| |
| |||||||
Log-Analyse und Auswertung: OTLPE Ergebnisse hab ich, was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.01.2013, 23:10
| #1 |
 |  OTLPE Ergebnisse hab ich, was nun? Hallo zusammen, nachdem ich nun auch von dem weißen Bildschirm unter Windows 7 Starter betroffen bin und auch schon Eure Anleitung zur Verwendung von OTLPE durchgeführt habe, stehe ich nun vor den zwei Textdateien OTL.txt und Extra.txt und weiß nicht weiter. Könnt Ihr mir hier weiter helfen? Zur Info noch, ich komme nicht auf das Desktop, denn ich sehe immer nur weiß mit Pfeil, außer kurz beim herunter fahren, da kann ich für wenige Sekunden zugreifen. Vielen Dank! --- Anhang: |
|
22.01.2013, 11:03
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | OTLPE Ergebnisse hab ich, was nun? Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
22.01.2013, 13:35
| #3 |
| | OTLPE Ergebnisse hab ich, was nun? Hallo und Entschuldigung, habs kapiert
__________________ Ich hoffe so passt das dann: Code:
ATTFilter OTL logfile created on: 1/21/2013 9:12:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Starter Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,014.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free
902.00 Mb Paging File | 820.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 27.99 Gb Total Space | 16.45 Gb Free Space | 58.75% Space Free | Partition Type: NTFS
Drive E: | 201.78 Gb Total Space | 160.14 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive F: | 15.16 Gb Total Space | 15.16 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (HWDeviceService.exe)
SRV - [2013/01/21 04:35:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/03 04:44:21 | 000,246,112 | ---- | M] () [Auto] -- E:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2011/10/01 02:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/05/20 08:28:56 | 000,182,128 | R--- | M] (Swisscom) [Auto] -- E:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe -- (UDM Service)
SRV - [2011/05/16 09:14:02 | 001,482,240 | ---- | M] (Swisscom) [Auto] -- E:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe -- (SesamService)
SRV - [2011/02/16 13:08:52 | 000,920,576 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/02/11 05:39:50 | 000,993,616 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/02/11 05:39:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/02/11 05:39:44 | 000,907,600 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/02/08 21:52:08 | 000,102,672 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV - [2011/02/04 09:13:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/02/04 09:02:10 | 000,227,600 | ---- | M] () [On_Demand] -- E:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/02/04 08:58:18 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/11/02 15:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/09/22 09:49:50 | 000,226,672 | ---- | M] (Sierra Wireless, Inc.) [Auto] -- E:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 07:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (ewusbnet)
DRV - [2012/01/03 04:44:23 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/01/03 04:44:23 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/01/03 04:44:23 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/01/03 04:44:23 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/12/09 12:45:00 | 000,047,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011/11/14 18:04:00 | 000,263,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2011/10/01 02:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 02:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 02:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 02:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/05 10:39:59 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System] -- E:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/11 09:53:22 | 000,263,024 | ---- | M] (Swisscom) [Kernel | System] -- E:\Windows\System32\drivers\wtsmpflt.sys -- (WtSmpFlt)
DRV - [2011/04/11 09:53:22 | 000,041,328 | ---- | M] (Swisscom) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wtsmpadap.sys -- (WtSmpAdap)
DRV - [2011/02/24 10:01:14 | 000,242,176 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- E:\Windows\system32\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV - [2011/02/24 10:01:14 | 000,064,000 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- E:\Windows\system32\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV - [2011/02/24 04:38:58 | 007,507,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011/02/16 07:46:28 | 000,209,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP) Intel(R) Centrino(R)
DRV - [2011/02/16 07:46:28 | 000,209,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL) Intel(R) Centrino(R)
DRV - [2011/01/23 19:24:48 | 000,047,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/28 13:07:44 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/09/09 11:48:36 | 000,055,808 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2010/06/09 09:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- E:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 09:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- E:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 11:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- E:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010/03/01 09:56:18 | 000,031,232 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/11/02 12:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- E:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/09 14:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\system32\drivers\ATKACPI.SYS -- (ACPIService)
DRV - [2006/11/10 09:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Otello_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/07/05 13:09:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/07/05 13:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/07/05 13:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2011/11/06 04:51:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/16 02:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/07/05 13:22:41 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Otello\AppData\Roaming\Mozilla\Extensions
[2011/07/06 00:32:44 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2012/10/30 08:07:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/09/16 02:37:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ArcSoft Connection Service] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BTMTrayAgent] E:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [FLxHCIm] E:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [fspuip] E:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [HostManager] E:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Hotkey] E:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe ()
O4 - HKLM..\Run: [UDM] E:\Program Files\Swisscom\Unlimited Data Manager\LscaGui.exe (Swisscom)
O4 - HKU\Otello_ON_E..\Run: [busoo.exe] E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe ()
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Otello_ON_E Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Otello_ON_E Winlogon: Shell - (C:\Users\Otello\AppData\Roaming\skype.dat) - E:\Users\Otello\AppData\Roaming\skype.dat ()
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - E:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{27211244-aad7-11e0-86d3-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{27211244-aad7-11e0-86d3-dca9710654a9}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{3e02580a-5277-11e1-a43d-001e101f1f6e}\Shell - "" = AutoRun
O33 - MountPoints2\{3e02580a-5277-11e1-a43d-001e101f1f6e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7ab39843-36d7-11e1-92c4-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7ab39843-36d7-11e1-92c4-dca9710654a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8d1b1dcc-2eee-11e1-8838-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{8d1b1dcc-2eee-11e1-8838-00ade1ac1c1a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8d1b1ddc-2eee-11e1-8838-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{8d1b1ddc-2eee-11e1-8838-00ade1ac1c1a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a345bc66-085b-11e1-8701-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{a345bc66-085b-11e1-8701-dca9710654a9}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{ca8de48d-927f-11e1-a30e-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{ca8de48d-927f-11e1-a30e-dca9710654a9}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{f78ba0b9-6401-11e2-956d-806e6f6e6963}\Shell\Option1\Command - "" = E:\HBCD\HBCDMenu.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/21 03:57:02 | 000,000,000 | ---D | C] -- E:\478c85c5afddc849ceea772842c63319
[2013/01/19 19:13:37 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2013/01/19 19:11:16 | 000,000,000 | ---D | C] -- E:\ProgramData\24E3B857140F749C000024E393797A96
[2013/01/19 19:10:14 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Yhorow
[2013/01/19 19:10:14 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Avgymo
[6 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/21 14:43:32 | 000,067,584 | -H-- | M] () -- E:\Windows\bootstat.dat
[2013/01/21 14:42:44 | 000,000,004 | ---- | M] () -- E:\Users\Otello\AppData\Roaming\skype.ini
[2013/01/21 14:40:39 | 000,000,004 | ---- | M] () -- E:\ProgramData\WBLD.INI
[2013/01/21 14:40:39 | 000,000,004 | ---- | M] () -- E:\ProgramData\RELED.INI
[2013/01/21 14:40:25 | 000,001,094 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 14:39:49 | 797,581,312 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/21 13:47:19 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 13:47:19 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 12:50:45 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 12:50:45 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/21 04:35:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/01/21 04:35:27 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/19 19:13:36 | 000,002,068 | ---- | M] () -- E:\Users\Otello\Desktop\System Progressive Protection.lnk
[2013/01/19 18:22:33 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 17:09:59 | 002,200,862 | ---- | M] () -- E:\Users\Otello\Documents\Northwind.accdt
[2013/01/14 17:07:35 | 000,468,534 | ---- | M] () -- E:\Users\Otello\Documents\Tasks.accdt
[2013/01/11 10:49:34 | 001,699,644 | ---- | M] () -- E:\Users\Otello\Desktop\Urlaubsangebote.pdf
[2012/12/23 17:05:35 | 000,490,896 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[6 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/19 19:14:55 | 000,000,004 | ---- | C] () -- E:\Users\Otello\AppData\Roaming\skype.ini
[2013/01/19 19:13:36 | 000,002,068 | ---- | C] () -- E:\Users\Otello\Desktop\System Progressive Protection.lnk
[2013/01/14 17:09:59 | 002,200,862 | ---- | C] () -- E:\Users\Otello\Documents\Northwind.accdt
[2013/01/14 17:07:35 | 000,468,534 | ---- | C] () -- E:\Users\Otello\Documents\Tasks.accdt
[2013/01/11 10:49:31 | 001,699,644 | ---- | C] () -- E:\Users\Otello\Desktop\Urlaubsangebote.pdf
[2012/04/27 14:56:43 | 000,000,017 | ---- | C] () -- E:\Windows\System32\shortcut_ex.dat
[2012/01/13 03:05:37 | 000,110,592 | ---- | C] () -- E:\Users\Otello\AppData\Roaming\skype.dat
[2011/11/01 06:36:21 | 000,006,144 | ---- | C] () -- E:\Users\Otello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 10:41:36 | 000,116,189 | ---- | C] () -- E:\Windows\System32\drivers\klin.dat
[2011/07/05 10:41:35 | 000,098,168 | ---- | C] () -- E:\Windows\System32\drivers\klick.dat
[2011/04/22 22:09:11 | 000,000,004 | ---- | C] () -- E:\ProgramData\WBLD.INI
[2011/04/21 04:04:23 | 000,000,004 | ---- | C] () -- E:\ProgramData\RELED.INI
[2011/04/21 02:00:39 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/13 08:16:30 | 000,016,456 | ---- | C] () -- E:\Windows\System32\drivers\ATKACPI.SYS
[2011/03/24 12:36:12 | 000,012,800 | ---- | C] () -- E:\Windows\System32\Install-VR-pulse.exe
[2011/03/24 12:13:52 | 000,044,544 | ---- | C] () -- E:\Windows\System32\Install-VR-pulse.dll
[2010/11/20 19:46:14 | 000,654,844 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2010/11/20 19:46:14 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2010/11/20 19:46:14 | 000,130,426 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2010/11/20 19:46:14 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/09/09 11:01:40 | 000,027,675 | ---- | C] () -- E:\Windows\System32\drivers\klopp.dat
[2009/07/13 23:57:37 | 000,067,584 | -H-- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,490,896 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,616,686 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,808 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
========== LOP Check ==========
[2013/01/19 19:13:14 | 000,000,000 | ---D | M] -- E:\ProgramData\24E3B857140F749C000024E393797A96
[2011/04/21 02:03:17 | 000,000,000 | ---D | M] -- E:\ProgramData\AmUStor
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/01/03 04:49:30 | 000,000,000 | ---D | M] -- E:\ProgramData\DatacardService
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/11/06 04:55:47 | 000,000,000 | ---D | M] -- E:\ProgramData\Local
[2012/01/03 04:48:34 | 000,000,000 | ---D | M] -- E:\ProgramData\Mobile Partner
[2011/07/28 23:59:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2011/04/24 22:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Roaming
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/04/21 03:03:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2013/01/21 14:42:32 | 000,000,000 | ---D | M] -- E:\ProgramData\UDM
[2011/11/06 04:48:35 | 000,000,000 | ---D | M] -- E:\ProgramData\UDM_21168
[2011/07/10 05:07:04 | 000,000,000 | ---D | M] -- E:\ProgramData\VirtualizedApplications
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/01/21 14:16:57 | 000,000,000 | ---D | M] -- E:\ProgramData\WtDashboard
[2011/12/25 07:02:37 | 000,000,000 | -H-D | M] -- E:\ProgramData\{168F2BF3-5528-4D9C-A12E-B02CA5A44257}
[2012/11/10 11:57:22 | 000,032,634 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 1/21/2013 9:12:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Starter Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,014.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free
902.00 Mb Paging File | 820.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 27.99 Gb Total Space | 16.45 Gb Free Space | 58.75% Space Free | Partition Type: NTFS
Drive E: | 201.78 Gb Total Space | 160.14 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive F: | 15.16 Gb Total Space | 15.16 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- E:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13709A29-963F-4C88-866F-132B12ABA40A}" = AM Usb Card Reader Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339474F5-C557-4140-BB96-B7C49A4F5D65}" = VR-pulse Installer
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9326E1-E378-48A6-A82B-800147E63306}" = ArcSoft MediaImpression 2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Hotkey
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi-Software
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B219E8B-B0B5-4730-9E27-BD3EC339A0CC}" = Unlimited Data Manager 10.0.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9E88160-4159-4BA4-A5E3-5EA7C3BD0888}" = Fresco Logic USB3.0 Host Controller
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = AM Usb Card Reader Driver
"AOL Deinstallation" = AOL Deinstallation
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Digital Editions" = Adobe Digital Editions
"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"PROPLUSR" = Microsoft Office Professional Plus 2007
"VLC media player" = VLC media player 2.0.4
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
< End of report >
Geändert von fkress (22.01.2013 um 14:12 Uhr) |
|
22.01.2013, 14:13
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTLPE Ergebnisse hab ich, was nun? Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\Otello_ON_E..\Run: [busoo.exe] E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe ()
O20 - HKU\Otello_ON_E Winlogon: Shell - (C:\Users\Otello\AppData\Roaming\skype.dat) - E:\Users\Otello\AppData\Roaming\skype.dat ()
:Files
E:\Users\Otello\AppData\Roaming\skype.dat
E:\Users\Otello\AppData\Roaming\Yhorow
E:\ProgramData\24E3B857140F749C000024E393797A96
E:\Users\Otello\AppData\Roaming\Avgymo
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.01.2013, 14:50
| #5 |
| | OTLPE Ergebnisse hab ich, was nun? Soooo, also ich habe das Fix gemacht. Nur mit dem Logfile habe ich Probleme, ich habe es nun beim dritten geschafft zu speichern: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\Otello_ON_E\Software\Microsoft\Windows\CurrentVersion\Run\\busoo.exe not found.
File E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe not found.
Registry value HKEY_USERS\Otello_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Otello\AppData\Roaming\skype.dat deleted successfully.
File E:\Users\Otello\AppData\Roaming\skype.dat not found.
========== FILES ==========
File\Folder E:\Users\Otello\AppData\Roaming\skype.dat not found.
File\Folder E:\Users\Otello\AppData\Roaming\Yhorow not found.
File\Folder E:\ProgramData\24E3B857140F749C000024E393797A96 not found.
File\Folder E:\Users\Otello\AppData\Roaming\Avgymo not found.
========== COMMANDS ==========
E:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 01222013_143631
|
|
22.01.2013, 15:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTLPE Ergebnisse hab ich, was nun? Startet Windows nun wieder normal?
__________________ --> OTLPE Ergebnisse hab ich, was nun? |
|
22.01.2013, 15:15
| #7 |
| | OTLPE Ergebnisse hab ich, was nun? ja, macht es, ich lade gerade Avira neu zum installieren. Muss ich dann noch was tun? |
|
22.01.2013, 15:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTLPE Ergebnisse hab ich, was nun? Bitte keine neuen Virenscans erstmal machen!! Hast du die MovedFiles gezippt und hochgeladen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 15:23
| #9 |
| | OTLPE Ergebnisse hab ich, was nun? nee, noch nicht, ich habe das ganze Verzeichnis gepackt, was soll ich damit tun? |
|
22.01.2013, 15:26
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTLPE Ergebnisse hab ich, was nun? Ja sagma liest du vllt mal meine Anleitungen richtig?  
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 15:33
| #11 |
| | OTLPE Ergebnisse hab ich, was nun? Ja, habbe. Die Datei habe ich eben hochgeladen |
|
22.01.2013, 15:45
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTLPE Ergebnisse hab ich, was nun?Zitat:
und warum fragst du mich was damit passieren wenn du angeblich die Anleitung komplett gelesen hast?!  Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 17:09
| #13 |
| | OTLPE Ergebnisse hab ich, was nun? Es gibt Neuigkeiten: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 16:03:29
-----------------------------
16:03:29.717 OS Version: Windows 6.1.7601 Service Pack 1
16:03:29.717 Number of processors: 4 586 0x1C0A
16:03:29.722 ComputerName: OTELLO-PC UserName: Otello
16:04:38.174 Initialize success
16:31:50.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:31:50.280 Disk 0 Vendor: ST9250315AS 0003SDM1 Size: 238475MB BusType: 3
16:31:50.405 Disk 0 MBR read successfully
16:31:50.405 Disk 0 MBR scan
16:31:50.421 Disk 0 unknown MBR code
16:31:50.577 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:31:50.639 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 206627 MB offset 206848
16:31:50.639 Disk 0 Partition - 00 0F Extended LBA 30714 MB offset 423378944
16:31:50.764 Disk 0 Partition 3 00 12 Compaq diag NTFS 1026 MB offset 486285312
16:31:50.882 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 28664 MB offset 423380992
16:31:50.902 Disk 0 Partition - 00 05 Extended 129 MB offset 482084864
16:31:50.952 Disk 0 Partition 5 00 27 Hidden NTFS WinRE 128 MB offset 482086912
16:31:50.972 Disk 0 Partition - 00 05 Extended 896 MB offset 541054976
16:31:51.002 Disk 0 Partition 6 00 27 Hidden NTFS WinRE 895 MB offset 482351104
16:31:51.062 Disk 0 Partition - 00 05 Extended 1024 MB offset 543154176
16:31:51.117 Disk 0 Partition 7 00 27 Hidden NTFS WinRE 1023 MB offset 484186112
16:31:51.197 Disk 0 scanning sectors +488386560
16:31:51.382 Disk 0 scanning C:\Windows\system32\drivers
16:32:16.294 Service scanning
16:33:05.125 Modules scanning
16:33:26.820 Disk 0 trace - called modules:
16:33:26.863 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys Wdf01000.sys FLxHCIc.sys
16:33:26.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b96618]
16:33:26.898 3 CLASSPNP.SYS[86faa59e] -> nt!IofCallDriver -> [0x83d789e0]
16:33:26.915 5 ACPI.sys[86cb73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a48030]
16:33:26.933 Scan finished successfully
16:44:41.323 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
16:44:41.385 The log file has been saved successfully to "E:\aswMBR.txt"
Code:
ATTFilter 16:46:29.0911 5816 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:46:30.0125 5816 ============================================================
16:46:30.0126 5816 Current date / time: 2013/01/22 16:46:30.0125
16:46:30.0126 5816 SystemInfo:
16:46:30.0126 5816
16:46:30.0126 5816 OS Version: 6.1.7601 ServicePack: 1.0
16:46:30.0126 5816 Product type: Workstation
16:46:30.0126 5816 ComputerName: OTELLO-PC
16:46:30.0127 5816 UserName: Otello
16:46:30.0127 5816 Windows directory: C:\Windows
16:46:30.0127 5816 System windows directory: C:\Windows
16:46:30.0127 5816 Processor architecture: Intel x86
16:46:30.0127 5816 Number of processors: 4
16:46:30.0127 5816 Page size: 0x1000
16:46:30.0127 5816 Boot type: Normal boot
16:46:30.0127 5816 ============================================================
16:46:33.0363 5816 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:46:33.0363 5816 Drive \Device\Harddisk1\DR1 - Size: 0x3CB1FFE00 (15.17 Gb), SectorSize: 0x200, Cylinders: 0x7BC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:46:33.0363 5816 ============================================================
16:46:33.0363 5816 \Device\Harddisk0\DR0:
16:46:33.0378 5816 MBR partitions:
16:46:33.0378 5816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:46:33.0378 5816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800
16:46:33.0394 5816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4800, BlocksNum 0x37FC000
16:46:33.0472 5816 \Device\Harddisk1\DR1:
16:46:33.0472 5816 MBR partitions:
16:46:33.0472 5816 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E58FDF
16:46:33.0472 5816 ============================================================
16:46:33.0534 5816 C: <-> \Device\Harddisk0\DR0\Partition2
16:46:33.0581 5816 D: <-> \Device\Harddisk0\DR0\Partition3
16:46:33.0722 5816 ============================================================
16:46:33.0722 5816 Initialize success
16:46:33.0722 5816 ============================================================
16:46:54.0782 1640 ============================================================
16:46:54.0782 1640 Scan started
16:46:54.0782 1640 Mode: Manual; SigCheck; TDLFS;
16:46:54.0782 1640 ============================================================
16:46:57.0618 1640 ================ Scan system memory ========================
16:46:57.0618 1640 System memory - ok
16:46:57.0618 1640 ================ Scan services =============================
16:46:57.0798 1640 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:46:58.0038 1640 1394ohci - ok
16:46:58.0138 1640 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:46:58.0198 1640 ACDaemon - ok
16:46:58.0258 1640 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:46:58.0298 1640 ACPI - ok
16:46:58.0328 1640 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:46:58.0438 1640 AcpiPmi - ok
16:46:58.0468 1640 [ C1C7EEF1A53A6B47323187A22559E553 ] ACPIService C:\Windows\system32\drivers\ATKACPI.SYS
16:46:58.0498 1640 ACPIService - ok
16:46:58.0578 1640 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:46:58.0608 1640 AdobeARMservice - ok
16:46:58.0708 1640 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:58.0758 1640 AdobeFlashPlayerUpdateSvc - ok
16:46:58.0818 1640 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:46:58.0870 1640 adp94xx - ok
16:46:58.0901 1640 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:46:58.0948 1640 adpahci - ok
16:46:58.0979 1640 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:46:59.0010 1640 adpu320 - ok
16:46:59.0057 1640 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:46:59.0228 1640 AeLookupSvc - ok
16:46:59.0306 1640 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
16:46:59.0338 1640 Afc - ok
16:46:59.0384 1640 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:46:59.0478 1640 AFD - ok
16:46:59.0525 1640 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:46:59.0556 1640 agp440 - ok
16:46:59.0587 1640 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:46:59.0618 1640 aic78xx - ok
16:46:59.0665 1640 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:46:59.0743 1640 ALG - ok
16:46:59.0774 1640 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:46:59.0806 1640 aliide - ok
16:46:59.0852 1640 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:46:59.0884 1640 amdagp - ok
16:46:59.0930 1640 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:46:59.0962 1640 amdide - ok
16:47:00.0664 1640 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:47:00.0726 1640 AmdK8 - ok
16:47:00.0773 1640 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:47:00.0830 1640 AmdPPM - ok
16:47:00.0880 1640 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:47:00.0925 1640 amdsata - ok
16:47:00.0962 1640 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:47:00.0997 1640 amdsbs - ok
16:47:01.0029 1640 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:47:01.0059 1640 amdxata - ok
16:47:01.0108 1640 [ 6A590E84B7645BA059C45BA416546E39 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
16:47:01.0212 1640 AMPPAL - ok
16:47:01.0233 1640 [ 6A590E84B7645BA059C45BA416546E39 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
16:47:01.0264 1640 AMPPALP - ok
16:47:01.0329 1640 [ AD29A8912C605CF8B784FEDBB6AD5467 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:47:01.0415 1640 AMPPALR3 - ok
16:47:01.0462 1640 [ F2DFC6991630B91E9DA263DCA939C8B2 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
16:47:01.0543 1640 AmUStor - ok
16:47:01.0583 1640 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:47:01.0655 1640 AppID - ok
16:47:01.0698 1640 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:47:01.0780 1640 AppIDSvc - ok
16:47:01.0804 1640 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:47:01.0879 1640 Appinfo - ok
16:47:01.0908 1640 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
16:47:01.0940 1640 arc - ok
16:47:01.0963 1640 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:47:01.0995 1640 arcsas - ok
16:47:02.0034 1640 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:02.0162 1640 AsyncMac - ok
16:47:02.0193 1640 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:47:02.0222 1640 atapi - ok
16:47:02.0268 1640 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:47:02.0360 1640 AudioEndpointBuilder - ok
16:47:02.0379 1640 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:47:02.0465 1640 Audiosrv - ok
16:47:02.0494 1640 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:47:02.0629 1640 AxInstSV - ok
16:47:02.0674 1640 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
16:47:02.0773 1640 b06bdrv - ok
16:47:02.0817 1640 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:47:02.0879 1640 b57nd60x - ok
16:47:02.0926 1640 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:47:03.0019 1640 BDESVC - ok
16:47:03.0051 1640 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:47:03.0129 1640 Beep - ok
16:47:03.0191 1640 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:47:03.0300 1640 BITS - ok
16:47:03.0331 1640 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:47:03.0378 1640 blbdrive - ok
16:47:03.0456 1640 [ E202305F27FC0984BC33D8F6195564D0 ] Bluetooth Device Monitor C:\Program Files\Intel\Bluetooth\devmonsrv.exe
16:47:03.0534 1640 Bluetooth Device Monitor - ok
16:47:03.0628 1640 [ F9224764267B387065384C86F6AE7189 ] Bluetooth Media Service C:\Program Files\Intel\Bluetooth\mediasrv.exe
16:47:03.0729 1640 Bluetooth Media Service - ok
16:47:03.0769 1640 [ C4F2AB05AB88601316ED05C4396668E2 ] Bluetooth OBEX Service C:\Program Files\Intel\Bluetooth\obexsrv.exe
16:47:03.0849 1640 Bluetooth OBEX Service - ok
16:47:03.0889 1640 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:47:03.0971 1640 bowser - ok
16:47:04.0009 1640 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:47:04.0064 1640 BrFiltLo - ok
16:47:04.0096 1640 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:47:04.0159 1640 BrFiltUp - ok
16:47:04.0211 1640 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:47:04.0304 1640 Browser - ok
16:47:04.0336 1640 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:47:04.0439 1640 Brserid - ok
16:47:04.0479 1640 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:47:04.0529 1640 BrSerWdm - ok
16:47:04.0551 1640 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:47:04.0604 1640 BrUsbMdm - ok
16:47:04.0641 1640 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:47:04.0691 1640 BrUsbSer - ok
16:47:04.0754 1640 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:47:04.0911 1640 BthEnum - ok
16:47:04.0951 1640 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:47:05.0006 1640 BTHMODEM - ok
16:47:05.0039 1640 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:47:05.0096 1640 BthPan - ok
16:47:05.0241 1640 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:47:05.0321 1640 BTHPORT - ok
16:47:05.0366 1640 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:47:05.0449 1640 bthserv - ok
16:47:05.0486 1640 [ 3A80BE49133745FDCB0AE7E248FB808C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:47:05.0511 1640 BTHSSecurityMgr - ok
16:47:05.0569 1640 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:47:05.0629 1640 BTHUSB - ok
16:47:05.0666 1640 [ 0CE0A06DC095D070E128DC24C1196F41 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
16:47:05.0694 1640 btmaux - ok
16:47:05.0739 1640 [ 58351A9ED9A5AD3C8A22EC5BEBF4DA2A ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
16:47:05.0817 1640 btmhsf - ok
16:47:05.0864 1640 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:47:05.0959 1640 cdfs - ok
16:47:05.0999 1640 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:47:06.0044 1640 cdrom - ok
16:47:06.0084 1640 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:47:06.0164 1640 CertPropSvc - ok
16:47:06.0194 1640 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
16:47:06.0234 1640 circlass - ok
16:47:06.0259 1640 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:47:06.0304 1640 CLFS - ok
16:47:06.0374 1640 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:47:06.0409 1640 clr_optimization_v2.0.50727_32 - ok
16:47:06.0479 1640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:06.0554 1640 clr_optimization_v4.0.30319_32 - ok
16:47:06.0584 1640 [ 125C828BF3673406DFD642D7BEE8434F ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:47:06.0619 1640 clwvd - ok
16:47:06.0654 1640 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:47:06.0709 1640 CmBatt - ok
16:47:06.0754 1640 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:47:06.0784 1640 cmdide - ok
16:47:06.0924 1640 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:47:07.0109 1640 CNG - ok
16:47:07.0134 1640 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:47:07.0164 1640 Compbatt - ok
16:47:07.0199 1640 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:47:07.0249 1640 CompositeBus - ok
16:47:07.0259 1640 COMSysApp - ok
16:47:07.0304 1640 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:47:07.0354 1640 crcdisk - ok
16:47:07.0419 1640 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:47:07.0519 1640 CryptSvc - ok
16:47:07.0639 1640 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:47:07.0719 1640 cvhsvc - ok
16:47:07.0789 1640 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:47:07.0904 1640 DcomLaunch - ok
16:47:07.0935 1640 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:47:08.0013 1640 defragsvc - ok
16:47:08.0045 1640 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:47:08.0138 1640 DfsC - ok
16:47:08.0169 1640 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:47:08.0247 1640 Dhcp - ok
16:47:08.0263 1640 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:47:08.0357 1640 discache - ok
16:47:08.0372 1640 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
16:47:08.0403 1640 Disk - ok
16:47:08.0435 1640 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:47:08.0513 1640 Dnscache - ok
16:47:08.0544 1640 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:47:08.0637 1640 dot3svc - ok
16:47:08.0653 1640 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:47:08.0747 1640 DPS - ok
16:47:08.0793 1640 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:47:08.0840 1640 drmkaud - ok
16:47:08.0887 1640 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:47:08.0965 1640 DXGKrnl - ok
16:47:08.0996 1640 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:47:09.0090 1640 EapHost - ok
16:47:09.0199 1640 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
16:47:09.0386 1640 ebdrv - ok
16:47:09.0433 1640 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:47:09.0573 1640 EFS - ok
16:47:09.0620 1640 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:47:09.0667 1640 elxstor - ok
16:47:09.0698 1640 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:47:09.0748 1640 ErrDev - ok
16:47:09.0818 1640 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:47:09.0918 1640 EventSystem - ok
16:47:09.0998 1640 [ 9A581303C7B0436E4B8D613EE0A79C7C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:47:10.0078 1640 EvtEng - ok
16:47:10.0148 1640 [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:47:10.0268 1640 ewusbmbb - ok
16:47:10.0278 1640 ewusbnet - ok
16:47:10.0318 1640 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:47:10.0388 1640 ew_hwusbdev - ok
16:47:10.0418 1640 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:47:10.0498 1640 exfat - ok
16:47:10.0998 1640 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:47:11.0088 1640 fastfat - ok
16:47:11.0148 1640 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:47:11.0268 1640 Fax - ok
16:47:11.0308 1640 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
16:47:11.0348 1640 fdc - ok
16:47:11.0378 1640 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:47:11.0458 1640 fdPHost - ok
16:47:11.0488 1640 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:47:11.0558 1640 FDResPub - ok
16:47:11.0598 1640 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:47:11.0628 1640 FileInfo - ok
16:47:11.0648 1640 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:47:11.0728 1640 Filetrace - ok
16:47:11.0763 1640 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:47:11.0813 1640 flpydisk - ok
16:47:11.0848 1640 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:47:11.0883 1640 FltMgr - ok
16:47:11.0928 1640 [ 2A7700BEDBBEF962B2BDD14A36B872EF ] FLxHCIc C:\Windows\system32\drivers\FLxHCIc.sys
16:47:12.0003 1640 FLxHCIc - ok
16:47:12.0048 1640 [ A2AB780E5D7E8DE7AC0397D4E6C0FE72 ] FLxHCIh C:\Windows\system32\drivers\FLxHCIh.sys
16:47:12.0103 1640 FLxHCIh - ok
16:47:12.0158 1640 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:47:12.0283 1640 FontCache - ok
16:47:12.0343 1640 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:47:12.0378 1640 FontCache3.0.0.0 - ok
16:47:12.0403 1640 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:47:12.0433 1640 FsDepends - ok
16:47:12.0478 1640 [ 5739510AA7EC9D1F9C5D1268C153B7A2 ] fspad_wlh32 C:\Windows\system32\drivers\fspad_wlh32.sys
16:47:12.0543 1640 fspad_wlh32 - ok
16:47:12.0593 1640 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:47:12.0623 1640 Fs_Rec - ok
16:47:12.0653 1640 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:47:12.0698 1640 fvevol - ok
16:47:12.0733 1640 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:47:12.0763 1640 gagp30kx - ok
16:47:12.0808 1640 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:47:12.0903 1640 gpsvc - ok
16:47:12.0993 1640 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:13.0018 1640 gupdate - ok
16:47:13.0028 1640 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:13.0068 1640 gupdatem - ok
16:47:13.0098 1640 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:47:13.0128 1640 gusvc - ok
16:47:13.0248 1640 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:47:13.0363 1640 hcw85cir - ok
16:47:13.0393 1640 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:47:13.0483 1640 HdAudAddService - ok
16:47:13.0524 1640 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:47:13.0555 1640 HDAudBus - ok
16:47:13.0586 1640 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:47:13.0633 1640 HidBatt - ok
16:47:13.0680 1640 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:47:13.0727 1640 HidBth - ok
16:47:13.0758 1640 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:47:13.0805 1640 HidIr - ok
16:47:13.0836 1640 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:47:13.0914 1640 hidserv - ok
16:47:13.0945 1640 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:47:14.0007 1640 HidUsb - ok
16:47:14.0039 1640 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:47:14.0132 1640 hkmsvc - ok
16:47:14.0148 1640 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:47:14.0257 1640 HomeGroupListener - ok
16:47:14.0288 1640 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:47:14.0351 1640 HomeGroupProvider - ok
16:47:14.0397 1640 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:47:14.0429 1640 HpSAMD - ok
16:47:14.0460 1640 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:47:14.0553 1640 HTTP - ok
16:47:14.0616 1640 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:47:14.0678 1640 huawei_enumerator - ok
16:47:14.0772 1640 [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:47:14.0834 1640 hwdatacard - ok
16:47:14.0928 1640 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
16:47:14.0959 1640 HWDeviceService.exe - ok
16:47:14.0990 1640 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:47:15.0021 1640 hwpolicy - ok
16:47:15.0053 1640 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:47:15.0099 1640 i8042prt - ok
16:47:15.0162 1640 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:47:15.0209 1640 iaStorV - ok
16:47:15.0255 1640 [ AE2DC615F928AC6A18CF25A58630809E ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:47:15.0302 1640 iBtFltCoex - ok
16:47:15.0365 1640 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:47:15.0443 1640 idsvc - ok
16:47:15.0599 1640 [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:15.0926 1640 igfx - ok
16:47:15.0973 1640 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:47:16.0004 1640 iirsp - ok
16:47:16.0035 1640 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:47:16.0147 1640 IKEEXT - ok
16:47:16.0285 1640 [ 67E94D5C722164D7FBF4A79FEAF41C37 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:47:16.0482 1640 IntcAzAudAddService - ok
16:47:16.0505 1640 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:47:16.0535 1640 intelide - ok
16:47:16.0560 1640 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:47:16.0600 1640 intelppm - ok
16:47:16.0630 1640 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:47:16.0715 1640 IPBusEnum - ok
16:47:16.0737 1640 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:16.0807 1640 IpFilterDriver - ok
16:47:16.0840 1640 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:47:16.0875 1640 IPMIDRV - ok
16:47:16.0907 1640 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:47:16.0997 1640 IPNAT - ok
16:47:17.0025 1640 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:47:17.0077 1640 IRENUM - ok
16:47:17.0120 1640 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:47:17.0150 1640 isapnp - ok
16:47:17.0185 1640 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:47:17.0225 1640 iScsiPrt - ok
16:47:17.0252 1640 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:17.0285 1640 kbdclass - ok
16:47:17.0327 1640 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:17.0372 1640 kbdhid - ok
16:47:17.0392 1640 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:47:17.0425 1640 KeyIso - ok
16:47:17.0485 1640 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:47:17.0517 1640 KSecDD - ok
16:47:17.0565 1640 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:47:17.0600 1640 KSecPkg - ok
16:47:17.0637 1640 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:47:17.0730 1640 KtmRm - ok
16:47:17.0765 1640 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:47:17.0852 1640 LanmanServer - ok
16:47:17.0900 1640 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:47:17.0970 1640 LanmanWorkstation - ok
16:47:17.0995 1640 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:47:18.0085 1640 lltdio - ok
16:47:18.0123 1640 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:47:18.0185 1640 lltdsvc - ok
16:47:18.0217 1640 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:47:18.0295 1640 lmhosts - ok
16:47:18.0326 1640 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:47:18.0357 1640 LSI_FC - ok
16:47:18.0404 1640 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:47:18.0442 1640 LSI_SAS - ok
16:47:18.0463 1640 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:47:18.0496 1640 LSI_SAS2 - ok
16:47:18.0531 1640 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:47:18.0564 1640 LSI_SCSI - ok
16:47:18.0593 1640 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:47:18.0672 1640 luafv - ok
16:47:18.0729 1640 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
16:47:18.0761 1640 megasas - ok
16:47:18.0784 1640 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:47:18.0823 1640 MegaSR - ok
16:47:18.0862 1640 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:47:18.0953 1640 MMCSS - ok
16:47:19.0053 1640 [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
16:47:19.0089 1640 Mobile Partner. RunOuc - ok
16:47:19.0114 1640 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:47:19.0194 1640 Modem - ok
16:47:19.0244 1640 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:47:19.0296 1640 monitor - ok
16:47:19.0338 1640 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:47:19.0369 1640 mouclass - ok
16:47:19.0408 1640 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:47:19.0458 1640 mouhid - ok
16:47:19.0488 1640 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:47:19.0519 1640 mountmgr - ok
16:47:19.0548 1640 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:47:19.0583 1640 mpio - ok
16:47:19.0619 1640 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:47:19.0686 1640 mpsdrv - ok
16:47:19.0712 1640 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:47:19.0768 1640 MRxDAV - ok
16:47:19.0807 1640 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:19.0906 1640 mrxsmb - ok
16:47:19.0959 1640 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:20.0017 1640 mrxsmb10 - ok
16:47:20.0062 1640 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:20.0112 1640 mrxsmb20 - ok
16:47:20.0251 1640 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:47:20.0294 1640 msahci - ok
16:47:20.0329 1640 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:47:20.0366 1640 msdsm - ok
16:47:20.0386 1640 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:47:20.0434 1640 MSDTC - ok
16:47:20.0481 1640 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:47:20.0574 1640 Msfs - ok
16:47:20.0652 1640 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:47:20.0746 1640 mshidkmdf - ok
16:47:20.0824 1640 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:47:20.0855 1640 msisadrv - ok
16:47:20.0886 1640 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:47:20.0977 1640 MSiSCSI - ok
16:47:20.0987 1640 msiserver - ok
16:47:21.0022 1640 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:47:21.0092 1640 MSKSSRV - ok
16:47:21.0117 1640 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:21.0197 1640 MSPCLOCK - ok
16:47:21.0237 1640 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:47:21.0317 1640 MSPQM - ok
16:47:21.0342 1640 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:47:21.0377 1640 MsRPC - ok
16:47:21.0417 1640 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:47:21.0452 1640 mssmbios - ok
16:47:21.0477 1640 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:47:21.0546 1640 MSTEE - ok
16:47:21.0572 1640 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:47:21.0626 1640 MTConfig - ok
16:47:21.0661 1640 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:47:21.0691 1640 Mup - ok
16:47:21.0726 1640 [ 05B53873D183876F28D8F7F0A844F053 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:47:21.0757 1640 MyWiFiDHCPDNS - ok
16:47:21.0800 1640 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:47:21.0905 1640 napagent - ok
16:47:21.0947 1640 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:47:22.0006 1640 NativeWifiP - ok
16:47:22.0077 1640 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:47:22.0156 1640 NDIS - ok
16:47:22.0176 1640 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:47:22.0252 1640 NdisCap - ok
16:47:22.0281 1640 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:22.0364 1640 NdisTapi - ok
16:47:22.0399 1640 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:22.0477 1640 Ndisuio - ok
16:47:22.0500 1640 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:22.0576 1640 NdisWan - ok
16:47:22.0617 1640 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:47:22.0684 1640 NDProxy - ok
16:47:22.0704 1640 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:47:22.0772 1640 NetBIOS - ok
16:47:22.0797 1640 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:47:22.0884 1640 NetBT - ok
16:47:22.0906 1640 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:47:22.0941 1640 Netlogon - ok
16:47:22.0982 1640 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:47:23.0062 1640 Netman - ok
16:47:23.0079 1640 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:47:23.0180 1640 netprofm - ok
16:47:23.0275 1640 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
16:47:23.0350 1640 netr28u - ok
16:47:23.0389 1640 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:47:23.0422 1640 NetTcpPortSharing - ok
16:47:23.0625 1640 [ 620695631CF043B654EBDBA8F5EBA4CC ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
16:47:23.0968 1640 NETwNs32 - ok
16:47:24.0000 1640 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:47:24.0031 1640 nfrd960 - ok
16:47:24.0078 1640 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:47:24.0171 1640 NlaSvc - ok
16:47:24.0202 1640 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:47:24.0296 1640 Npfs - ok
16:47:24.0327 1640 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:47:24.0421 1640 nsi - ok
16:47:24.0436 1640 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:47:24.0514 1640 nsiproxy - ok
16:47:24.0592 1640 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:47:24.0702 1640 Ntfs - ok
16:47:24.0733 1640 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:47:24.0795 1640 Null - ok
16:47:24.0842 1640 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:47:24.0873 1640 nvraid - ok
16:47:24.0904 1640 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:47:24.0936 1640 nvstor - ok
16:47:24.0967 1640 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:47:25.0014 1640 nv_agp - ok
16:47:25.0138 1640 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:47:25.0201 1640 odserv - ok
16:47:25.0248 1640 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:47:25.0294 1640 ohci1394 - ok
16:47:25.0326 1640 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:47:25.0357 1640 ose - ok
16:47:25.0513 1640 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:47:25.0825 1640 osppsvc - ok
16:47:25.0918 1640 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:47:26.0043 1640 p2pimsvc - ok
16:47:26.0090 1640 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:47:26.0159 1640 p2psvc - ok
16:47:26.0179 1640 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
16:47:26.0216 1640 Parport - ok
16:47:26.0256 1640 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:47:26.0299 1640 partmgr - ok
16:47:26.0316 1640 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:47:26.0351 1640 Parvdm - ok
16:47:26.0379 1640 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:47:26.0426 1640 PcaSvc - ok
16:47:26.0449 1640 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:47:26.0484 1640 pci - ok
16:47:26.0526 1640 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:47:26.0556 1640 pciide - ok
16:47:26.0601 1640 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:47:26.0639 1640 pcmcia - ok
16:47:26.0674 1640 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:47:26.0704 1640 pcw - ok
16:47:26.0736 1640 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:47:26.0851 1640 PEAUTH - ok
16:47:26.0949 1640 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:47:27.0086 1640 pla - ok
16:47:27.0136 1640 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:47:27.0226 1640 PlugPlay - ok
16:47:27.0244 1640 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:47:27.0291 1640 PNRPAutoReg - ok
16:47:27.0326 1640 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:47:27.0366 1640 PNRPsvc - ok
16:47:27.0411 1640 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:47:27.0499 1640 PolicyAgent - ok
16:47:27.0546 1640 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:47:27.0654 1640 Power - ok
16:47:27.0749 1640 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:47:27.0844 1640 PptpMiniport - ok
16:47:27.0874 1640 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
16:47:27.0921 1640 Processor - ok
16:47:27.0996 1640 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:47:28.0091 1640 ProfSvc - ok
16:47:28.0219 1640 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:28.0250 1640 ProtectedStorage - ok
16:47:28.0313 1640 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:47:28.0375 1640 Psched - ok
16:47:28.0422 1640 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:47:28.0438 1640 PSI_SVC_2 - ok
16:47:28.0500 1640 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:47:28.0625 1640 ql2300 - ok
16:47:28.0650 1640 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:47:28.0682 1640 ql40xx - ok
16:47:28.0727 1640 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:47:28.0792 1640 QWAVE - ok
16:47:28.0825 1640 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:47:28.0867 1640 QWAVEdrv - ok
16:47:28.0892 1640 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:47:28.0975 1640 RasAcd - ok
16:47:29.0012 1640 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:47:29.0090 1640 RasAgileVpn - ok
16:47:29.0127 1640 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:47:29.0217 1640 RasAuto - ok
16:47:29.0242 1640 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:29.0327 1640 Rasl2tp - ok
16:47:29.0362 1640 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:47:29.0452 1640 RasMan - ok
16:47:29.0472 1640 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:29.0545 1640 RasPppoe - ok
16:47:29.0582 1640 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:47:29.0662 1640 RasSstp - ok
16:47:29.0702 1640 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:47:29.0787 1640 rdbss - ok
16:47:29.0812 1640 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:47:29.0850 1640 rdpbus - ok
16:47:29.0875 1640 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:29.0952 1640 RDPCDD - ok
16:47:29.0985 1640 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:47:30.0062 1640 RDPENCDD - ok
16:47:30.0090 1640 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:47:30.0182 1640 RDPREFMP - ok
16:47:30.0232 1640 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:47:30.0307 1640 RDPWD - ok
16:47:30.0342 1640 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:47:30.0377 1640 rdyboost - ok
16:47:30.0450 1640 [ 3F7B27F7F19A2F2B0E75768410D05DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:47:30.0490 1640 RegSrvc - ok
16:47:30.0532 1640 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:47:30.0596 1640 RemoteAccess - ok
16:47:30.0627 1640 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:47:30.0705 1640 RemoteRegistry - ok
16:47:30.0939 1640 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:47:31.0001 1640 RFCOMM - ok
16:47:31.0032 1640 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:47:31.0126 1640 RpcEptMapper - ok
16:47:31.0173 1640 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:47:31.0204 1640 RpcLocator - ok
16:47:31.0344 1640 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:47:31.0438 1640 RpcSs - ok
16:47:31.0485 1640 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:47:31.0578 1640 rspndr - ok
16:47:31.0610 1640 [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:47:31.0656 1640 RTL8167 - ok
16:47:31.0688 1640 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:47:31.0719 1640 SamSs - ok
16:47:31.0734 1640 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:47:31.0766 1640 sbp2port - ok
16:47:31.0797 1640 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:47:31.0875 1640 SCardSvr - ok
16:47:31.0906 1640 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:47:31.0984 1640 scfilter - ok
16:47:32.0031 1640 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:47:32.0140 1640 Schedule - ok
16:47:32.0171 1640 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:47:32.0240 1640 SCPolicySvc - ok
16:47:32.0255 1640 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:47:32.0352 1640 SDRSVC - ok
16:47:32.0392 1640 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:47:32.0462 1640 secdrv - ok
16:47:32.0487 1640 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:47:32.0575 1640 seclogon - ok
16:47:32.0607 1640 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:47:32.0692 1640 SENS - ok
16:47:32.0712 1640 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:47:32.0747 1640 Serenum - ok
16:47:32.0785 1640 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
16:47:32.0835 1640 Serial - ok
16:47:32.0867 1640 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:47:32.0902 1640 sermouse - ok
16:47:33.0100 1640 [ 1E26803454642E2C6E3C03E8E42854EC ] SesamService C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe
16:47:33.0205 1640 SesamService ( UnsignedFile.Multi.Generic ) - warning
16:47:33.0207 1640 SesamService - detected UnsignedFile.Multi.Generic (1)
16:47:33.0247 1640 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:47:33.0330 1640 SessionEnv - ok
16:47:33.0352 1640 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:47:33.0405 1640 sffdisk - ok
16:47:33.0430 1640 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:47:33.0467 1640 sffp_mmc - ok
16:47:33.0510 1640 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:47:33.0560 1640 sffp_sd - ok
16:47:33.0607 1640 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:47:33.0650 1640 sfloppy - ok
16:47:33.0722 1640 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
16:47:33.0780 1640 Sftfs - ok
16:47:33.0885 1640 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
16:47:33.0945 1640 sftlist - ok
16:47:33.0995 1640 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:47:34.0037 1640 Sftplay - ok
16:47:34.0090 1640 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:47:34.0127 1640 Sftredir - ok
16:47:34.0167 1640 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
16:47:34.0195 1640 Sftvol - ok
16:47:34.0220 1640 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
16:47:34.0251 1640 sftvsa - ok
16:47:34.0298 1640 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:34.0407 1640 ShellHWDetection - ok
16:47:34.0438 1640 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:47:34.0469 1640 sisagp - ok
16:47:34.0501 1640 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:47:34.0532 1640 SiSRaid2 - ok
16:47:34.0547 1640 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:47:34.0579 1640 SiSRaid4 - ok
16:47:34.0756 1640 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:47:34.0951 1640 Skype C2C Service - ok
16:47:35.0016 1640 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:47:35.0056 1640 SkypeUpdate - ok
16:47:35.0081 1640 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:47:35.0156 1640 Smb - ok
16:47:35.0211 1640 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:47:35.0251 1640 SNMPTRAP - ok
16:47:35.0291 1640 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:47:35.0321 1640 spldr - ok
16:47:35.0381 1640 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:47:35.0481 1640 Spooler - ok
16:47:35.0606 1640 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:47:35.0824 1640 sppsvc - ok
16:47:35.0914 1640 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:47:35.0999 1640 sppuinotify - ok
16:47:36.0074 1640 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:47:36.0156 1640 srv - ok
16:47:36.0191 1640 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:47:36.0256 1640 srv2 - ok
16:47:36.0286 1640 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:47:36.0324 1640 srvnet - ok
16:47:36.0364 1640 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:47:36.0444 1640 SSDPSRV - ok
16:47:36.0469 1640 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:47:36.0551 1640 SstpSvc - ok
16:47:36.0579 1640 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:47:36.0611 1640 stexstor - ok
16:47:36.0669 1640 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:47:36.0749 1640 StiSvc - ok
16:47:36.0781 1640 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:47:36.0811 1640 swenum - ok
16:47:36.0904 1640 [ A6B7C24BCA99B2474F165E35A28E65EF ] SwiCardDetectSvc C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
16:47:36.0944 1640 SwiCardDetectSvc - ok
16:47:36.0996 1640 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:47:37.0079 1640 swprv - ok
16:47:37.0277 1640 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:47:37.0370 1640 SysMain - ok
16:47:37.0386 1640 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:47:37.0448 1640 TabletInputService - ok
16:47:37.0479 1640 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:47:37.0557 1640 TapiSrv - ok
16:47:37.0589 1640 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:47:37.0682 1640 TBS - ok
16:47:37.0760 1640 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:47:37.0869 1640 Tcpip - ok
16:47:37.0932 1640 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:47:37.0994 1640 TCPIP6 - ok
16:47:38.0041 1640 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:47:38.0088 1640 tcpipreg - ok
16:47:38.0135 1640 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:47:38.0213 1640 TDPIPE - ok
16:47:38.0275 1640 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:47:38.0306 1640 TDTCP - ok
16:47:38.0322 1640 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:47:38.0384 1640 tdx - ok
16:47:38.0415 1640 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:47:38.0447 1640 TermDD - ok
16:47:38.0493 1640 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:47:38.0587 1640 TermService - ok
16:47:38.0603 1640 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:47:38.0665 1640 Themes - ok
16:47:38.0681 1640 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:47:38.0759 1640 THREADORDER - ok
16:47:38.0805 1640 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:47:38.0883 1640 TrkWks - ok
16:47:38.0946 1640 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:39.0024 1640 TrustedInstaller - ok
16:47:39.0071 1640 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:39.0149 1640 tssecsrv - ok
16:47:39.0164 1640 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:47:39.0258 1640 TsUsbFlt - ok
16:47:39.0305 1640 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:47:39.0351 1640 TsUsbGD - ok
16:47:39.0383 1640 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:47:39.0461 1640 tunnel - ok
16:47:39.0492 1640 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:47:39.0526 1640 uagp35 - ok
16:47:39.0558 1640 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:47:39.0643 1640 udfs - ok
16:47:39.0721 1640 [ 8191E7E62F1A593CB0EAA483824AE389 ] UDM Service C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe
16:47:39.0763 1640 UDM Service - ok
16:47:39.0816 1640 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:47:39.0868 1640 UI0Detect - ok
16:47:39.0903 1640 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:47:39.0936 1640 uliagpkx - ok
16:47:39.0961 1640 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:47:40.0013 1640 umbus - ok
16:47:40.0046 1640 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
16:47:40.0091 1640 UmPass - ok
16:47:40.0141 1640 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:47:40.0236 1640 upnphost - ok
16:47:40.0291 1640 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:40.0366 1640 usbccgp - ok
16:47:40.0386 1640 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:47:40.0426 1640 usbcir - ok
16:47:40.0463 1640 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:47:40.0508 1640 usbehci - ok
16:47:40.0538 1640 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:47:40.0578 1640 usbhub - ok
16:47:40.0618 1640 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:47:40.0661 1640 usbohci - ok
16:47:40.0693 1640 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:47:40.0743 1640 usbprint - ok
16:47:40.0776 1640 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:40.0875 1640 USBSTOR - ok
16:47:40.0916 1640 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:47:40.0966 1640 usbuhci - ok
16:47:41.0682 1640 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:47:41.0793 1640 usbvideo - ok
16:47:41.0824 1640 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:47:41.0910 1640 UxSms - ok
16:47:41.0933 1640 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:47:41.0965 1640 VaultSvc - ok
16:47:42.0001 1640 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:47:42.0032 1640 vdrvroot - ok
16:47:42.0069 1640 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:47:42.0159 1640 vds - ok
16:47:42.0188 1640 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:42.0237 1640 vga - ok
16:47:42.0259 1640 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:47:42.0328 1640 VgaSave - ok
16:47:42.0358 1640 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:47:42.0395 1640 vhdmp - ok
16:47:42.0435 1640 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:47:42.0466 1640 viaagp - ok
16:47:42.0489 1640 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:47:42.0542 1640 ViaC7 - ok
16:47:42.0565 1640 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:47:42.0596 1640 viaide - ok
16:47:42.0626 1640 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:47:42.0659 1640 volmgr - ok
16:47:42.0686 1640 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:47:42.0728 1640 volmgrx - ok
16:47:42.0759 1640 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:47:42.0790 1640 volsnap - ok
16:47:42.0837 1640 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:47:42.0868 1640 vsmraid - ok
16:47:42.0930 1640 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:47:43.0086 1640 VSS - ok
16:47:43.0102 1640 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:47:43.0149 1640 vwifibus - ok
16:47:43.0196 1640 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:47:43.0242 1640 vwififlt - ok
16:47:43.0258 1640 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:47:43.0305 1640 vwifimp - ok
16:47:43.0367 1640 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:47:43.0445 1640 W32Time - ok
16:47:43.0476 1640 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:47:43.0523 1640 WacomPen - ok
16:47:43.0554 1640 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:47:43.0617 1640 WANARP - ok
16:47:43.0632 1640 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:47:43.0695 1640 Wanarpv6 - ok
16:47:43.0757 1640 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:47:43.0955 1640 wbengine - ok
16:47:43.0987 1640 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:47:44.0049 1640 WbioSrvc - ok
16:47:44.0087 1640 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:47:44.0140 1640 wcncsvc - ok
16:47:44.0159 1640 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:44.0262 1640 WcsPlugInService - ok
16:47:44.0294 1640 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
16:47:44.0324 1640 Wd - ok
16:47:44.0384 1640 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:47:44.0438 1640 Wdf01000 - ok
16:47:44.0474 1640 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:47:44.0572 1640 WdiServiceHost - ok
16:47:44.0582 1640 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:47:44.0625 1640 WdiSystemHost - ok
16:47:44.0650 1640 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:47:44.0714 1640 WebClient - ok
16:47:44.0743 1640 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:47:44.0820 1640 Wecsvc - ok
16:47:44.0838 1640 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:47:44.0910 1640 wercplsupport - ok
16:47:44.0935 1640 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:47:45.0028 1640 WerSvc - ok
16:47:45.0067 1640 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:47:45.0135 1640 WfpLwf - ok
16:47:45.0162 1640 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:47:45.0193 1640 WIMMount - ok
16:47:45.0207 1640 WinHttpAutoProxySvc - ok
16:47:45.0284 1640 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:47:45.0363 1640 Winmgmt - ok
16:47:45.0424 1640 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:47:45.0574 1640 WinRM - ok
16:47:45.0647 1640 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:47:45.0738 1640 Wlansvc - ok
16:47:45.0808 1640 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:47:45.0824 1640 wlcrasvc - ok
16:47:45.0902 1640 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:47:46.0011 1640 wlidsvc - ok
16:47:46.0042 1640 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:47:46.0089 1640 WmiAcpi - ok
16:47:46.0136 1640 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:47:46.0183 1640 wmiApSrv - ok
16:47:46.0261 1640 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:47:46.0386 1640 WMPNetworkSvc - ok
16:47:46.0417 1640 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:47:46.0510 1640 WPCSvc - ok
16:47:46.0526 1640 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:47:46.0588 1640 WPDBusEnum - ok
16:47:46.0635 1640 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:47:46.0713 1640 ws2ifsl - ok
16:47:46.0744 1640 WSearch - ok
16:47:46.0807 1640 [ 2BAB01260CAA5CA6639B8C9B0F3888B1 ] WtSmpAdap C:\Windows\system32\DRIVERS\wtsmpadap.sys
16:47:46.0822 1640 WtSmpAdap - ok
16:47:46.0854 1640 [ 1224AA52EABBAC58CFCF962B35551971 ] WtSmpFlt C:\Windows\system32\DRIVERS\wtsmpflt.sys
16:47:46.0885 1640 WtSmpFlt - ok
16:47:46.0978 1640 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:47:47.0166 1640 wuauserv - ok
16:47:47.0212 1640 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:47:47.0264 1640 WudfPf - ok
16:47:47.0292 1640 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:47.0347 1640 WUDFRd - ok
16:47:47.0375 1640 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:47:47.0425 1640 wudfsvc - ok
16:47:47.0466 1640 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:47:47.0525 1640 WwanSvc - ok
16:47:47.0660 1640 ================ Scan global ===============================
16:47:47.0729 1640 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:47:47.0767 1640 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:47:47.0786 1640 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:47:47.0826 1640 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:47:47.0855 1640 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:47:47.0866 1640 [Global] - ok
16:47:47.0867 1640 ================ Scan MBR ==================================
16:47:47.0882 1640 [ 33EDF9D6A274CE67E7777CBFD375EC9E ] \Device\Harddisk0\DR0
16:47:57.0061 1640 \Device\Harddisk0\DR0 - ok
16:47:57.0075 1640 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
16:48:00.0921 1640 \Device\Harddisk1\DR1 - ok
16:48:00.0921 1640 ================ Scan VBR ==================================
16:48:00.0921 1640 [ 67CD13D40239BC84C0CEA6A41F3D1EF4 ] \Device\Harddisk0\DR0\Partition1
16:48:00.0936 1640 \Device\Harddisk0\DR0\Partition1 - ok
16:48:00.0999 1640 [ 8EEE87F9DAD3775E811CA6090BA2A32E ] \Device\Harddisk0\DR0\Partition2
16:48:01.0014 1640 \Device\Harddisk0\DR0\Partition2 - ok
16:48:01.0061 1640 [ 2EDAB29950BD29DB5B669667D14E8165 ] \Device\Harddisk0\DR0\Partition3
16:48:01.0061 1640 \Device\Harddisk0\DR0\Partition3 - ok
16:48:01.0077 1640 [ 684B9C7967B92439692BDC824252BC9E ] \Device\Harddisk1\DR1\Partition1
16:48:01.0077 1640 \Device\Harddisk1\DR1\Partition1 - ok
16:48:01.0077 1640 ============================================================
16:48:01.0077 1640 Scan finished
16:48:01.0077 1640 ============================================================
16:48:01.0108 5196 Detected object count: 1
16:48:01.0108 5196 Actual detected object count: 1
16:52:25.0453 5196 SesamService ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:25.0453 5196 SesamService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.01.2013, 00:23
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTLPE Ergebnisse hab ich, was nun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.01.2013, 01:50
| #15 |
| | OTLPE Ergebnisse hab ich, was nun? Hier ist das Ergebnis: Code:
ATTFilter ComboFix 13-01-22.01 - Otello 23.01.2013 1:17.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.42 [GMT 1:00]
ausgeführt von:: c:\users\Otello\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$5d6ca331fff6e63b7098caba1410851a\@
c:\$recycle.bin\S-1-5-18\$5d6ca331fff6e63b7098caba1410851a\n
c:\$recycle.bin\S-1-5-21-3781519261-38176514-1814062476-1000\$5d6ca331fff6e63b7098caba1410851a\n
c:\program files\Pegatron\Hotkey\FastUserSwitching.exe
c:\programdata\Local
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\10.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\8.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\9.bb
c:\programdata\Roaming
c:\users\Otello\004.jpg
c:\users\Otello\AppData\Roaming\skype.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-23 bis 2013-01-23 ))))))))))))))))))))))))))))))
.
.
2013-01-23 00:37 . 2013-01-23 00:37 -------- d-----w- c:\programdata\Local
2013-01-23 00:34 . 2013-01-23 00:38 -------- d-----w- c:\users\Otello\AppData\Local\temp
2013-01-23 00:34 . 2013-01-23 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 19:32 . 2013-01-22 19:32 -------- d-----w- C:\_OTL
2013-01-22 16:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-22 16:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-22 16:33 . 2013-01-22 16:33 -------- d-----w- C:\virus
2013-01-22 14:16 . 2013-01-22 14:16 -------- d-----w- c:\users\Otello\AppData\Local\VS Revo Group
2013-01-21 18:15 . 2013-01-21 18:15 0 ----a-w- c:\windows\system32\shoB193.tmp
2013-01-21 08:57 . 2013-01-21 08:57 -------- d-----w- C:\478c85c5afddc849ceea772842c63319
2013-01-11 15:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-21 09:35 . 2012-04-13 18:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-21 09:35 . 2011-07-13 06:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 02:56 . 2012-12-16 15:25 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 02:09 . 2012-12-20 21:08 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-20 21:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-20 21:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-20 21:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-20 21:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-20 21:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-16 15:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-16 15:23 376832 ----a-w- c:\windows\system32\dpnet.dll
2011-09-16 07:37 . 2011-07-05 18:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-01 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-19 9755240]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-24 36864]
"fspuip"="c:\program files\FSP\fspuip.exe" [2010-09-09 3704320]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-02-11 9894160]
"HostManager"="c:\program files\Common Files\AOL\1309972422\ee\AOLSoftware.exe" [2006-04-27 50760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"UDM"="c:\program files\Swisscom\Unlimited Data Manager\LscaGui.exe" [2011-05-20 2426736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Versandhelfer.lnk - c:\program files\Versandhelfer\Versandhelfer.exe [2011-7-5 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 WtSmpFlt;Sesam LightWeight Filter;c:\windows\system32\DRIVERS\wtsmpflt.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
S2 SesamService;Sesam Control Service;c:\program files\Swisscom\Sesam\BIN\SecMIPService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [x]
S2 UDM Service;UDM Service;c:\program files\Swisscom\Unlimited Data Manager\DashBoardS.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [x]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WtSmpAdap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 09:35]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 15:37]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 15:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.startfenster.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: Interfaces\{4014011F-239C-46A8-9CF9-7C2DE7B69FFE}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{6EEF9E2D-4B3B-4D44-8FD6-36B66190A6E0}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{F156FA64-377D-4AB1-A127-78DF9271C392}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Otello\AppData\Roaming\Mozilla\Firefox\Profiles\f6680zuo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-busoo.exe - c:\users\Otello\AppData\Roaming\Yhorow\busoo.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Intel\Bluetooth\BTPlayerCtrl.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\prevhost.exe
c:\windows\System32\WUDFHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-23 01:47:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-23 00:47
.
Vor Suchlauf: 11 Verzeichnis(se), 172.873.011.200 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 172.860.432.384 Bytes frei
.
- - End Of File - - 29AE374E2B9CE938661B8CE7621824F3
|
|
| Themen zu OTLPE Ergebnisse hab ich, was nun? |
| anleitung, bildschirm, dateien, desktop, durchgeführt, ergebnisse, fahren, hallo zusammen, herunter, leitung, otl.txt, otlpe, otlpe ergebnisse beurteilen, sekunden, stehe, verwendung, weiße, wenige, windows, windows 7, windows 7 starter, zugreife, zusammen |
Linear-Darstellung
