Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weißer Bildschirm (https://www.trojaner-board.de/135985-weisser-bildschirm.html)

Maggus123 03.06.2013 17:42
Weißer Bildschirm
 
Hallo,

der Laptop von meinem Arbeitskollegen wurde von einem Bundestrojaner befallen?!

Nach dem Hochfahren des Computers (Windows Vista) erscheint ein weißer Bildschirm und man kann nichts machen.

Abgesicherter Modus --> startet direkt neu wenn explorer geladen ist
Abgesicherter Modus mit Netzwerktreibern --> startet direkt neu wenn explorer geladen ist
Abgesicherter Modus mit Eingabeaufforderung --> funktioniert

Habe mich in dem Forum hier schonmal umgeschaut und das scheint ja ein bekanntes Problem hier zu sein.

Ich habe mir erlaubt schonmal die OTL logfile zu generieren.

Code:
OTL logfile created on: 6/3/2013 7:24:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Business Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.35 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/17 08:22:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/02/20 19:37:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/11/30 04:31:54 | 000,026,112 | ---- | M] () [Auto] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/01/20 22:25:31 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2009/11/30 04:31:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/08/04 08:49:56 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2009/07/10 07:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/11/05 17:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 22:23:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10200577301906479&ctid=CT3284351
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\meinLaptop_ON_C\..\URLSearchHook: {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
IE - HKU\meinLaptop_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (FileConverter 1.3F4 Toolbar) - {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FileConverter 1.3F4 Toolbar) - {65cee10f-b443-447b-bc49-588d94ec564a} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O3 - HKU\meinLaptop_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\meinLaptop_ON_C\..\Toolbar\WebBrowser: (FileConverter 1.3F4 Toolbar) - {65CEE10F-B443-447B-BC49-588D94EC564A} - C:\Program Files\FileConverter_1.3F4\prxtbFile.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (C:\Users\meinLaptop\AppData\Roaming\skype.dat) - C:\Users\meinLaptop\AppData\Roaming\skype.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/30 14:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Collaboration
[2013/05/30 14:12:28 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/05/30 13:30:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013/05/30 12:58:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013/05/30 12:58:03 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013/05/30 12:58:03 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013/05/30 12:58:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013/05/30 12:58:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013/05/30 12:58:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013/05/30 12:57:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013/05/30 12:57:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013/05/30 12:57:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013/05/30 12:57:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013/05/30 12:57:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013/05/30 12:57:52 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013/05/30 12:57:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013/05/30 12:57:52 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013/05/30 12:57:52 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013/05/30 12:57:52 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013/05/30 12:52:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013/05/30 12:52:26 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/05/30 12:52:07 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013/05/30 12:52:06 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/05/30 12:51:55 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013/05/30 12:51:55 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013/05/30 12:51:55 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013/05/30 12:51:54 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013/05/30 12:51:54 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013/05/30 12:51:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013/05/30 12:51:53 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013/05/30 12:51:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013/05/30 12:51:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013/05/30 12:51:44 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/05/30 12:51:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013/05/30 12:51:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013/05/30 12:42:29 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013/05/30 12:42:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013/05/30 12:42:04 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013/05/30 12:34:35 | 000,000,000 | ---D | C] -- C:\Users\meinLaptop\AppData\Local\WindowsUpdate
[2013/05/30 12:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/05/30 12:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/05/30 12:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2013/05/30 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\meinLaptop\AppData\Roaming\Systweak
[2013/05/30 12:22:42 | 000,018,360 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013/05/30 12:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/05/30 12:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2013/05/30 11:13:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/03 12:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 11:50:26 | 000,000,004 | ---- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
[2013/06/03 11:47:18 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 11:47:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 11:47:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 11:00:07 | 000,015,872 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/03 11:00:07 | 000,004,930 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/31 07:21:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/30 14:13:30 | 000,001,846 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2013/05/30 13:34:58 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/30 13:30:53 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/30 13:30:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 13:19:31 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/05/30 13:19:31 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/05/30 13:17:11 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/30 12:23:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/05/30 12:22:41 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/05/30 12:22:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/05/30 11:46:41 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/30 11:46:41 | 000,004,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/30 01:50:44 | 000,090,112 | R--- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.dat
[2013/05/29 13:03:38 | 000,011,776 | ---- | M] () -- C:\Users\meinLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/24 14:32:43 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/17 08:22:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/17 08:22:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/05/30 14:13:30 | 000,001,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2013/05/30 12:57:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013/05/30 12:57:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013/05/30 12:57:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013/05/30 12:23:45 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/05/30 12:22:51 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/05/30 12:22:49 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/05/30 12:22:41 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/05/30 12:09:26 | 000,000,004 | ---- | C] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
[2013/04/05 10:55:04 | 000,090,112 | R--- | C] () -- C:\Users\meinLaptop\AppData\Roaming\skype.dat
[2012/10/14 07:53:15 | 000,011,776 | ---- | C] () -- C:\Users\meinLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/23 15:05:06 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/05/23 15:05:06 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/05/23 15:05:06 | 000,015,872 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/05/23 15:05:06 | 000,004,930 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/05/23 06:55:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/05/23 05:44:36 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/05/23 05:36:07 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012/05/23 05:36:06 | 000,982,212 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/05/23 05:36:06 | 000,439,280 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/05/23 05:36:06 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2012/05/23 05:36:06 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/05/23 05:21:59 | 000,000,680 | ---- | C] () -- C:\Users\meinLaptop\AppData\Local\d3d9caps.dat
[2008/01/20 22:25:51 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008/01/20 22:24:41 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,228,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,004,502 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2004/09/22 15:17:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
 
========== LOP Check ==========
 
[2012/05/23 07:09:01 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Leadertech
[2013/04/21 13:20:32 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Spider Player
[2013/05/30 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\meinLaptop\AppData\Roaming\Systweak
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2013/05/30 12:23:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Systweak
[2006/11/02 09:02:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/05/23 05:19:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/05/30 13:19:31 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2013/05/30 13:19:31 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2013/06/03 10:52:01 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Ab diesem Schritt helfen die Admins dieses Forums den anderen Betroffenen.
Da ich nicht genau weiß, was ich jetzt genau mit dem OTL code anfangen soll nun die Bitte um Hilfe.

Und gleich die Frage vorab... Wie kann ich im Abgesicherten Modus mit Eingabeaufforderung das script, das ich hier hoffentlich bekomme, einfügen? Bin jetzt an meinem eigenen Rechner und mache hier alles was ich für den Laptop brauche.

Vielen Dank im Voraus für die schnelle Hilfe

Grüße

markusg 03.06.2013 17:51
Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O20 - HKU\meinLaptop_ON_C Winlogon: Shell - (C:\Users\meinLaptop\AppData\Roaming\skype.dat) - C:\Users\meinLaptop\AppData\Roaming\skype.dat ()
[2013/06/03 11:50:26 | 000,000,004 | ---- | M] () -- C:\Users\meinLaptop\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Maggus123 03.06.2013 18:34
Vielen Dank für die schnelle Antwort. Ich habe deinen Code genommen und ihn in fix.txt auf dem USB-Stick gespeichert.

Diesen habe ich dann am Laptop eingesteckt und das Programm gestartet.
Wie von dir beschrieben habe ich die Meldungen mit "yes" beantwortet, wobei die erste Meldung bei mir nicht erscheint. Ich werde nur nach den Benutzern gefragt nicht nach der registry.

Wenn ich dann die .txt Datei ausgewählt habe konnte ich in dem Programm nichts mehr anklicken... 5 mal versucht und 2 mal nach einem Neustart des Rechners.
Auch wenn ich deinen Code manuell einfüge kan ich den "Fix button" kein zweites Mal betätigen... Ist das normal, also fixt der automatisch? Habe einmal 5 Minuten gewartet und habe es dann erneut geschlossen als nichts passiert ist.

markusg 03.06.2013 18:38
otl öffnen, code per hand eintragen, fix klicken, gehts dann?

Maggus123 03.06.2013 18:47
Jetzt ist was passiert.

Folgendes ist dabei rausgekommen:

Code:
========== OTL ==========
Registry value HKEY_USERS\meinLaptop_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\meinLaptop\AppData\Roaming\skype.dat deleted successfully.
File C:\Users\meinLaptop\AppData\Roaming\skype.dat not found.
File C:\Users\meinLaptop\AppData\Roaming\skype.ini not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06032013_224527
Irgendwas stimmt nicht oder?

markusg 03.06.2013 18:48
neustarten ohne cd bitte und dann, wenns läuft, weiter mit Upload

Maggus123 03.06.2013 18:54
Jetzt hats funktioniert. Mache mir erstmal was zum Abendessen dann mache ich weiter.

Vielen vielen Dank schonmal!

Obwohl, der nächste Schritt war ja nicht zeitaufwendig. Habe den Zip-Ordner hochgeladen

markusg 03.06.2013 18:57
guten hunger

Maggus123 03.06.2013 18:57
Datei ist hochgeladen

markusg 03.06.2013 18:59
thx.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Maggus123 03.06.2013 20:09
Zwei Funde kamen bei raus:

http://s14.directupload.net/images/130603/tjz3olor.jpg

markusg 03.06.2013 20:11
log posten bitte

Maggus123 03.06.2013 20:23
Sry

Code:
00:06:10.0441 1648  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:06:10.0457 1648  ============================================================
00:06:10.0457 1648  Current date / time: 2013/06/04 00:06:10.0457
00:06:10.0457 1648  SystemInfo:
00:06:10.0457 1648 
00:06:10.0457 1648  OS Version: 6.0.6001 ServicePack: 1.0
00:06:10.0457 1648  Product type: Workstation
00:06:10.0457 1648  ComputerName: MEINLAPI
00:06:10.0457 1648  UserName: meinLaptop
00:06:10.0457 1648  Windows directory: C:\Windows
00:06:10.0457 1648  System windows directory: C:\Windows
00:06:10.0457 1648  Processor architecture: Intel x86
00:06:10.0457 1648  Number of processors: 2
00:06:10.0457 1648  Page size: 0x1000
00:06:10.0457 1648  Boot type: Normal boot
00:06:10.0457 1648  ============================================================
00:06:11.0892 1648  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:06:11.0923 1648  Drive \Device\Harddisk1\DR2 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:06:11.0923 1648  ============================================================
00:06:11.0923 1648  \Device\Harddisk0\DR0:
00:06:11.0923 1648  MBR partitions:
00:06:11.0923 1648  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
00:06:11.0923 1648  \Device\Harddisk1\DR2:
00:06:11.0923 1648  MBR partitions:
00:06:11.0923 1648  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x588, BlocksNum 0x1F3A78
00:06:11.0923 1648  ============================================================
00:06:11.0970 1648  C: <-> \Device\Harddisk0\DR0\Partition1
00:06:11.0970 1648  ============================================================
00:06:11.0970 1648  Initialize success
00:06:11.0970 1648  ============================================================
00:07:01.0103 3024  ============================================================
00:07:01.0103 3024  Scan started
00:07:01.0103 3024  Mode: Manual; SigCheck; TDLFS;
00:07:01.0103 3024  ============================================================
00:07:01.0914 3024  ================ Scan system memory ========================
00:07:01.0914 3024  System memory - ok
00:07:01.0914 3024  ================ Scan services =============================
00:07:02.0117 3024  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
00:07:02.0226 3024  ACPI - ok
00:07:02.0319 3024  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:07:02.0335 3024  AdobeFlashPlayerUpdateSvc - ok
00:07:02.0382 3024  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
00:07:02.0397 3024  adp94xx - ok
00:07:02.0444 3024  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
00:07:02.0460 3024  adpahci - ok
00:07:02.0460 3024  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
00:07:02.0475 3024  adpu160m - ok
00:07:02.0475 3024  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
00:07:02.0491 3024  adpu320 - ok
00:07:02.0553 3024  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
00:07:02.0647 3024  AeLookupSvc - ok
00:07:02.0709 3024  [ 48EB99503533C27AC6135648E5474457 ] AFD            C:\Windows\system32\drivers\afd.sys
00:07:02.0756 3024  AFD - ok
00:07:02.0803 3024  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:07:02.0819 3024  agp440 - ok
00:07:02.0850 3024  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
00:07:02.0865 3024  aic78xx - ok
00:07:02.0897 3024  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
00:07:02.0943 3024  ALG - ok
00:07:02.0975 3024  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:07:02.0975 3024  aliide - ok
00:07:02.0990 3024  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
00:07:03.0006 3024  amdagp - ok
00:07:03.0037 3024  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:07:03.0037 3024  amdide - ok
00:07:03.0068 3024  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
00:07:03.0115 3024  AmdK7 - ok
00:07:03.0146 3024  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
00:07:03.0177 3024  AmdK8 - ok
00:07:03.0255 3024  [ 46DF729D906D8C0C1F68D85370528523 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
00:07:03.0271 3024  AppHostSvc - ok
00:07:03.0333 3024  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
00:07:03.0349 3024  Appinfo - ok
00:07:03.0396 3024  [ C56DED3FE618C8BAE1AAAF4E801CCB3E ] AppMgmt        C:\Windows\System32\appmgmts.dll
00:07:03.0458 3024  AppMgmt - ok
00:07:03.0489 3024  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
00:07:03.0489 3024  arc - ok
00:07:03.0505 3024  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:07:03.0521 3024  arcsas - ok
00:07:03.0552 3024  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:07:03.0599 3024  AsyncMac - ok
00:07:03.0614 3024  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi          C:\Windows\system32\drivers\atapi.sys
00:07:03.0630 3024  atapi - ok
00:07:03.0661 3024  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:07:03.0692 3024  AudioEndpointBuilder - ok
00:07:03.0708 3024  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:07:03.0723 3024  Audiosrv - ok
00:07:03.0770 3024  [ 57A52EE74FD55C590F209925088CB68B ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
00:07:03.0786 3024  BCM42RLY - ok
00:07:03.0879 3024  [ DF854B83276859183849F15EFF031730 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl6.sys
00:07:04.0098 3024  BCM43XX - ok
00:07:04.0176 3024  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:07:04.0238 3024  Beep - ok
00:07:04.0285 3024  [ 8582E233C346AEFE759833E8A30DD697 ] BFE            C:\Windows\System32\bfe.dll
00:07:04.0332 3024  BFE - ok
00:07:04.0394 3024  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
00:07:04.0457 3024  BITS - ok
00:07:04.0519 3024  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
00:07:04.0566 3024  blbdrive - ok
00:07:04.0597 3024  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:07:04.0628 3024  bowser - ok
00:07:04.0659 3024  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
00:07:04.0706 3024  BrFiltLo - ok
00:07:04.0706 3024  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
00:07:04.0753 3024  BrFiltUp - ok
00:07:04.0800 3024  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
00:07:04.0831 3024  Browser - ok
00:07:04.0878 3024  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
00:07:05.0081 3024  Brserid - ok
00:07:05.0096 3024  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
00:07:05.0174 3024  BrSerWdm - ok
00:07:05.0205 3024  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
00:07:05.0283 3024  BrUsbMdm - ok
00:07:05.0315 3024  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
00:07:05.0377 3024  BrUsbSer - ok
00:07:05.0424 3024  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:07:05.0486 3024  BTHMODEM - ok
00:07:05.0502 3024  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:07:05.0549 3024  cdfs - ok
00:07:05.0580 3024  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
00:07:05.0611 3024  cdrom - ok
00:07:05.0658 3024  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc    C:\Windows\System32\certprop.dll
00:07:05.0720 3024  CertPropSvc - ok
00:07:05.0751 3024  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
00:07:05.0814 3024  circlass - ok
00:07:05.0861 3024  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
00:07:05.0876 3024  CLFS - ok
00:07:06.0001 3024  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:07:06.0017 3024  clr_optimization_v2.0.50727_32 - ok
00:07:06.0110 3024  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:07:06.0126 3024  CmBatt - ok
00:07:06.0157 3024  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:07:06.0173 3024  cmdide - ok
00:07:06.0188 3024  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:07:06.0204 3024  Compbatt - ok
00:07:06.0204 3024  COMSysApp - ok
00:07:06.0282 3024  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
00:07:06.0282 3024  crcdisk - ok
00:07:06.0329 3024  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
00:07:06.0344 3024  Crusoe - ok
00:07:06.0375 3024  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:07:06.0422 3024  CryptSvc - ok
00:07:06.0453 3024  [ 9A5434125C3DFE42393DE4BBB791BD19 ] CSC            C:\Windows\system32\drivers\csc.sys
00:07:06.0485 3024  CSC - ok
00:07:06.0547 3024  [ CB1D480676229A09EEF1DD4D23C5EDF3 ] CscService      C:\Windows\System32\cscsvc.dll
00:07:06.0578 3024  CscService - ok
00:07:06.0641 3024  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:07:06.0750 3024  DcomLaunch - ok
00:07:06.0812 3024  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:07:06.0828 3024  DfsC - ok
00:07:06.0968 3024  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
00:07:07.0140 3024  DFSR - ok
00:07:07.0202 3024  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
00:07:07.0249 3024  Dhcp - ok
00:07:07.0280 3024  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
00:07:07.0296 3024  disk - ok
00:07:07.0327 3024  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:07:07.0374 3024  Dnscache - ok
00:07:07.0405 3024  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc        C:\Windows\System32\dot3svc.dll
00:07:07.0436 3024  dot3svc - ok
00:07:07.0467 3024  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
00:07:07.0514 3024  DPS - ok
00:07:07.0577 3024  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
00:07:07.0608 3024  drmkaud - ok
00:07:07.0655 3024  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
00:07:07.0686 3024  DXGKrnl - ok
00:07:07.0733 3024  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
00:07:07.0779 3024  E1G60 - ok
00:07:07.0842 3024  [ 9475DC7971CFE8B0302D4126CF0653CD ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys
00:07:07.0889 3024  e1yexpress - ok
00:07:07.0904 3024  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
00:07:07.0935 3024  EapHost - ok
00:07:07.0967 3024  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
00:07:07.0982 3024  Ecache - ok
00:07:08.0029 3024  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
00:07:08.0045 3024  elxstor - ok
00:07:08.0091 3024  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
00:07:08.0138 3024  EMDMgmt - ok
00:07:08.0185 3024  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:07:08.0216 3024  ErrDev - ok
00:07:08.0263 3024  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem    C:\Windows\system32\es.dll
00:07:08.0310 3024  EventSystem - ok
00:07:08.0341 3024  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat          C:\Windows\system32\drivers\exfat.sys
00:07:08.0372 3024  exfat - ok
00:07:08.0403 3024  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat        C:\Windows\system32\drivers\fastfat.sys
00:07:08.0450 3024  fastfat - ok
00:07:08.0466 3024  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax            C:\Windows\system32\fxssvc.exe
00:07:08.0513 3024  Fax - ok
00:07:08.0575 3024  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
00:07:08.0591 3024  fdc - ok
00:07:08.0622 3024  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
00:07:08.0669 3024  fdPHost - ok
00:07:08.0669 3024  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:07:08.0747 3024  FDResPub - ok
00:07:08.0762 3024  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:07:08.0778 3024  FileInfo - ok
00:07:08.0809 3024  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
00:07:08.0825 3024  Filetrace - ok
00:07:08.0840 3024  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:07:08.0856 3024  flpydisk - ok
00:07:08.0871 3024  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:07:08.0871 3024  FltMgr - ok
00:07:08.0949 3024  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:07:08.0949 3024  FontCache3.0.0.0 - ok
00:07:08.0981 3024  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:07:09.0012 3024  Fs_Rec - ok
00:07:09.0027 3024  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:07:09.0043 3024  gagp30kx - ok
00:07:09.0090 3024  [ D9F1113D9401185245573350712F92FC ] gpsvc          C:\Windows\System32\gpsvc.dll
00:07:09.0137 3024  gpsvc - ok
00:07:09.0215 3024  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
00:07:09.0230 3024  gupdate - ok
00:07:09.0230 3024  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
00:07:09.0230 3024  gupdatem - ok
00:07:09.0324 3024  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:07:09.0371 3024  HdAudAddService - ok
00:07:09.0386 3024  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:07:09.0417 3024  HDAudBus - ok
00:07:09.0449 3024  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:07:09.0495 3024  HidBth - ok
00:07:09.0511 3024  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
00:07:09.0573 3024  HidIr - ok
00:07:09.0589 3024  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv        C:\Windows\system32\hidserv.dll
00:07:09.0651 3024  hidserv - ok
00:07:09.0683 3024  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:07:09.0714 3024  HidUsb - ok
00:07:09.0761 3024  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:07:09.0792 3024  hkmsvc - ok
00:07:09.0823 3024  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
00:07:09.0839 3024  HpCISSs - ok
00:07:09.0870 3024  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:07:09.0917 3024  HSFHWAZL - ok
00:07:09.0995 3024  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV        C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:07:10.0073 3024  HSF_DPV - ok
00:07:10.0151 3024  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:07:10.0213 3024  HTTP - ok
00:07:10.0291 3024  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
00:07:10.0291 3024  i2omp - ok
00:07:10.0338 3024  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:07:10.0369 3024  i8042prt - ok
00:07:10.0416 3024  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
00:07:10.0431 3024  iaStorV - ok
00:07:10.0494 3024  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:07:10.0541 3024  idsvc - ok
00:07:10.0681 3024  [ 9B1C286404283F71D14DD681408B9750 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
00:07:11.0024 3024  igfx - ok
00:07:11.0071 3024  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
00:07:11.0087 3024  iirsp - ok
00:07:11.0165 3024  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
00:07:11.0211 3024  IKEEXT - ok
00:07:11.0258 3024  [ 264632ADE8127B7BAA2190CF6FAD435B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
00:07:11.0289 3024  IntcHdmiAddService - ok
00:07:11.0336 3024  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:07:11.0336 3024  intelide - ok
00:07:11.0414 3024  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:07:11.0445 3024  intelppm - ok
00:07:11.0477 3024  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
00:07:11.0508 3024  IPBusEnum - ok
00:07:11.0523 3024  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:07:11.0586 3024  IpFilterDriver - ok
00:07:11.0617 3024  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:07:11.0664 3024  iphlpsvc - ok
00:07:11.0679 3024  IpInIp - ok
00:07:11.0711 3024  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
00:07:11.0742 3024  IPMIDRV - ok
00:07:11.0742 3024  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
00:07:11.0789 3024  IPNAT - ok
00:07:11.0804 3024  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:07:11.0835 3024  IRENUM - ok
00:07:11.0851 3024  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:07:11.0851 3024  isapnp - ok
00:07:11.0882 3024  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
00:07:11.0882 3024  iScsiPrt - ok
00:07:11.0913 3024  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
00:07:11.0913 3024  iteatapi - ok
00:07:11.0929 3024  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
00:07:11.0929 3024  iteraid - ok
00:07:11.0945 3024  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:07:11.0960 3024  kbdclass - ok
00:07:12.0023 3024  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:07:12.0054 3024  kbdhid - ok
00:07:12.0101 3024  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
00:07:12.0101 3024  KeyIso - ok
00:07:12.0116 3024  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:07:12.0194 3024  KSecDD - ok
00:07:12.0272 3024  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
00:07:12.0335 3024  KtmRm - ok
00:07:12.0397 3024  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:07:12.0459 3024  LanmanServer - ok
00:07:12.0522 3024  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:07:12.0569 3024  LanmanWorkstation - ok
00:07:12.0584 3024  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:07:12.0631 3024  lltdio - ok
00:07:12.0678 3024  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
00:07:12.0740 3024  lltdsvc - ok
00:07:12.0756 3024  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
00:07:12.0834 3024  lmhosts - ok
00:07:12.0865 3024  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:07:12.0881 3024  LSI_FC - ok
00:07:12.0896 3024  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
00:07:12.0912 3024  LSI_SAS - ok
00:07:12.0927 3024  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:07:12.0943 3024  LSI_SCSI - ok
00:07:12.0959 3024  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
00:07:12.0990 3024  luafv - ok
00:07:13.0021 3024  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
00:07:13.0037 3024  megasas - ok
00:07:13.0068 3024  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
00:07:13.0083 3024  MegaSR - ok
00:07:13.0130 3024  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
00:07:13.0161 3024  MMCSS - ok
00:07:13.0177 3024  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
00:07:13.0224 3024  Modem - ok
00:07:13.0271 3024  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
00:07:13.0317 3024  monitor - ok
00:07:13.0333 3024  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:07:13.0349 3024  mouclass - ok
00:07:13.0364 3024  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:07:13.0411 3024  mouhid - ok
00:07:13.0427 3024  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
00:07:13.0442 3024  MountMgr - ok
00:07:13.0458 3024  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:07:13.0473 3024  mpio - ok
00:07:13.0505 3024  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:07:13.0520 3024  mpsdrv - ok
00:07:13.0567 3024  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:07:13.0614 3024  MpsSvc - ok
00:07:13.0645 3024  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
00:07:13.0645 3024  Mraid35x - ok
00:07:13.0676 3024  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:07:13.0723 3024  MRxDAV - ok
00:07:13.0754 3024  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:07:13.0770 3024  mrxsmb - ok
00:07:13.0801 3024  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:07:13.0817 3024  mrxsmb10 - ok
00:07:13.0832 3024  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:07:13.0863 3024  mrxsmb20 - ok
00:07:13.0895 3024  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
00:07:13.0910 3024  msahci - ok
00:07:13.0926 3024  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
00:07:13.0941 3024  msdsm - ok
00:07:13.0973 3024  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
00:07:14.0035 3024  MSDTC - ok
00:07:14.0051 3024  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:07:14.0097 3024  Msfs - ok
00:07:14.0129 3024  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:07:14.0129 3024  msisadrv - ok
00:07:14.0191 3024  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
00:07:14.0207 3024  MSiSCSI - ok
00:07:14.0222 3024  msiserver - ok
00:07:14.0285 3024  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
00:07:14.0316 3024  MSKSSRV - ok
00:07:14.0363 3024  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:07:14.0394 3024  MSPCLOCK - ok
00:07:14.0394 3024  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
00:07:14.0425 3024  MSPQM - ok
00:07:14.0456 3024  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
00:07:14.0472 3024  MsRPC - ok
00:07:14.0487 3024  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:07:14.0487 3024  mssmbios - ok
00:07:14.0534 3024  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
00:07:14.0550 3024  MSTEE - ok
00:07:14.0581 3024  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup            C:\Windows\system32\Drivers\mup.sys
00:07:14.0597 3024  Mup - ok
00:07:14.0628 3024  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
00:07:14.0659 3024  napagent - ok
00:07:14.0706 3024  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
00:07:14.0737 3024  NativeWifiP - ok
00:07:14.0768 3024  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:07:14.0784 3024  NDIS - ok
00:07:14.0815 3024  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:07:14.0831 3024  NdisTapi - ok
00:07:14.0862 3024  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
00:07:14.0893 3024  Ndisuio - ok
00:07:14.0924 3024  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
00:07:14.0940 3024  NdisWan - ok
00:07:14.0971 3024  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
00:07:15.0002 3024  NDProxy - ok
00:07:15.0049 3024  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
00:07:15.0080 3024  NetBIOS - ok
00:07:15.0096 3024  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
00:07:15.0143 3024  netbt - ok
00:07:15.0158 3024  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
00:07:15.0174 3024  Netlogon - ok
00:07:15.0205 3024  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
00:07:15.0236 3024  Netman - ok
00:07:15.0267 3024  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
00:07:15.0299 3024  netprofm - ok
00:07:15.0345 3024  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:07:15.0361 3024  NetTcpPortSharing - ok
00:07:15.0408 3024  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
00:07:15.0423 3024  nfrd960 - ok
00:07:15.0470 3024  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:07:15.0517 3024  NlaSvc - ok
00:07:15.0533 3024  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:07:15.0548 3024  Npfs - ok
00:07:15.0564 3024  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
00:07:15.0611 3024  nsi - ok
00:07:15.0626 3024  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:07:15.0657 3024  nsiproxy - ok
00:07:15.0720 3024  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:07:15.0829 3024  Ntfs - ok
00:07:15.0876 3024  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
00:07:15.0938 3024  ntrigdigi - ok
00:07:16.0032 3024  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
00:07:16.0047 3024  Null - ok
00:07:16.0079 3024  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:07:16.0079 3024  nvraid - ok
00:07:16.0125 3024  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:07:16.0125 3024  nvstor - ok
00:07:16.0172 3024  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:07:16.0172 3024  nv_agp - ok
00:07:16.0172 3024  NwlnkFlt - ok
00:07:16.0188 3024  NwlnkFwd - ok
00:07:16.0219 3024  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
00:07:16.0250 3024  ohci1394 - ok
00:07:16.0297 3024  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
00:07:16.0344 3024  p2pimsvc - ok
00:07:16.0359 3024  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:07:16.0375 3024  p2psvc - ok
00:07:16.0437 3024  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
00:07:16.0484 3024  Parport - ok
00:07:16.0500 3024  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr        C:\Windows\system32\drivers\partmgr.sys
00:07:16.0515 3024  partmgr - ok
00:07:16.0531 3024  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
00:07:16.0609 3024  Parvdm - ok
00:07:16.0640 3024  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:07:16.0671 3024  PcaSvc - ok
00:07:16.0687 3024  [ 01B94418DEB235DFF777CC80076354B4 ] pci            C:\Windows\system32\drivers\pci.sys
00:07:16.0703 3024  pci - ok
00:07:16.0703 3024  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
00:07:16.0718 3024  pciide - ok
00:07:16.0749 3024  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:07:16.0765 3024  pcmcia - ok
00:07:16.0812 3024  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:07:16.0905 3024  PEAUTH - ok
00:07:16.0983 3024  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
00:07:17.0249 3024  pla - ok
00:07:17.0295 3024  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:07:17.0342 3024  PlugPlay - ok
00:07:17.0389 3024  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
00:07:17.0405 3024  PNRPAutoReg - ok
00:07:17.0420 3024  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
00:07:17.0451 3024  PNRPsvc - ok
00:07:17.0514 3024  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
00:07:17.0701 3024  PolicyAgent - ok
00:07:17.0748 3024  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:07:17.0779 3024  PptpMiniport - ok
00:07:17.0857 3024  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
00:07:17.0888 3024  Processor - ok
00:07:17.0935 3024  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc        C:\Windows\system32\profsvc.dll
00:07:17.0966 3024  ProfSvc - ok
00:07:17.0997 3024  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:07:17.0997 3024  ProtectedStorage - ok
00:07:18.0044 3024  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
00:07:18.0091 3024  PSched - ok
00:07:18.0138 3024  [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
00:07:18.0153 3024  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:07:18.0153 3024  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:07:18.0216 3024  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:07:18.0309 3024  ql2300 - ok
00:07:18.0372 3024  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:07:18.0387 3024  ql40xx - ok
00:07:18.0419 3024  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
00:07:18.0434 3024  QWAVE - ok
00:07:18.0450 3024  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:07:18.0481 3024  QWAVEdrv - ok
00:07:18.0528 3024  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:07:18.0575 3024  RasAcd - ok
00:07:18.0606 3024  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
00:07:18.0637 3024  RasAuto - ok
00:07:18.0668 3024  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
00:07:18.0699 3024  Rasl2tp - ok
00:07:18.0715 3024  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
00:07:18.0762 3024  RasMan - ok
00:07:18.0793 3024  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:07:18.0824 3024  RasPppoe - ok
00:07:18.0840 3024  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
00:07:18.0887 3024  RasSstp - ok
00:07:18.0918 3024  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
00:07:18.0933 3024  rdbss - ok
00:07:18.0949 3024  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:07:18.0980 3024  RDPCDD - ok
00:07:18.0996 3024  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\DRIVERS\rdpdr.sys
00:07:19.0011 3024  rdpdr - ok
00:07:19.0027 3024  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:07:19.0043 3024  RDPENCDD - ok
00:07:19.0074 3024  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
00:07:19.0121 3024  RDPWD - ok
00:07:19.0199 3024  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:07:19.0245 3024  RemoteAccess - ok
00:07:19.0277 3024  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:07:19.0308 3024  RemoteRegistry - ok
00:07:19.0355 3024  [ EA885E7A56F1BE1F14C372337C42FE48 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
00:07:19.0370 3024  rimmptsk - ok
00:07:19.0386 3024  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
00:07:19.0433 3024  RpcLocator - ok
00:07:19.0448 3024  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs          C:\Windows\system32\rpcss.dll
00:07:19.0479 3024  RpcSs - ok
00:07:19.0511 3024  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:07:19.0542 3024  rspndr - ok
00:07:19.0557 3024  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs          C:\Windows\system32\lsass.exe
00:07:19.0573 3024  SamSs - ok
00:07:19.0589 3024  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:07:19.0604 3024  sbp2port - ok
00:07:19.0635 3024  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:07:19.0667 3024  SCardSvr - ok
00:07:19.0698 3024  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
00:07:19.0745 3024  Schedule - ok
00:07:19.0807 3024  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc    C:\Windows\System32\certprop.dll
00:07:19.0823 3024  SCPolicySvc - ok
00:07:19.0869 3024  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
00:07:19.0916 3024  sdbus - ok
00:07:19.0947 3024  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:07:19.0979 3024  SDRSVC - ok
00:07:19.0979 3024  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:07:20.0025 3024  secdrv - ok
00:07:20.0025 3024  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
00:07:20.0041 3024  seclogon - ok
00:07:20.0057 3024  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
00:07:20.0088 3024  SENS - ok
00:07:20.0150 3024  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
00:07:20.0197 3024  Serenum - ok
00:07:20.0228 3024  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:07:20.0259 3024  Serial - ok
00:07:20.0275 3024  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:07:20.0306 3024  sermouse - ok
00:07:20.0337 3024  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:07:20.0384 3024  SessionEnv - ok
00:07:20.0384 3024  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
00:07:20.0415 3024  sffdisk - ok
00:07:20.0415 3024  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:07:20.0447 3024  sffp_mmc - ok
00:07:20.0462 3024  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
00:07:20.0478 3024  sffp_sd - ok
00:07:20.0493 3024  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
00:07:20.0556 3024  sfloppy - ok
00:07:20.0587 3024  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:07:20.0618 3024  SharedAccess - ok
00:07:20.0649 3024  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:07:20.0696 3024  ShellHWDetection - ok
00:07:20.0727 3024  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
00:07:20.0743 3024  sisagp - ok
00:07:20.0759 3024  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
00:07:20.0774 3024  SiSRaid2 - ok
00:07:20.0774 3024  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:07:20.0790 3024  SiSRaid4 - ok
00:07:20.0883 3024  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc          C:\Windows\system32\SLsvc.exe
00:07:21.0164 3024  slsvc - ok
00:07:21.0195 3024  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
00:07:21.0227 3024  SLUINotify - ok
00:07:21.0258 3024  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
00:07:21.0305 3024  Smb - ok
00:07:21.0320 3024  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:07:21.0336 3024  SNMPTRAP - ok
00:07:21.0351 3024  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
00:07:21.0367 3024  spldr - ok
00:07:21.0398 3024  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler        C:\Windows\System32\spoolsv.exe
00:07:21.0429 3024  Spooler - ok
00:07:21.0461 3024  [ 2252AEF839B1093D16761189F45AF885 ] srv            C:\Windows\system32\DRIVERS\srv.sys
00:07:21.0492 3024  srv - ok
00:07:21.0523 3024  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:07:21.0554 3024  srv2 - ok
00:07:21.0585 3024  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:07:21.0601 3024  srvnet - ok
00:07:21.0632 3024  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
00:07:21.0663 3024  SSDPSRV - ok
00:07:21.0695 3024  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
00:07:21.0710 3024  SstpSvc - ok
00:07:21.0741 3024  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
00:07:21.0788 3024  stisvc - ok
00:07:21.0835 3024  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:07:21.0835 3024  swenum - ok
00:07:21.0882 3024  [ B36C7CDB86F7F7A8E884479219766950 ] swprv          C:\Windows\System32\swprv.dll
00:07:21.0929 3024  swprv - ok
00:07:21.0975 3024  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
00:07:21.0991 3024  Symc8xx - ok
00:07:21.0991 3024  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
00:07:22.0007 3024  Sym_hi - ok
00:07:22.0007 3024  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
00:07:22.0022 3024  Sym_u3 - ok
00:07:22.0069 3024  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain        C:\Windows\system32\sysmain.dll
00:07:22.0116 3024  SysMain - ok
00:07:22.0178 3024  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:07:22.0241 3024  TabletInputService - ok
00:07:22.0303 3024  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv        C:\Windows\System32\tapisrv.dll
00:07:22.0350 3024  TapiSrv - ok
00:07:22.0365 3024  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
00:07:22.0412 3024  TBS - ok
00:07:22.0459 3024  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
00:07:22.0490 3024  Tcpip - ok
00:07:22.0506 3024  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
00:07:22.0537 3024  Tcpip6 - ok
00:07:22.0584 3024  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:07:22.0615 3024  tcpipreg - ok
00:07:22.0693 3024  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:07:22.0709 3024  TDPIPE - ok
00:07:22.0709 3024  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
00:07:22.0755 3024  TDTCP - ok
00:07:22.0771 3024  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
00:07:22.0787 3024  tdx - ok
00:07:22.0802 3024  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:07:22.0818 3024  TermDD - ok
00:07:22.0849 3024  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService    C:\Windows\System32\termsrv.dll
00:07:22.0896 3024  TermService - ok
00:07:22.0911 3024  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
00:07:22.0927 3024  Themes - ok
00:07:22.0927 3024  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
00:07:22.0958 3024  THREADORDER - ok
00:07:23.0005 3024  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
00:07:23.0036 3024  TrkWks - ok
00:07:23.0114 3024  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:07:23.0161 3024  TrustedInstaller - ok
00:07:23.0192 3024  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:07:23.0223 3024  tssecsrv - ok
00:07:23.0270 3024  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
00:07:23.0286 3024  tunmp - ok
00:07:23.0301 3024  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:07:23.0317 3024  tunnel - ok
00:07:23.0333 3024  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:07:23.0348 3024  uagp35 - ok
00:07:23.0364 3024  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:07:23.0395 3024  udfs - ok
00:07:23.0426 3024  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
00:07:23.0457 3024  UI0Detect - ok
00:07:23.0457 3024  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:07:23.0473 3024  uliagpkx - ok
00:07:23.0504 3024  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
00:07:23.0520 3024  uliahci - ok
00:07:23.0520 3024  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
00:07:23.0535 3024  UlSata - ok
00:07:23.0551 3024  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
00:07:23.0567 3024  ulsata2 - ok
00:07:23.0582 3024  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
00:07:23.0613 3024  umbus - ok
00:07:23.0629 3024  [ 909795B5B15047D9331F3D6B276B3993 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:07:23.0660 3024  UmRdpService - ok
00:07:23.0691 3024  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
00:07:23.0738 3024  upnphost - ok
00:07:23.0769 3024  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
00:07:23.0785 3024  usbccgp - ok
00:07:23.0816 3024  [ E0B8489AEDA9EA33361037BE6A8CF1CA ] USBCCID        C:\Windows\system32\DRIVERS\usbccid.sys
00:07:23.0832 3024  USBCCID - ok
00:07:23.0879 3024  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:07:23.0910 3024  usbcir - ok
00:07:23.0941 3024  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
00:07:23.0957 3024  usbehci - ok
00:07:23.0988 3024  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:07:24.0019 3024  usbhub - ok
00:07:24.0050 3024  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
00:07:24.0097 3024  usbohci - ok
00:07:24.0113 3024  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
00:07:24.0159 3024  usbprint - ok
00:07:24.0191 3024  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:07:24.0222 3024  USBSTOR - ok
00:07:24.0253 3024  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
00:07:24.0284 3024  usbuhci - ok
00:07:24.0315 3024  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms          C:\Windows\System32\uxsms.dll
00:07:24.0347 3024  UxSms - ok
00:07:24.0362 3024  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds            C:\Windows\System32\vds.exe
00:07:24.0409 3024  vds - ok
00:07:24.0456 3024  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
00:07:24.0487 3024  vga - ok
00:07:24.0534 3024  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
00:07:24.0549 3024  VgaSave - ok
00:07:24.0581 3024  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
00:07:24.0596 3024  viaagp - ok
00:07:24.0612 3024  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
00:07:24.0659 3024  ViaC7 - ok
00:07:24.0674 3024  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
00:07:24.0674 3024  viaide - ok
00:07:24.0705 3024  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:07:24.0705 3024  volmgr - ok
00:07:24.0752 3024  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
00:07:24.0768 3024  volmgrx - ok
00:07:24.0783 3024  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
00:07:24.0799 3024  volsnap - ok
00:07:24.0830 3024  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
00:07:24.0846 3024  vsmraid - ok
00:07:24.0908 3024  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS            C:\Windows\system32\vssvc.exe
00:07:24.0986 3024  VSS - ok
00:07:25.0002 3024  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time        C:\Windows\system32\w32time.dll
00:07:25.0049 3024  W32Time - ok
00:07:25.0080 3024  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:07:25.0158 3024  WacomPen - ok
00:07:25.0189 3024  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
00:07:25.0220 3024  Wanarp - ok
00:07:25.0236 3024  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:07:25.0251 3024  Wanarpv6 - ok
00:07:25.0283 3024  [ 3BE6FB7ACD994D6EEE9836C4E36F1FFC ] WAS            C:\Windows\system32\inetsrv\iisw3adm.dll
00:07:25.0314 3024  WAS - ok
00:07:25.0392 3024  [ F0E594DD07B2163DF9F5D5B6B471DDFA ] wbengine        C:\Windows\system32\wbengine.exe
00:07:25.0423 3024  wbengine - ok
00:07:25.0454 3024  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
00:07:25.0485 3024  wcncsvc - ok
00:07:25.0532 3024  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:07:25.0579 3024  WcsPlugInService - ok
00:07:25.0641 3024  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
00:07:25.0657 3024  Wd - ok
00:07:25.0688 3024  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:07:25.0704 3024  Wdf01000 - ok
00:07:25.0735 3024  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:07:25.0782 3024  WdiServiceHost - ok
00:07:25.0782 3024  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
00:07:25.0813 3024  WdiSystemHost - ok
00:07:25.0829 3024  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient      C:\Windows\System32\webclnt.dll
00:07:25.0844 3024  WebClient - ok
00:07:25.0875 3024  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:07:25.0907 3024  Wecsvc - ok
00:07:25.0922 3024  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
00:07:25.0938 3024  wercplsupport - ok
00:07:26.0000 3024  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:07:26.0031 3024  WerSvc - ok
00:07:26.0047 3024  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:07:26.0094 3024  winachsf - ok
00:07:26.0172 3024  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
00:07:26.0187 3024  WinDefend - ok
00:07:26.0203 3024  WinHttpAutoProxySvc - ok
00:07:26.0265 3024  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
00:07:26.0297 3024  Winmgmt - ok
00:07:26.0406 3024  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
00:07:26.0453 3024  WinRM - ok
00:07:26.0515 3024  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc        C:\Windows\System32\wlansvc.dll
00:07:26.0562 3024  Wlansvc - ok
00:07:26.0593 3024  [ 505372073EAE4B6DB42EE2CD16957C74 ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
00:07:26.0609 3024  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
00:07:26.0609 3024  wltrysvc - detected UnsignedFile.Multi.Generic (1)
00:07:26.0640 3024  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
00:07:26.0655 3024  WmiAcpi - ok
00:07:26.0718 3024  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:07:26.0765 3024  wmiApSrv - ok
00:07:26.0827 3024  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
00:07:26.0858 3024  WMPNetworkSvc - ok
00:07:26.0905 3024  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:07:26.0936 3024  WPDBusEnum - ok
00:07:26.0999 3024  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
00:07:27.0014 3024  ws2ifsl - ok
00:07:27.0045 3024  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
00:07:27.0061 3024  wscsvc - ok
00:07:27.0061 3024  WSearch - ok
00:07:27.0139 3024  [ D79538B67FA641E986855DEF651E78FE ] wuauserv        C:\Windows\system32\wuaueng.dll
00:07:27.0482 3024  wuauserv - ok
00:07:27.0513 3024  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:07:27.0545 3024  WUDFRd - ok
00:07:27.0576 3024  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
00:07:27.0607 3024  wudfsvc - ok
00:07:27.0623 3024  ================ Scan global ===============================
00:07:27.0669 3024  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:07:27.0701 3024  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
00:07:27.0732 3024  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
00:07:27.0763 3024  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
00:07:27.0779 3024  [Global] - ok
00:07:27.0779 3024  ================ Scan MBR ==================================
00:07:27.0794 3024  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:07:28.0605 3024  \Device\Harddisk0\DR0 - ok
00:07:28.0605 3024  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
00:07:28.0777 3024  \Device\Harddisk1\DR2 - ok
00:07:28.0777 3024  ================ Scan VBR ==================================
00:07:28.0777 3024  [ A906A60227BF8E09BC9DEAA28D98C26B ] \Device\Harddisk0\DR0\Partition1
00:07:28.0777 3024  \Device\Harddisk0\DR0\Partition1 - ok
00:07:28.0793 3024  [ 65A1376B6786BCD93629B6FFC4049190 ] \Device\Harddisk1\DR2\Partition1
00:07:28.0793 3024  \Device\Harddisk1\DR2\Partition1 - ok
00:07:28.0793 3024  ============================================================
00:07:28.0793 3024  Scan finished
00:07:28.0793 3024  ============================================================
00:07:28.0793 2864  Detected object count: 2
00:07:28.0793 2864  Actual detected object count: 2
00:21:35.0237 2864  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:21:35.0237 2864  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:21:35.0237 2864  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:21:35.0237 2864  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Hilft Malwarebytes Anti-Malware?
Das hat bei meinem PC wunderbar funktioniert. Der hat alles gefunden

markusg 03.06.2013 20:25
passt.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Maggus123 03.06.2013 20:38
Ist das das Richtige?

Code:
ComboFix 13-06-03.06 - meinLaptop 04.06.2013  0:31.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.3023.1794 [GMT 2:00]
ausgeführt von:: c:\users\meinLaptop\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-03 bis 2013-06-03  ))))))))))))))))))))))))))))))
.
.
2013-06-04 02:44 . 2013-06-03 20:55        --------        d-----w-        C:\_OTL
2013-06-03 22:35 . 2013-06-03 22:35        --------        d-----w-        c:\users\meinLaptop\AppData\Local\temp
2013-06-03 22:35 . 2013-06-03 22:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-02 07:08 . 2013-05-13 06:19        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{65B99311-8B54-48BB-97C3-85FA8F0D4FE9}\mpengine.dll
2013-05-30 18:12 . 2013-05-30 18:12        --------        d-----w-        c:\program files\Windows Collaboration
2013-05-30 18:12 . 2013-05-30 18:12        --------        d-----w-        C:\inetpub
2013-05-30 16:58 . 2009-10-09 21:56        2048        ----a-w-        c:\windows\system32\winrsmgr.dll
2013-05-30 16:58 . 2009-10-09 21:56        12800        ----a-w-        c:\windows\system32\wsmprovhost.exe
2013-05-30 16:58 . 2009-10-09 21:56        20480        ----a-w-        c:\windows\system32\winrshost.exe
2013-05-30 16:58 . 2009-10-09 21:56        40448        ----a-w-        c:\windows\system32\winrs.exe
2013-05-30 16:58 . 2009-10-09 21:56        10240        ----a-w-        c:\windows\system32\wsmplpxy.dll
2013-05-30 16:58 . 2009-10-09 21:56        10240        ----a-w-        c:\windows\system32\winrssrv.dll
2013-05-30 16:52 . 2008-10-22 03:57        241152        ----a-w-        c:\windows\system32\PortableDeviceApi.dll
2013-05-30 16:52 . 2009-10-23 17:42        714240        ----a-w-        c:\windows\system32\timedate.cpl
2013-05-30 16:52 . 2008-08-28 03:40        425472        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll
2013-05-30 16:52 . 2008-08-28 03:40        712704        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2013-05-30 16:52 . 2008-08-28 03:40        347136        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-05-30 16:51 . 2010-01-25 08:35        523776        ----a-w-        c:\windows\system32\RMActivate_isv.exe
2013-05-30 16:51 . 2010-01-25 08:34        511488        ----a-w-        c:\windows\system32\RMActivate.exe
2013-05-30 16:51 . 2010-01-25 08:34        347136        ----a-w-        c:\windows\system32\RMActivate_ssp.exe
2013-05-30 16:51 . 2010-01-25 12:48        472576        ----a-w-        c:\windows\system32\secproc_isv.dll
2013-05-30 16:51 . 2010-01-25 12:48        472064        ----a-w-        c:\windows\system32\secproc.dll
2013-05-30 16:51 . 2010-01-25 08:35        346624        ----a-w-        c:\windows\system32\RMActivate_ssp_isv.exe
2013-05-30 16:51 . 2010-01-25 12:48        151040        ----a-w-        c:\windows\system32\secproc_ssp_isv.dll
2013-05-30 16:51 . 2010-01-25 12:48        151040        ----a-w-        c:\windows\system32\secproc_ssp.dll
2013-05-30 16:51 . 2010-01-25 12:45        329216        ----a-w-        c:\windows\system32\msdrm.dll
2013-05-30 16:51 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2013-05-30 16:51 . 2008-03-08 04:21        1695744        ----a-w-        c:\windows\system32\gameux.dll
2013-05-30 16:51 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2013-05-30 16:42 . 2008-09-18 04:56        125952        ----a-w-        c:\windows\system32\wersvc.dll
2013-05-30 16:42 . 2008-09-18 04:56        147456        ----a-w-        c:\windows\system32\Faultrep.dll
2013-05-30 16:42 . 2008-10-21 05:25        1645568        ----a-w-        c:\windows\system32\connect.dll
2013-05-30 16:42 . 2009-09-10 15:21        1418752        ----a-w-        c:\program files\Windows Media Player\setup_wm.exe
2013-05-30 16:42 . 2009-09-10 15:21        310784        ----a-w-        c:\windows\system32\unregmp2.exe
2013-05-30 16:34 . 2013-05-30 16:34        --------        d-----w-        c:\users\meinLaptop\AppData\Local\WindowsUpdate
2013-05-30 16:23 . 2013-05-30 16:23        --------        d-----w-        c:\programdata\Systweak
2013-05-30 16:23 . 2013-05-30 16:23        --------        d-----w-        c:\program files\Advanced System Protector
2013-05-30 16:23 . 2012-07-25 10:03        17136        ----a-w-        c:\windows\system32\sasnative32.exe
2013-05-30 16:22 . 2013-05-30 16:23        --------        d-----w-        c:\users\meinLaptop\AppData\Roaming\Systweak
2013-05-30 16:22 . 2013-05-30 16:22        --------        d-----w-        c:\program files\RegClean Pro
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 12:22 . 2013-02-08 17:58        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-17 12:22 . 2013-02-08 17:58        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2013-02-08 17:51        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-10 19:25 . 2012-05-23 11:09        89680        ----a-w-        c:\users\meinLaptop\MSSSerif120.fon
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{65cee10f-b443-447b-bc49-588d94ec564a}"= "c:\program files\FileConverter_1.3F4\prxtbFile.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{65cee10f-b443-447b-bc49-588d94ec564a}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{65cee10f-b443-447b-bc49-588d94ec564a}]
2012-11-06 12:01        183112        ----a-w-        c:\program files\FileConverter_1.3F4\prxtbFile.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{65cee10f-b443-447b-bc49-588d94ec564a}"= "c:\program files\FileConverter_1.3F4\prxtbFile.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{65cee10f-b443-447b-bc49-588d94ec564a}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{65CEE10F-B443-447B-BC49-588D94EC564A}"= "c:\program files\FileConverter_1.3F4\prxtbFile.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{65cee10f-b443-447b-bc49-588d94ec564a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-18 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-18 153624]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-11-30 4685824]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 77017073
*Deregistered* - 77017073
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 18:30        1165776        ----a-w-        c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 12:22]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 17:58]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-08 17:58]
.
2013-05-30 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-05-30 10:01]
.
2013-05-30 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-05-30 10:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN10200577301906479&ctid=CT3284351
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-04 00:35
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-04  00:36:27
ComboFix-quarantined-files.txt  2013-06-03 22:36
.
Vor Suchlauf: 11 Verzeichnis(se), 20.716.888.064 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 20.674.584.576 Bytes frei
.
- - End Of File - - E55D8EB25A7E65C054BFDD6A81B81461


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:33 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131