
| | IncrediBarCode:
ATTFilter ComboFix 12-09-30.01 - Chrissy 30.09.2012 19:00:16.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4044.3184 [GMT 2:00]
ausgeführt von:: c:\users\Chrissy.Chrissy-PC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-28 bis 2012-09-30 ))))))))))))))))))))))))))))))
.
.
2012-09-30 17:05 . 2012-09-30 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 11:21 . 2012-09-28 11:21 -------- d-----w- C:\_OTL
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- c:\program files (x86)\ESET
2012-09-24 14:34 . 2012-09-24 14:41 -------- d-----w- c:\users\Chrissy.Chrissy-PC\1
2012-09-24 09:59 . 2012-09-24 09:59 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-24 09:59 . 2012-09-24 09:59 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-24 09:59 . 2012-09-24 09:59 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-24 09:59 . 2012-09-24 09:59 188904 ----a-w- c:\windows\system32\java.exe
2012-09-24 09:59 . 2012-09-24 09:59 -------- d-----w- c:\program files\Java
2012-09-24 09:58 . 2012-09-24 09:58 -------- d-----w- c:\program files (x86)\foobar2000
2012-09-18 18:00 . 2012-09-18 18:00 -------- d-----w- c:\users\Chrissy.Chrissy-PC\AppData\Roaming\Malwarebytes
2012-09-18 18:00 . 2012-09-18 18:00 -------- d-----w- c:\programdata\Malwarebytes
2012-09-18 18:00 . 2012-09-18 18:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-18 18:00 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 12:14 . 2012-09-24 09:55 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 09:59 . 2011-12-21 21:06 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 09:59 . 2011-12-21 21:06 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-21 09:12 . 2012-06-06 12:03 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-09 08:39 . 2012-08-09 08:39 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-08-09 08:39 . 2012-08-09 08:39 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-08-09 08:37 . 2012-08-09 08:38 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-09 08:37 . 2012-08-09 08:38 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-17 10:02 . 2012-08-10 05:28 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-09 14448]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-26 317440]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-08-11 1582144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Chrissy.Chrissy-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chrissy.Chrissy-PC\AppData\Roaming\Mozilla\Firefox\Profiles\qz00zysq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLwz9hqq&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b8aef4dd00000000000060d819019ba1
FF - user.js: extensions.incredibar_i.instlDay - 15571
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:42
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLwz9hqq
FF - user.js: extensions.incredibar_i.upn2n - 92261958900143954
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,11,79,
2d,b5,d8,55,04,a1,d1,3a,9e,9a,80,d7,9d
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4a,
90,1d,ff,d0,0c,b4,2e,8e,23,08,ca,ca,1c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,00,
68,c0,84,43,02,ae,e8,8b,86,f9,9a,6a,59
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
c5,75,f6,34,07,a4,77,c3,79,c9,86,cf,b3
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"{AE07101B-46D4-4A98-AF68-0333EA26E113}"=""
"Timestamp"=hex:6b,fb,41,cb,31,9a,cd,01
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,7b,c8,40,ae,ec,ee,4d,af,13,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,7b,c8,40,ae,ec,ee,4d,af,13,3d,\
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8SVX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.8SVX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AAC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AFC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AFC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AIF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AIFC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AIFF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.ASX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AU"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.CDA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.CUE"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FLA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FLAC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FPL"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FTH\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FTH"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M3U"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M3U8"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M4A"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4B\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M4B"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MKA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MKA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP+\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP+"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP1"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP2"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP4"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MPC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPP\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MPP"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.OGA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.OGG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.OGX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.PLS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.SND"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SPX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.SPX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SVX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.SVX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.W64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.W64"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WAV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WAVE\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WAVE"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WAX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WMA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WVX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-30 19:11:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-30 17:11
.
Vor Suchlauf: 10 Verzeichnis(se), 463.622.791.168 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 463.566.741.504 Bytes frei
.
- - End Of File - - 2D41DDFC28D5DD7AF9E631A2582E0E2F
|
|
01.10.2012, 13:01
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IncrediBar Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox::
FF - ProfilePath - c:\users\Chrissy.Chrissy-PC\AppData\Roaming\Mozilla\Firefox\Profiles\qz00zysq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - http://mystart.Incredibar.com/?a=6OyLwz9hqq&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b8aef4dd00000000000060d819019ba1
FF - user.js: extensions.incredibar_i.instlDay - 15571
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:42
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLwz9hqq
FF - user.js: extensions.incredibar_i.upn2n - 92261958900143954
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 16:01
| #23 |
| | IncrediBar Also nach einem Neustart hat er nicht gefragt. Ich hoffe, dass in dem Log trotzdem alle nötigen Infos stehen. Code:
ATTFilter ComboFix 12-09-30.03 - Chrissy 01.10.2012 16:49:21.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4044.3181 [GMT 2:00]
ausgeführt von:: c:\users\Chrissy.Chrissy-PC\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Chrissy.Chrissy-PC\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-01 bis 2012-10-01 ))))))))))))))))))))))))))))))
.
.
2012-10-01 14:54 . 2012-10-01 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-01 14:54 . 2012-10-01 14:54 -------- d-----w- c:\users\Chrissy\AppData\Local\temp
2012-10-01 14:54 . 2012-10-01 14:54 -------- d-----w- c:\users\Chrissy.Chrissy-PC\AppData\Local\temp
2012-09-28 11:21 . 2012-09-28 11:21 -------- d-----w- C:\_OTL
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- c:\program files (x86)\ESET
2012-09-24 14:34 . 2012-09-24 14:41 -------- d-----w- c:\users\Chrissy.Chrissy-PC\1
2012-09-24 09:59 . 2012-09-24 09:59 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-24 09:59 . 2012-09-24 09:59 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-24 09:59 . 2012-09-24 09:59 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-24 09:59 . 2012-09-24 09:59 188904 ----a-w- c:\windows\system32\java.exe
2012-09-24 09:59 . 2012-09-24 09:59 -------- d-----w- c:\program files\Java
2012-09-24 09:58 . 2012-09-24 09:58 -------- d-----w- c:\program files (x86)\foobar2000
2012-09-18 18:00 . 2012-09-18 18:00 -------- d-----w- c:\users\Chrissy.Chrissy-PC\AppData\Roaming\Malwarebytes
2012-09-18 18:00 . 2012-09-18 18:00 -------- d-----w- c:\programdata\Malwarebytes
2012-09-18 18:00 . 2012-09-18 18:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-18 18:00 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 12:14 . 2012-09-24 09:55 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 09:59 . 2011-12-21 21:06 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 09:59 . 2011-12-21 21:06 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-21 09:12 . 2012-06-06 12:03 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-09 08:39 . 2012-08-09 08:39 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-08-09 08:39 . 2012-08-09 08:39 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-08-09 08:37 . 2012-08-09 08:38 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-09 08:37 . 2012-08-09 08:38 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-17 10:02 . 2012-08-10 05:28 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-09 14448]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-26 317440]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-08-11 1582144]
.
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Chrissy.Chrissy-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Chrissy.Chrissy-PC\AppData\Roaming\Mozilla\Firefox\Profiles\qz00zysq.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,11,79,
2d,b5,d8,55,04,a1,d1,3a,9e,9a,80,d7,9d
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4a,
90,1d,ff,d0,0c,b4,2e,8e,23,08,ca,ca,1c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,00,
68,c0,84,43,02,ae,e8,8b,86,f9,9a,6a,59
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
c5,75,f6,34,07,a4,77,c3,79,c9,86,cf,b3
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"{AE07101B-46D4-4A98-AF68-0333EA26E113}"=""
"Timestamp"=hex:6b,fb,41,cb,31,9a,cd,01
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,7b,c8,40,ae,ec,ee,4d,af,13,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,7b,c8,40,ae,ec,ee,4d,af,13,3d,\
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8SVX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.8SVX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AAC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AFC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AFC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AIF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AIFC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AIFF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.ASX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.AU"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.CDA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.CUE"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FLA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FLAC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FPL"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FTH\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.FTH"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M3U"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M3U8"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M4A"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4B\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.M4B"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MKA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MKA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP+\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP+"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP1"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP2"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MP4"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MPC"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPP\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.MPP"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.OGA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.OGG"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.OGX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.PLS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.SND"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SPX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.SPX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SVX\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.SVX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.W64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.W64"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WAV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WAVE\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WAVE"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WAX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WMA"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WV"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="foobar2000.WVX"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-367710948-1802681718-1598313182-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-01 16:56:06
ComboFix-quarantined-files.txt 2012-10-01 14:56
ComboFix2.txt 2012-09-30 17:11
.
Vor Suchlauf: 12 Verzeichnis(se), 462.590.312.448 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 462.518.546.432 Bytes frei
.
- - End Of File - - 4518A0403050A6CE46AEF175B806179A
|
|
02.10.2012, 11:18
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IncrediBar Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 16:08
| #25 |
| | IncrediBar Sooo. GMER habe ich ausgeführt. Leider konnte ich im Register Rootkit/Malware lediglich Services, Regitry, Files und ADS anklicken. Alles andere ist grau und lies sich nicht aktivieren. Die Fläche bei Rootkit/Malware ist auch leer, das heißt es steht nichts drinnen. Nach dem Scan und klick auf Copy bleibt die Zwischenablage leer. Ist das normal? ------------------------------------------------ Hier der OSAM-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:38:55 on 02.10.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Chrissy.Chrissy-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Sony PC Companion" - "Sony" - "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Und hier der aswMBR Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 16:40:28
-----------------------------
16:40:28.040 OS Version: Windows x64 6.1.7601 Service Pack 1
16:40:28.040 Number of processors: 4 586 0x2A07
16:40:28.040 ComputerName: CHRISSY-PC UserName: Chrissy
16:40:29.460 Initialize success
16:41:32.925 AVAST engine defs: 12100200
16:42:16.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:42:16.683 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:42:16.698 Disk 0 MBR read successfully
16:42:16.698 Disk 0 MBR scan
16:42:16.714 Disk 0 Windows 7 default MBR code
16:42:16.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:42:16.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
16:42:16.776 Disk 0 scanning C:\Windows\system32\drivers
16:42:26.667 Service scanning
16:42:50.472 Modules scanning
16:42:50.488 Disk 0 trace - called modules:
16:42:50.503 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:42:50.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007207060]
16:42:51.034 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049f3050]
16:42:52.188 AVAST engine scan C:\Windows
16:42:55.480 AVAST engine scan C:\Windows\system32
16:45:38.531 AVAST engine scan C:\Windows\system32\drivers
16:45:50.668 AVAST engine scan C:\Users\Chrissy.Chrissy-PC
16:50:33.528 AVAST engine scan C:\ProgramData
16:51:08.035 Scan finished successfully
17:00:12.570 Disk 0 MBR has been saved successfully to "C:\Users\Chrissy.Chrissy-PC\Desktop\MBR.dat"
17:00:12.585 The log file has been saved successfully to "C:\Users\Chrissy.Chrissy-PC\Desktop\aswMBR.txt"
|
|
02.10.2012, 19:28
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IncrediBar Ja das Verhalten von GMER kann v.a. auf 64-Bit-Systemen so sein, denk dir nichts bei  Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 11:13
| #27 |
| | IncrediBar Update und Voll-Scan wurden durchgeführt. Beide ergaben keine Treffer. mystart.incredibar.com ist allerdings nach wie vor der neue Tab. |
|
05.10.2012, 14:15
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IncrediBar Ich will die Logs trotzdem sehen denn steht schon etwas mehr drin als nur Fund oder kein Fund Zitat:
2. nach Einstellungsname browser.newtab.url suchen 3. sicherstellen, dass diese Einstellung den Wert about:newtab hat
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 20:34
| #29 | |
| | IncrediBarZitat:
Die Scans kann ich aber dennoch noch einmal durchführen, wenn du das wünschst. |
|
09.10.2012, 20:37
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IncrediBar Nein ist denke ich nicht mehr nötig Aber wenn du willst mach es ruhig 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu IncrediBar |
| anderen, anderer, avast, befürchtet, bereits, bli, blind, durchgeführt, incredibar, individuelle, infizierung, laptop, leute, mystart, mystart by incredibar.com, neue, neuen, problem, runtergeladen, schei, tab, threads, versuche, vollständige, öffnet |
Linear-Darstellung
