Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: OTLPE Ergebnisse hab ich, was nun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.01.2013, 23:10   #1
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Hallo zusammen,

nachdem ich nun auch von dem weißen Bildschirm unter Windows 7 Starter betroffen bin und auch schon Eure Anleitung zur Verwendung von OTLPE durchgeführt habe, stehe ich nun vor den zwei Textdateien OTL.txt und Extra.txt und weiß nicht weiter.

Könnt Ihr mir hier weiter helfen?

Zur Info noch, ich komme nicht auf das Desktop, denn ich sehe immer nur weiß mit Pfeil, außer kurz beim herunter fahren, da kann ich für wenige Sekunden zugreifen.

Vielen Dank!

---

Anhang:
Angehängte Dateien
Dateityp: txt Extras.txt (32,9 KB, 132x aufgerufen)
Dateityp: txt OTL.txt (59,0 KB, 138x aufgerufen)

Alt 22.01.2013, 11:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 22.01.2013, 13:35   #3
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Hallo und Entschuldigung, habs kapiert
Ich hoffe so passt das dann:

Code:
ATTFilter
OTL logfile created on: 1/21/2013 9:12:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Starter Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free
902.00 Mb Paging File | 820.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 27.99 Gb Total Space | 16.45 Gb Free Space | 58.75% Space Free | Partition Type: NTFS
Drive E: | 201.78 Gb Total Space | 160.14 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive F: | 15.16 Gb Total Space | 15.16 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HWDeviceService.exe)
SRV - [2013/01/21 04:35:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/03 04:44:21 | 000,246,112 | ---- | M] () [Auto] -- E:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2011/10/01 02:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/05/20 08:28:56 | 000,182,128 | R--- | M] (Swisscom) [Auto] -- E:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe -- (UDM Service)
SRV - [2011/05/16 09:14:02 | 001,482,240 | ---- | M] (Swisscom) [Auto] -- E:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe -- (SesamService)
SRV - [2011/02/16 13:08:52 | 000,920,576 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/02/11 05:39:50 | 000,993,616 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/02/11 05:39:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/02/11 05:39:44 | 000,907,600 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/02/08 21:52:08 | 000,102,672 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV - [2011/02/04 09:13:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/02/04 09:02:10 | 000,227,600 | ---- | M] () [On_Demand] -- E:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/02/04 08:58:18 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/11/02 15:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/09/22 09:49:50 | 000,226,672 | ---- | M] (Sierra Wireless, Inc.) [Auto] -- E:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 07:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (ewusbnet)
DRV - [2012/01/03 04:44:23 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/01/03 04:44:23 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/01/03 04:44:23 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/01/03 04:44:23 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/12/09 12:45:00 | 000,047,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011/11/14 18:04:00 | 000,263,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2011/10/01 02:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 02:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 02:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 02:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/05 10:39:59 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System] -- E:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/11 09:53:22 | 000,263,024 | ---- | M] (Swisscom) [Kernel | System] -- E:\Windows\System32\drivers\wtsmpflt.sys -- (WtSmpFlt)
DRV - [2011/04/11 09:53:22 | 000,041,328 | ---- | M] (Swisscom) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wtsmpadap.sys -- (WtSmpAdap)
DRV - [2011/02/24 10:01:14 | 000,242,176 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- E:\Windows\system32\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV - [2011/02/24 10:01:14 | 000,064,000 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- E:\Windows\system32\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV - [2011/02/24 04:38:58 | 007,507,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011/02/16 07:46:28 | 000,209,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP) Intel(R) Centrino(R)
DRV - [2011/02/16 07:46:28 | 000,209,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL) Intel(R) Centrino(R)
DRV - [2011/01/23 19:24:48 | 000,047,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/28 13:07:44 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/09/09 11:48:36 | 000,055,808 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2010/06/09 09:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- E:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 09:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- E:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 11:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- E:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010/03/01 09:56:18 | 000,031,232 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/11/02 12:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- E:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/09 14:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\system32\drivers\ATKACPI.SYS -- (ACPIService)
DRV - [2006/11/10 09:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Otello_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/07/05 13:09:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/07/05 13:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/07/05 13:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2011/11/06 04:51:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/16 02:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/07/05 13:22:41 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Otello\AppData\Roaming\Mozilla\Extensions
[2011/07/06 00:32:44 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2012/10/30 08:07:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2011/09/16 02:37:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ArcSoft Connection Service] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BTMTrayAgent] E:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [FLxHCIm] E:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [fspuip] E:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [HostManager] E:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Hotkey] E:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe ()
O4 - HKLM..\Run: [UDM] E:\Program Files\Swisscom\Unlimited Data Manager\LscaGui.exe (Swisscom)
O4 - HKU\Otello_ON_E..\Run: [busoo.exe] E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe ()
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Otello_ON_E Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Otello_ON_E Winlogon: Shell - (C:\Users\Otello\AppData\Roaming\skype.dat) - E:\Users\Otello\AppData\Roaming\skype.dat ()
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - E:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{27211244-aad7-11e0-86d3-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{27211244-aad7-11e0-86d3-dca9710654a9}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{3e02580a-5277-11e1-a43d-001e101f1f6e}\Shell - "" = AutoRun
O33 - MountPoints2\{3e02580a-5277-11e1-a43d-001e101f1f6e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7ab39843-36d7-11e1-92c4-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7ab39843-36d7-11e1-92c4-dca9710654a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8d1b1dcc-2eee-11e1-8838-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{8d1b1dcc-2eee-11e1-8838-00ade1ac1c1a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8d1b1ddc-2eee-11e1-8838-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{8d1b1ddc-2eee-11e1-8838-00ade1ac1c1a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a345bc66-085b-11e1-8701-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{a345bc66-085b-11e1-8701-dca9710654a9}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{ca8de48d-927f-11e1-a30e-dca9710654a9}\Shell - "" = AutoRun
O33 - MountPoints2\{ca8de48d-927f-11e1-a30e-dca9710654a9}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{f78ba0b9-6401-11e2-956d-806e6f6e6963}\Shell\Option1\Command - "" = E:\HBCD\HBCDMenu.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/21 03:57:02 | 000,000,000 | ---D | C] -- E:\478c85c5afddc849ceea772842c63319
[2013/01/19 19:13:37 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2013/01/19 19:11:16 | 000,000,000 | ---D | C] -- E:\ProgramData\24E3B857140F749C000024E393797A96
[2013/01/19 19:10:14 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Yhorow
[2013/01/19 19:10:14 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Avgymo
[6 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/21 14:43:32 | 000,067,584 | -H-- | M] () -- E:\Windows\bootstat.dat
[2013/01/21 14:42:44 | 000,000,004 | ---- | M] () -- E:\Users\Otello\AppData\Roaming\skype.ini
[2013/01/21 14:40:39 | 000,000,004 | ---- | M] () -- E:\ProgramData\WBLD.INI
[2013/01/21 14:40:39 | 000,000,004 | ---- | M] () -- E:\ProgramData\RELED.INI
[2013/01/21 14:40:25 | 000,001,094 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 14:39:49 | 797,581,312 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/21 13:47:19 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 13:47:19 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 12:50:45 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 12:50:45 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/21 04:35:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/01/21 04:35:27 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/19 19:13:36 | 000,002,068 | ---- | M] () -- E:\Users\Otello\Desktop\System Progressive Protection.lnk
[2013/01/19 18:22:33 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 17:09:59 | 002,200,862 | ---- | M] () -- E:\Users\Otello\Documents\Northwind.accdt
[2013/01/14 17:07:35 | 000,468,534 | ---- | M] () -- E:\Users\Otello\Documents\Tasks.accdt
[2013/01/11 10:49:34 | 001,699,644 | ---- | M] () -- E:\Users\Otello\Desktop\Urlaubsangebote.pdf
[2012/12/23 17:05:35 | 000,490,896 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[6 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/19 19:14:55 | 000,000,004 | ---- | C] () -- E:\Users\Otello\AppData\Roaming\skype.ini
[2013/01/19 19:13:36 | 000,002,068 | ---- | C] () -- E:\Users\Otello\Desktop\System Progressive Protection.lnk
[2013/01/14 17:09:59 | 002,200,862 | ---- | C] () -- E:\Users\Otello\Documents\Northwind.accdt
[2013/01/14 17:07:35 | 000,468,534 | ---- | C] () -- E:\Users\Otello\Documents\Tasks.accdt
[2013/01/11 10:49:31 | 001,699,644 | ---- | C] () -- E:\Users\Otello\Desktop\Urlaubsangebote.pdf
[2012/04/27 14:56:43 | 000,000,017 | ---- | C] () -- E:\Windows\System32\shortcut_ex.dat
[2012/01/13 03:05:37 | 000,110,592 | ---- | C] () -- E:\Users\Otello\AppData\Roaming\skype.dat
[2011/11/01 06:36:21 | 000,006,144 | ---- | C] () -- E:\Users\Otello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 10:41:36 | 000,116,189 | ---- | C] () -- E:\Windows\System32\drivers\klin.dat
[2011/07/05 10:41:35 | 000,098,168 | ---- | C] () -- E:\Windows\System32\drivers\klick.dat
[2011/04/22 22:09:11 | 000,000,004 | ---- | C] () -- E:\ProgramData\WBLD.INI
[2011/04/21 04:04:23 | 000,000,004 | ---- | C] () -- E:\ProgramData\RELED.INI
[2011/04/21 02:00:39 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/13 08:16:30 | 000,016,456 | ---- | C] () -- E:\Windows\System32\drivers\ATKACPI.SYS
[2011/03/24 12:36:12 | 000,012,800 | ---- | C] () -- E:\Windows\System32\Install-VR-pulse.exe
[2011/03/24 12:13:52 | 000,044,544 | ---- | C] () -- E:\Windows\System32\Install-VR-pulse.dll
[2010/11/20 19:46:14 | 000,654,844 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2010/11/20 19:46:14 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2010/11/20 19:46:14 | 000,130,426 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2010/11/20 19:46:14 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/09/09 11:01:40 | 000,027,675 | ---- | C] () -- E:\Windows\System32\drivers\klopp.dat
[2009/07/13 23:57:37 | 000,067,584 | -H-- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,490,896 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,616,686 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,808 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2013/01/19 19:13:14 | 000,000,000 | ---D | M] -- E:\ProgramData\24E3B857140F749C000024E393797A96
[2011/04/21 02:03:17 | 000,000,000 | ---D | M] -- E:\ProgramData\AmUStor
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/01/03 04:49:30 | 000,000,000 | ---D | M] -- E:\ProgramData\DatacardService
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/11/06 04:55:47 | 000,000,000 | ---D | M] -- E:\ProgramData\Local
[2012/01/03 04:48:34 | 000,000,000 | ---D | M] -- E:\ProgramData\Mobile Partner
[2011/07/28 23:59:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2011/04/24 22:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Roaming
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/04/21 03:03:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2013/01/21 14:42:32 | 000,000,000 | ---D | M] -- E:\ProgramData\UDM
[2011/11/06 04:48:35 | 000,000,000 | ---D | M] -- E:\ProgramData\UDM_21168
[2011/07/10 05:07:04 | 000,000,000 | ---D | M] -- E:\ProgramData\VirtualizedApplications
[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/01/21 14:16:57 | 000,000,000 | ---D | M] -- E:\ProgramData\WtDashboard
[2011/12/25 07:02:37 | 000,000,000 | -H-D | M] -- E:\ProgramData\{168F2BF3-5528-4D9C-A12E-B02CA5A44257}
[2012/11/10 11:57:22 | 000,032,634 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 1/21/2013 9:12:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Starter Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free
902.00 Mb Paging File | 820.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 27.99 Gb Total Space | 16.45 Gb Free Space | 58.75% Space Free | Partition Type: NTFS
Drive E: | 201.78 Gb Total Space | 160.14 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
Drive F: | 15.16 Gb Total Space | 15.16 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- E:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13709A29-963F-4C88-866F-132B12ABA40A}" = AM Usb Card Reader Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339474F5-C557-4140-BB96-B7C49A4F5D65}" = VR-pulse Installer
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9326E1-E378-48A6-A82B-800147E63306}" = ArcSoft MediaImpression 2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Hotkey
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi-Software
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B219E8B-B0B5-4730-9E27-BD3EC339A0CC}" = Unlimited Data Manager 10.0.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9E88160-4159-4BA4-A5E3-5EA7C3BD0888}" = Fresco Logic USB3.0 Host Controller
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = AM Usb Card Reader Driver
"AOL Deinstallation" = AOL Deinstallation
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Digital Editions" = Adobe Digital Editions
"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"PROPLUSR" = Microsoft Office Professional Plus 2007
"VLC media player" = VLC media player 2.0.4
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
< End of report >
         
__________________

Geändert von fkress (22.01.2013 um 14:12 Uhr)

Alt 22.01.2013, 14:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKU\Otello_ON_E..\Run: [busoo.exe] E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe ()
O20 - HKU\Otello_ON_E Winlogon: Shell - (C:\Users\Otello\AppData\Roaming\skype.dat) - E:\Users\Otello\AppData\Roaming\skype.dat ()
:Files
E:\Users\Otello\AppData\Roaming\skype.dat
E:\Users\Otello\AppData\Roaming\Yhorow
E:\ProgramData\24E3B857140F749C000024E393797A96
E:\Users\Otello\AppData\Roaming\Avgymo
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 14:50   #5
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Soooo, also ich habe das Fix gemacht. Nur mit dem Logfile habe ich Probleme, ich habe es nun beim dritten geschafft zu speichern:

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_USERS\Otello_ON_E\Software\Microsoft\Windows\CurrentVersion\Run\\busoo.exe not found.
File E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe not found.
Registry value HKEY_USERS\Otello_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Otello\AppData\Roaming\skype.dat deleted successfully.
File E:\Users\Otello\AppData\Roaming\skype.dat not found.
========== FILES ==========
File\Folder E:\Users\Otello\AppData\Roaming\skype.dat not found.
File\Folder E:\Users\Otello\AppData\Roaming\Yhorow not found.
File\Folder E:\ProgramData\24E3B857140F749C000024E393797A96 not found.
File\Folder E:\Users\Otello\AppData\Roaming\Avgymo not found.
========== COMMANDS ==========
E:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01222013_143631
         


Alt 22.01.2013, 15:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Startet Windows nun wieder normal?
__________________
--> OTLPE Ergebnisse hab ich, was nun?

Alt 22.01.2013, 15:15   #7
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



ja, macht es, ich lade gerade Avira neu zum installieren.
Muss ich dann noch was tun?

Alt 22.01.2013, 15:18   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Bitte keine neuen Virenscans erstmal machen!!


Hast du die MovedFiles gezippt und hochgeladen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 15:23   #9
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



nee, noch nicht, ich habe das ganze Verzeichnis gepackt, was soll ich damit tun?

Alt 22.01.2013, 15:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Ja sagma liest du vllt mal meine Anleitungen richtig?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 15:33   #11
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Ja, habbe. Die Datei habe ich eben hochgeladen

Alt 22.01.2013, 15:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Zitat:
Ja, habbe.
Ähm und warum fragst du mich was damit passieren wenn du angeblich die Anleitung komplett gelesen hast?!



Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 17:09   #13
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Es gibt Neuigkeiten:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 16:03:29
-----------------------------
16:03:29.717    OS Version: Windows 6.1.7601 Service Pack 1
16:03:29.717    Number of processors: 4 586 0x1C0A
16:03:29.722    ComputerName: OTELLO-PC  UserName: Otello
16:04:38.174    Initialize success
16:31:50.233    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:31:50.280    Disk 0 Vendor: ST9250315AS 0003SDM1 Size: 238475MB BusType: 3
16:31:50.405    Disk 0 MBR read successfully
16:31:50.405    Disk 0 MBR scan
16:31:50.421    Disk 0 unknown MBR code
16:31:50.577    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:31:50.639    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       206627 MB offset 206848
16:31:50.639    Disk 0 Partition - 00     0F Extended LBA             30714 MB offset 423378944
16:31:50.764    Disk 0 Partition 3 00     12  Compaq diag NTFS         1026 MB offset 486285312
16:31:50.882    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        28664 MB offset 423380992
16:31:50.902    Disk 0 Partition - 00     05     Extended               129 MB offset 482084864
16:31:50.952    Disk 0 Partition 5 00     27 Hidden NTFS WinRE               128 MB offset 482086912
16:31:50.972    Disk 0 Partition - 00     05     Extended               896 MB offset 541054976
16:31:51.002    Disk 0 Partition 6 00     27 Hidden NTFS WinRE               895 MB offset 482351104
16:31:51.062    Disk 0 Partition - 00     05     Extended              1024 MB offset 543154176
16:31:51.117    Disk 0 Partition 7 00     27 Hidden NTFS WinRE              1023 MB offset 484186112
16:31:51.197    Disk 0 scanning sectors +488386560
16:31:51.382    Disk 0 scanning C:\Windows\system32\drivers
16:32:16.294    Service scanning
16:33:05.125    Modules scanning
16:33:26.820    Disk 0 trace - called modules:
16:33:26.863    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys Wdf01000.sys FLxHCIc.sys 
16:33:26.880    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b96618]
16:33:26.898    3 CLASSPNP.SYS[86faa59e] -> nt!IofCallDriver -> [0x83d789e0]
16:33:26.915    5 ACPI.sys[86cb73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a48030]
16:33:26.933    Scan finished successfully
16:44:41.323    Disk 0 MBR has been saved successfully to "E:\MBR.dat"
16:44:41.385    The log file has been saved successfully to "E:\aswMBR.txt"
         
Code:
ATTFilter
16:46:29.0911 5816  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:46:30.0125 5816  ============================================================
16:46:30.0126 5816  Current date / time: 2013/01/22 16:46:30.0125
16:46:30.0126 5816  SystemInfo:
16:46:30.0126 5816  
16:46:30.0126 5816  OS Version: 6.1.7601 ServicePack: 1.0
16:46:30.0126 5816  Product type: Workstation
16:46:30.0126 5816  ComputerName: OTELLO-PC
16:46:30.0127 5816  UserName: Otello
16:46:30.0127 5816  Windows directory: C:\Windows
16:46:30.0127 5816  System windows directory: C:\Windows
16:46:30.0127 5816  Processor architecture: Intel x86
16:46:30.0127 5816  Number of processors: 4
16:46:30.0127 5816  Page size: 0x1000
16:46:30.0127 5816  Boot type: Normal boot
16:46:30.0127 5816  ============================================================
16:46:33.0363 5816  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:46:33.0363 5816  Drive \Device\Harddisk1\DR1 - Size: 0x3CB1FFE00 (15.17 Gb), SectorSize: 0x200, Cylinders: 0x7BC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:46:33.0363 5816  ============================================================
16:46:33.0363 5816  \Device\Harddisk0\DR0:
16:46:33.0378 5816  MBR partitions:
16:46:33.0378 5816  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:46:33.0378 5816  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800
16:46:33.0394 5816  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4800, BlocksNum 0x37FC000
16:46:33.0472 5816  \Device\Harddisk1\DR1:
16:46:33.0472 5816  MBR partitions:
16:46:33.0472 5816  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E58FDF
16:46:33.0472 5816  ============================================================
16:46:33.0534 5816  C: <-> \Device\Harddisk0\DR0\Partition2
16:46:33.0581 5816  D: <-> \Device\Harddisk0\DR0\Partition3
16:46:33.0722 5816  ============================================================
16:46:33.0722 5816  Initialize success
16:46:33.0722 5816  ============================================================
16:46:54.0782 1640  ============================================================
16:46:54.0782 1640  Scan started
16:46:54.0782 1640  Mode: Manual; SigCheck; TDLFS; 
16:46:54.0782 1640  ============================================================
16:46:57.0618 1640  ================ Scan system memory ========================
16:46:57.0618 1640  System memory - ok
16:46:57.0618 1640  ================ Scan services =============================
16:46:57.0798 1640  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:46:58.0038 1640  1394ohci - ok
16:46:58.0138 1640  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:46:58.0198 1640  ACDaemon - ok
16:46:58.0258 1640  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:46:58.0298 1640  ACPI - ok
16:46:58.0328 1640  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:46:58.0438 1640  AcpiPmi - ok
16:46:58.0468 1640  [ C1C7EEF1A53A6B47323187A22559E553 ] ACPIService     C:\Windows\system32\drivers\ATKACPI.SYS
16:46:58.0498 1640  ACPIService - ok
16:46:58.0578 1640  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:46:58.0608 1640  AdobeARMservice - ok
16:46:58.0708 1640  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:58.0758 1640  AdobeFlashPlayerUpdateSvc - ok
16:46:58.0818 1640  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:46:58.0870 1640  adp94xx - ok
16:46:58.0901 1640  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:46:58.0948 1640  adpahci - ok
16:46:58.0979 1640  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:46:59.0010 1640  adpu320 - ok
16:46:59.0057 1640  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:46:59.0228 1640  AeLookupSvc - ok
16:46:59.0306 1640  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\Windows\system32\drivers\Afc.sys
16:46:59.0338 1640  Afc - ok
16:46:59.0384 1640  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:46:59.0478 1640  AFD - ok
16:46:59.0525 1640  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:46:59.0556 1640  agp440 - ok
16:46:59.0587 1640  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:46:59.0618 1640  aic78xx - ok
16:46:59.0665 1640  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:46:59.0743 1640  ALG - ok
16:46:59.0774 1640  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:46:59.0806 1640  aliide - ok
16:46:59.0852 1640  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:46:59.0884 1640  amdagp - ok
16:46:59.0930 1640  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:46:59.0962 1640  amdide - ok
16:47:00.0664 1640  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:47:00.0726 1640  AmdK8 - ok
16:47:00.0773 1640  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:47:00.0830 1640  AmdPPM - ok
16:47:00.0880 1640  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:47:00.0925 1640  amdsata - ok
16:47:00.0962 1640  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:47:00.0997 1640  amdsbs - ok
16:47:01.0029 1640  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:47:01.0059 1640  amdxata - ok
16:47:01.0108 1640  [ 6A590E84B7645BA059C45BA416546E39 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
16:47:01.0212 1640  AMPPAL - ok
16:47:01.0233 1640  [ 6A590E84B7645BA059C45BA416546E39 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
16:47:01.0264 1640  AMPPALP - ok
16:47:01.0329 1640  [ AD29A8912C605CF8B784FEDBB6AD5467 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:47:01.0415 1640  AMPPALR3 - ok
16:47:01.0462 1640  [ F2DFC6991630B91E9DA263DCA939C8B2 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
16:47:01.0543 1640  AmUStor - ok
16:47:01.0583 1640  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:47:01.0655 1640  AppID - ok
16:47:01.0698 1640  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:47:01.0780 1640  AppIDSvc - ok
16:47:01.0804 1640  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
16:47:01.0879 1640  Appinfo - ok
16:47:01.0908 1640  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
16:47:01.0940 1640  arc - ok
16:47:01.0963 1640  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:47:01.0995 1640  arcsas - ok
16:47:02.0034 1640  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:02.0162 1640  AsyncMac - ok
16:47:02.0193 1640  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:47:02.0222 1640  atapi - ok
16:47:02.0268 1640  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:47:02.0360 1640  AudioEndpointBuilder - ok
16:47:02.0379 1640  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:47:02.0465 1640  Audiosrv - ok
16:47:02.0494 1640  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:47:02.0629 1640  AxInstSV - ok
16:47:02.0674 1640  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
16:47:02.0773 1640  b06bdrv - ok
16:47:02.0817 1640  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:47:02.0879 1640  b57nd60x - ok
16:47:02.0926 1640  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:47:03.0019 1640  BDESVC - ok
16:47:03.0051 1640  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:47:03.0129 1640  Beep - ok
16:47:03.0191 1640  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:47:03.0300 1640  BITS - ok
16:47:03.0331 1640  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:47:03.0378 1640  blbdrive - ok
16:47:03.0456 1640  [ E202305F27FC0984BC33D8F6195564D0 ] Bluetooth Device Monitor C:\Program Files\Intel\Bluetooth\devmonsrv.exe
16:47:03.0534 1640  Bluetooth Device Monitor - ok
16:47:03.0628 1640  [ F9224764267B387065384C86F6AE7189 ] Bluetooth Media Service C:\Program Files\Intel\Bluetooth\mediasrv.exe
16:47:03.0729 1640  Bluetooth Media Service - ok
16:47:03.0769 1640  [ C4F2AB05AB88601316ED05C4396668E2 ] Bluetooth OBEX Service C:\Program Files\Intel\Bluetooth\obexsrv.exe
16:47:03.0849 1640  Bluetooth OBEX Service - ok
16:47:03.0889 1640  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:47:03.0971 1640  bowser - ok
16:47:04.0009 1640  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:47:04.0064 1640  BrFiltLo - ok
16:47:04.0096 1640  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:47:04.0159 1640  BrFiltUp - ok
16:47:04.0211 1640  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:47:04.0304 1640  Browser - ok
16:47:04.0336 1640  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:47:04.0439 1640  Brserid - ok
16:47:04.0479 1640  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:47:04.0529 1640  BrSerWdm - ok
16:47:04.0551 1640  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:47:04.0604 1640  BrUsbMdm - ok
16:47:04.0641 1640  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:47:04.0691 1640  BrUsbSer - ok
16:47:04.0754 1640  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:47:04.0911 1640  BthEnum - ok
16:47:04.0951 1640  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:47:05.0006 1640  BTHMODEM - ok
16:47:05.0039 1640  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:47:05.0096 1640  BthPan - ok
16:47:05.0241 1640  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:47:05.0321 1640  BTHPORT - ok
16:47:05.0366 1640  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:47:05.0449 1640  bthserv - ok
16:47:05.0486 1640  [ 3A80BE49133745FDCB0AE7E248FB808C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:47:05.0511 1640  BTHSSecurityMgr - ok
16:47:05.0569 1640  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:47:05.0629 1640  BTHUSB - ok
16:47:05.0666 1640  [ 0CE0A06DC095D070E128DC24C1196F41 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
16:47:05.0694 1640  btmaux - ok
16:47:05.0739 1640  [ 58351A9ED9A5AD3C8A22EC5BEBF4DA2A ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
16:47:05.0817 1640  btmhsf - ok
16:47:05.0864 1640  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:47:05.0959 1640  cdfs - ok
16:47:05.0999 1640  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:47:06.0044 1640  cdrom - ok
16:47:06.0084 1640  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:47:06.0164 1640  CertPropSvc - ok
16:47:06.0194 1640  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:47:06.0234 1640  circlass - ok
16:47:06.0259 1640  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:47:06.0304 1640  CLFS - ok
16:47:06.0374 1640  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:47:06.0409 1640  clr_optimization_v2.0.50727_32 - ok
16:47:06.0479 1640  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:06.0554 1640  clr_optimization_v4.0.30319_32 - ok
16:47:06.0584 1640  [ 125C828BF3673406DFD642D7BEE8434F ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
16:47:06.0619 1640  clwvd - ok
16:47:06.0654 1640  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:47:06.0709 1640  CmBatt - ok
16:47:06.0754 1640  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:47:06.0784 1640  cmdide - ok
16:47:06.0924 1640  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:47:07.0109 1640  CNG - ok
16:47:07.0134 1640  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:47:07.0164 1640  Compbatt - ok
16:47:07.0199 1640  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:47:07.0249 1640  CompositeBus - ok
16:47:07.0259 1640  COMSysApp - ok
16:47:07.0304 1640  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:47:07.0354 1640  crcdisk - ok
16:47:07.0419 1640  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:47:07.0519 1640  CryptSvc - ok
16:47:07.0639 1640  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:47:07.0719 1640  cvhsvc - ok
16:47:07.0789 1640  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:47:07.0904 1640  DcomLaunch - ok
16:47:07.0935 1640  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:47:08.0013 1640  defragsvc - ok
16:47:08.0045 1640  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:47:08.0138 1640  DfsC - ok
16:47:08.0169 1640  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:47:08.0247 1640  Dhcp - ok
16:47:08.0263 1640  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:47:08.0357 1640  discache - ok
16:47:08.0372 1640  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
16:47:08.0403 1640  Disk - ok
16:47:08.0435 1640  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:47:08.0513 1640  Dnscache - ok
16:47:08.0544 1640  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:47:08.0637 1640  dot3svc - ok
16:47:08.0653 1640  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:47:08.0747 1640  DPS - ok
16:47:08.0793 1640  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:47:08.0840 1640  drmkaud - ok
16:47:08.0887 1640  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:47:08.0965 1640  DXGKrnl - ok
16:47:08.0996 1640  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:47:09.0090 1640  EapHost - ok
16:47:09.0199 1640  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
16:47:09.0386 1640  ebdrv - ok
16:47:09.0433 1640  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:47:09.0573 1640  EFS - ok
16:47:09.0620 1640  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:47:09.0667 1640  elxstor - ok
16:47:09.0698 1640  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:47:09.0748 1640  ErrDev - ok
16:47:09.0818 1640  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:47:09.0918 1640  EventSystem - ok
16:47:09.0998 1640  [ 9A581303C7B0436E4B8D613EE0A79C7C ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:47:10.0078 1640  EvtEng - ok
16:47:10.0148 1640  [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:47:10.0268 1640  ewusbmbb - ok
16:47:10.0278 1640  ewusbnet - ok
16:47:10.0318 1640  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:47:10.0388 1640  ew_hwusbdev - ok
16:47:10.0418 1640  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:47:10.0498 1640  exfat - ok
16:47:10.0998 1640  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:47:11.0088 1640  fastfat - ok
16:47:11.0148 1640  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:47:11.0268 1640  Fax - ok
16:47:11.0308 1640  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
16:47:11.0348 1640  fdc - ok
16:47:11.0378 1640  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:47:11.0458 1640  fdPHost - ok
16:47:11.0488 1640  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:47:11.0558 1640  FDResPub - ok
16:47:11.0598 1640  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:47:11.0628 1640  FileInfo - ok
16:47:11.0648 1640  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:47:11.0728 1640  Filetrace - ok
16:47:11.0763 1640  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:47:11.0813 1640  flpydisk - ok
16:47:11.0848 1640  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:47:11.0883 1640  FltMgr - ok
16:47:11.0928 1640  [ 2A7700BEDBBEF962B2BDD14A36B872EF ] FLxHCIc         C:\Windows\system32\drivers\FLxHCIc.sys
16:47:12.0003 1640  FLxHCIc - ok
16:47:12.0048 1640  [ A2AB780E5D7E8DE7AC0397D4E6C0FE72 ] FLxHCIh         C:\Windows\system32\drivers\FLxHCIh.sys
16:47:12.0103 1640  FLxHCIh - ok
16:47:12.0158 1640  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
16:47:12.0283 1640  FontCache - ok
16:47:12.0343 1640  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:47:12.0378 1640  FontCache3.0.0.0 - ok
16:47:12.0403 1640  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:47:12.0433 1640  FsDepends - ok
16:47:12.0478 1640  [ 5739510AA7EC9D1F9C5D1268C153B7A2 ] fspad_wlh32     C:\Windows\system32\drivers\fspad_wlh32.sys
16:47:12.0543 1640  fspad_wlh32 - ok
16:47:12.0593 1640  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:47:12.0623 1640  Fs_Rec - ok
16:47:12.0653 1640  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:47:12.0698 1640  fvevol - ok
16:47:12.0733 1640  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:47:12.0763 1640  gagp30kx - ok
16:47:12.0808 1640  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:47:12.0903 1640  gpsvc - ok
16:47:12.0993 1640  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:13.0018 1640  gupdate - ok
16:47:13.0028 1640  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:13.0068 1640  gupdatem - ok
16:47:13.0098 1640  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:47:13.0128 1640  gusvc - ok
16:47:13.0248 1640  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:47:13.0363 1640  hcw85cir - ok
16:47:13.0393 1640  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:47:13.0483 1640  HdAudAddService - ok
16:47:13.0524 1640  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:47:13.0555 1640  HDAudBus - ok
16:47:13.0586 1640  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:47:13.0633 1640  HidBatt - ok
16:47:13.0680 1640  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:47:13.0727 1640  HidBth - ok
16:47:13.0758 1640  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:47:13.0805 1640  HidIr - ok
16:47:13.0836 1640  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:47:13.0914 1640  hidserv - ok
16:47:13.0945 1640  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:47:14.0007 1640  HidUsb - ok
16:47:14.0039 1640  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:47:14.0132 1640  hkmsvc - ok
16:47:14.0148 1640  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:47:14.0257 1640  HomeGroupListener - ok
16:47:14.0288 1640  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:47:14.0351 1640  HomeGroupProvider - ok
16:47:14.0397 1640  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:47:14.0429 1640  HpSAMD - ok
16:47:14.0460 1640  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:47:14.0553 1640  HTTP - ok
16:47:14.0616 1640  [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:47:14.0678 1640  huawei_enumerator - ok
16:47:14.0772 1640  [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:47:14.0834 1640  hwdatacard - ok
16:47:14.0928 1640  [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
16:47:14.0959 1640  HWDeviceService.exe - ok
16:47:14.0990 1640  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:47:15.0021 1640  hwpolicy - ok
16:47:15.0053 1640  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:47:15.0099 1640  i8042prt - ok
16:47:15.0162 1640  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:47:15.0209 1640  iaStorV - ok
16:47:15.0255 1640  [ AE2DC615F928AC6A18CF25A58630809E ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:47:15.0302 1640  iBtFltCoex - ok
16:47:15.0365 1640  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:47:15.0443 1640  idsvc - ok
16:47:15.0599 1640  [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:15.0926 1640  igfx - ok
16:47:15.0973 1640  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:47:16.0004 1640  iirsp - ok
16:47:16.0035 1640  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:47:16.0147 1640  IKEEXT - ok
16:47:16.0285 1640  [ 67E94D5C722164D7FBF4A79FEAF41C37 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:47:16.0482 1640  IntcAzAudAddService - ok
16:47:16.0505 1640  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:47:16.0535 1640  intelide - ok
16:47:16.0560 1640  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:47:16.0600 1640  intelppm - ok
16:47:16.0630 1640  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:47:16.0715 1640  IPBusEnum - ok
16:47:16.0737 1640  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:16.0807 1640  IpFilterDriver - ok
16:47:16.0840 1640  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:47:16.0875 1640  IPMIDRV - ok
16:47:16.0907 1640  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:47:16.0997 1640  IPNAT - ok
16:47:17.0025 1640  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:47:17.0077 1640  IRENUM - ok
16:47:17.0120 1640  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:47:17.0150 1640  isapnp - ok
16:47:17.0185 1640  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:47:17.0225 1640  iScsiPrt - ok
16:47:17.0252 1640  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:17.0285 1640  kbdclass - ok
16:47:17.0327 1640  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:17.0372 1640  kbdhid - ok
16:47:17.0392 1640  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:47:17.0425 1640  KeyIso - ok
16:47:17.0485 1640  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:47:17.0517 1640  KSecDD - ok
16:47:17.0565 1640  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:47:17.0600 1640  KSecPkg - ok
16:47:17.0637 1640  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:47:17.0730 1640  KtmRm - ok
16:47:17.0765 1640  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:47:17.0852 1640  LanmanServer - ok
16:47:17.0900 1640  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:47:17.0970 1640  LanmanWorkstation - ok
16:47:17.0995 1640  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:47:18.0085 1640  lltdio - ok
16:47:18.0123 1640  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:47:18.0185 1640  lltdsvc - ok
16:47:18.0217 1640  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:47:18.0295 1640  lmhosts - ok
16:47:18.0326 1640  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:47:18.0357 1640  LSI_FC - ok
16:47:18.0404 1640  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:47:18.0442 1640  LSI_SAS - ok
16:47:18.0463 1640  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:47:18.0496 1640  LSI_SAS2 - ok
16:47:18.0531 1640  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:47:18.0564 1640  LSI_SCSI - ok
16:47:18.0593 1640  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:47:18.0672 1640  luafv - ok
16:47:18.0729 1640  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:47:18.0761 1640  megasas - ok
16:47:18.0784 1640  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:47:18.0823 1640  MegaSR - ok
16:47:18.0862 1640  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:47:18.0953 1640  MMCSS - ok
16:47:19.0053 1640  [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
16:47:19.0089 1640  Mobile Partner. RunOuc - ok
16:47:19.0114 1640  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:47:19.0194 1640  Modem - ok
16:47:19.0244 1640  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:47:19.0296 1640  monitor - ok
16:47:19.0338 1640  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:47:19.0369 1640  mouclass - ok
16:47:19.0408 1640  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:47:19.0458 1640  mouhid - ok
16:47:19.0488 1640  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:47:19.0519 1640  mountmgr - ok
16:47:19.0548 1640  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:47:19.0583 1640  mpio - ok
16:47:19.0619 1640  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:47:19.0686 1640  mpsdrv - ok
16:47:19.0712 1640  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:47:19.0768 1640  MRxDAV - ok
16:47:19.0807 1640  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:19.0906 1640  mrxsmb - ok
16:47:19.0959 1640  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:20.0017 1640  mrxsmb10 - ok
16:47:20.0062 1640  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:20.0112 1640  mrxsmb20 - ok
16:47:20.0251 1640  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:47:20.0294 1640  msahci - ok
16:47:20.0329 1640  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:47:20.0366 1640  msdsm - ok
16:47:20.0386 1640  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:47:20.0434 1640  MSDTC - ok
16:47:20.0481 1640  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:47:20.0574 1640  Msfs - ok
16:47:20.0652 1640  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:47:20.0746 1640  mshidkmdf - ok
16:47:20.0824 1640  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:47:20.0855 1640  msisadrv - ok
16:47:20.0886 1640  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:47:20.0977 1640  MSiSCSI - ok
16:47:20.0987 1640  msiserver - ok
16:47:21.0022 1640  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:47:21.0092 1640  MSKSSRV - ok
16:47:21.0117 1640  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:21.0197 1640  MSPCLOCK - ok
16:47:21.0237 1640  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:47:21.0317 1640  MSPQM - ok
16:47:21.0342 1640  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:47:21.0377 1640  MsRPC - ok
16:47:21.0417 1640  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:47:21.0452 1640  mssmbios - ok
16:47:21.0477 1640  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:47:21.0546 1640  MSTEE - ok
16:47:21.0572 1640  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:47:21.0626 1640  MTConfig - ok
16:47:21.0661 1640  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:47:21.0691 1640  Mup - ok
16:47:21.0726 1640  [ 05B53873D183876F28D8F7F0A844F053 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:47:21.0757 1640  MyWiFiDHCPDNS - ok
16:47:21.0800 1640  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:47:21.0905 1640  napagent - ok
16:47:21.0947 1640  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:47:22.0006 1640  NativeWifiP - ok
16:47:22.0077 1640  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:47:22.0156 1640  NDIS - ok
16:47:22.0176 1640  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:47:22.0252 1640  NdisCap - ok
16:47:22.0281 1640  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:22.0364 1640  NdisTapi - ok
16:47:22.0399 1640  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:22.0477 1640  Ndisuio - ok
16:47:22.0500 1640  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:22.0576 1640  NdisWan - ok
16:47:22.0617 1640  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:47:22.0684 1640  NDProxy - ok
16:47:22.0704 1640  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:47:22.0772 1640  NetBIOS - ok
16:47:22.0797 1640  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:47:22.0884 1640  NetBT - ok
16:47:22.0906 1640  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:47:22.0941 1640  Netlogon - ok
16:47:22.0982 1640  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:47:23.0062 1640  Netman - ok
16:47:23.0079 1640  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:47:23.0180 1640  netprofm - ok
16:47:23.0275 1640  [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
16:47:23.0350 1640  netr28u - ok
16:47:23.0389 1640  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:47:23.0422 1640  NetTcpPortSharing - ok
16:47:23.0625 1640  [ 620695631CF043B654EBDBA8F5EBA4CC ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
16:47:23.0968 1640  NETwNs32 - ok
16:47:24.0000 1640  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:47:24.0031 1640  nfrd960 - ok
16:47:24.0078 1640  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:47:24.0171 1640  NlaSvc - ok
16:47:24.0202 1640  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:47:24.0296 1640  Npfs - ok
16:47:24.0327 1640  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:47:24.0421 1640  nsi - ok
16:47:24.0436 1640  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:47:24.0514 1640  nsiproxy - ok
16:47:24.0592 1640  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:47:24.0702 1640  Ntfs - ok
16:47:24.0733 1640  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:47:24.0795 1640  Null - ok
16:47:24.0842 1640  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:47:24.0873 1640  nvraid - ok
16:47:24.0904 1640  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:47:24.0936 1640  nvstor - ok
16:47:24.0967 1640  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:47:25.0014 1640  nv_agp - ok
16:47:25.0138 1640  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:47:25.0201 1640  odserv - ok
16:47:25.0248 1640  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:47:25.0294 1640  ohci1394 - ok
16:47:25.0326 1640  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:47:25.0357 1640  ose - ok
16:47:25.0513 1640  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:47:25.0825 1640  osppsvc - ok
16:47:25.0918 1640  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:47:26.0043 1640  p2pimsvc - ok
16:47:26.0090 1640  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:47:26.0159 1640  p2psvc - ok
16:47:26.0179 1640  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
16:47:26.0216 1640  Parport - ok
16:47:26.0256 1640  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:47:26.0299 1640  partmgr - ok
16:47:26.0316 1640  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:47:26.0351 1640  Parvdm - ok
16:47:26.0379 1640  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:47:26.0426 1640  PcaSvc - ok
16:47:26.0449 1640  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:47:26.0484 1640  pci - ok
16:47:26.0526 1640  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:47:26.0556 1640  pciide - ok
16:47:26.0601 1640  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:47:26.0639 1640  pcmcia - ok
16:47:26.0674 1640  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:47:26.0704 1640  pcw - ok
16:47:26.0736 1640  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:47:26.0851 1640  PEAUTH - ok
16:47:26.0949 1640  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:47:27.0086 1640  pla - ok
16:47:27.0136 1640  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:47:27.0226 1640  PlugPlay - ok
16:47:27.0244 1640  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:47:27.0291 1640  PNRPAutoReg - ok
16:47:27.0326 1640  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:47:27.0366 1640  PNRPsvc - ok
16:47:27.0411 1640  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:47:27.0499 1640  PolicyAgent - ok
16:47:27.0546 1640  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:47:27.0654 1640  Power - ok
16:47:27.0749 1640  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:47:27.0844 1640  PptpMiniport - ok
16:47:27.0874 1640  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
16:47:27.0921 1640  Processor - ok
16:47:27.0996 1640  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:47:28.0091 1640  ProfSvc - ok
16:47:28.0219 1640  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:28.0250 1640  ProtectedStorage - ok
16:47:28.0313 1640  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:47:28.0375 1640  Psched - ok
16:47:28.0422 1640  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:47:28.0438 1640  PSI_SVC_2 - ok
16:47:28.0500 1640  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:47:28.0625 1640  ql2300 - ok
16:47:28.0650 1640  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:47:28.0682 1640  ql40xx - ok
16:47:28.0727 1640  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:47:28.0792 1640  QWAVE - ok
16:47:28.0825 1640  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:47:28.0867 1640  QWAVEdrv - ok
16:47:28.0892 1640  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:47:28.0975 1640  RasAcd - ok
16:47:29.0012 1640  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:47:29.0090 1640  RasAgileVpn - ok
16:47:29.0127 1640  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:47:29.0217 1640  RasAuto - ok
16:47:29.0242 1640  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:29.0327 1640  Rasl2tp - ok
16:47:29.0362 1640  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:47:29.0452 1640  RasMan - ok
16:47:29.0472 1640  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:29.0545 1640  RasPppoe - ok
16:47:29.0582 1640  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:47:29.0662 1640  RasSstp - ok
16:47:29.0702 1640  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:47:29.0787 1640  rdbss - ok
16:47:29.0812 1640  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:47:29.0850 1640  rdpbus - ok
16:47:29.0875 1640  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:29.0952 1640  RDPCDD - ok
16:47:29.0985 1640  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:47:30.0062 1640  RDPENCDD - ok
16:47:30.0090 1640  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:47:30.0182 1640  RDPREFMP - ok
16:47:30.0232 1640  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:47:30.0307 1640  RDPWD - ok
16:47:30.0342 1640  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:47:30.0377 1640  rdyboost - ok
16:47:30.0450 1640  [ 3F7B27F7F19A2F2B0E75768410D05DC3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:47:30.0490 1640  RegSrvc - ok
16:47:30.0532 1640  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:47:30.0596 1640  RemoteAccess - ok
16:47:30.0627 1640  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:47:30.0705 1640  RemoteRegistry - ok
16:47:30.0939 1640  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:47:31.0001 1640  RFCOMM - ok
16:47:31.0032 1640  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:47:31.0126 1640  RpcEptMapper - ok
16:47:31.0173 1640  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:47:31.0204 1640  RpcLocator - ok
16:47:31.0344 1640  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:47:31.0438 1640  RpcSs - ok
16:47:31.0485 1640  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:47:31.0578 1640  rspndr - ok
16:47:31.0610 1640  [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:47:31.0656 1640  RTL8167 - ok
16:47:31.0688 1640  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:47:31.0719 1640  SamSs - ok
16:47:31.0734 1640  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:47:31.0766 1640  sbp2port - ok
16:47:31.0797 1640  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:47:31.0875 1640  SCardSvr - ok
16:47:31.0906 1640  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:47:31.0984 1640  scfilter - ok
16:47:32.0031 1640  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:47:32.0140 1640  Schedule - ok
16:47:32.0171 1640  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:47:32.0240 1640  SCPolicySvc - ok
16:47:32.0255 1640  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:47:32.0352 1640  SDRSVC - ok
16:47:32.0392 1640  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:47:32.0462 1640  secdrv - ok
16:47:32.0487 1640  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:47:32.0575 1640  seclogon - ok
16:47:32.0607 1640  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:47:32.0692 1640  SENS - ok
16:47:32.0712 1640  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:47:32.0747 1640  Serenum - ok
16:47:32.0785 1640  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
16:47:32.0835 1640  Serial - ok
16:47:32.0867 1640  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:47:32.0902 1640  sermouse - ok
16:47:33.0100 1640  [ 1E26803454642E2C6E3C03E8E42854EC ] SesamService    C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe
16:47:33.0205 1640  SesamService ( UnsignedFile.Multi.Generic ) - warning
16:47:33.0207 1640  SesamService - detected UnsignedFile.Multi.Generic (1)
16:47:33.0247 1640  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:47:33.0330 1640  SessionEnv - ok
16:47:33.0352 1640  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:47:33.0405 1640  sffdisk - ok
16:47:33.0430 1640  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:47:33.0467 1640  sffp_mmc - ok
16:47:33.0510 1640  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:47:33.0560 1640  sffp_sd - ok
16:47:33.0607 1640  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:47:33.0650 1640  sfloppy - ok
16:47:33.0722 1640  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
16:47:33.0780 1640  Sftfs - ok
16:47:33.0885 1640  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
16:47:33.0945 1640  sftlist - ok
16:47:33.0995 1640  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:47:34.0037 1640  Sftplay - ok
16:47:34.0090 1640  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:47:34.0127 1640  Sftredir - ok
16:47:34.0167 1640  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
16:47:34.0195 1640  Sftvol - ok
16:47:34.0220 1640  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
16:47:34.0251 1640  sftvsa - ok
16:47:34.0298 1640  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:34.0407 1640  ShellHWDetection - ok
16:47:34.0438 1640  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:47:34.0469 1640  sisagp - ok
16:47:34.0501 1640  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:47:34.0532 1640  SiSRaid2 - ok
16:47:34.0547 1640  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:47:34.0579 1640  SiSRaid4 - ok
16:47:34.0756 1640  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:47:34.0951 1640  Skype C2C Service - ok
16:47:35.0016 1640  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:47:35.0056 1640  SkypeUpdate - ok
16:47:35.0081 1640  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:47:35.0156 1640  Smb - ok
16:47:35.0211 1640  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:47:35.0251 1640  SNMPTRAP - ok
16:47:35.0291 1640  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:47:35.0321 1640  spldr - ok
16:47:35.0381 1640  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
16:47:35.0481 1640  Spooler - ok
16:47:35.0606 1640  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:47:35.0824 1640  sppsvc - ok
16:47:35.0914 1640  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:47:35.0999 1640  sppuinotify - ok
16:47:36.0074 1640  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:47:36.0156 1640  srv - ok
16:47:36.0191 1640  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:47:36.0256 1640  srv2 - ok
16:47:36.0286 1640  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:47:36.0324 1640  srvnet - ok
16:47:36.0364 1640  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:47:36.0444 1640  SSDPSRV - ok
16:47:36.0469 1640  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:47:36.0551 1640  SstpSvc - ok
16:47:36.0579 1640  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:47:36.0611 1640  stexstor - ok
16:47:36.0669 1640  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:47:36.0749 1640  StiSvc - ok
16:47:36.0781 1640  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:47:36.0811 1640  swenum - ok
16:47:36.0904 1640  [ A6B7C24BCA99B2474F165E35A28E65EF ] SwiCardDetectSvc C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
16:47:36.0944 1640  SwiCardDetectSvc - ok
16:47:36.0996 1640  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:47:37.0079 1640  swprv - ok
16:47:37.0277 1640  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:47:37.0370 1640  SysMain - ok
16:47:37.0386 1640  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:47:37.0448 1640  TabletInputService - ok
16:47:37.0479 1640  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:47:37.0557 1640  TapiSrv - ok
16:47:37.0589 1640  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:47:37.0682 1640  TBS - ok
16:47:37.0760 1640  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:47:37.0869 1640  Tcpip - ok
16:47:37.0932 1640  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:47:37.0994 1640  TCPIP6 - ok
16:47:38.0041 1640  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:47:38.0088 1640  tcpipreg - ok
16:47:38.0135 1640  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:47:38.0213 1640  TDPIPE - ok
16:47:38.0275 1640  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:47:38.0306 1640  TDTCP - ok
16:47:38.0322 1640  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:47:38.0384 1640  tdx - ok
16:47:38.0415 1640  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:47:38.0447 1640  TermDD - ok
16:47:38.0493 1640  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:47:38.0587 1640  TermService - ok
16:47:38.0603 1640  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:47:38.0665 1640  Themes - ok
16:47:38.0681 1640  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:47:38.0759 1640  THREADORDER - ok
16:47:38.0805 1640  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:47:38.0883 1640  TrkWks - ok
16:47:38.0946 1640  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:39.0024 1640  TrustedInstaller - ok
16:47:39.0071 1640  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:39.0149 1640  tssecsrv - ok
16:47:39.0164 1640  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:47:39.0258 1640  TsUsbFlt - ok
16:47:39.0305 1640  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:47:39.0351 1640  TsUsbGD - ok
16:47:39.0383 1640  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:47:39.0461 1640  tunnel - ok
16:47:39.0492 1640  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:47:39.0526 1640  uagp35 - ok
16:47:39.0558 1640  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:47:39.0643 1640  udfs - ok
16:47:39.0721 1640  [ 8191E7E62F1A593CB0EAA483824AE389 ] UDM Service     C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe
16:47:39.0763 1640  UDM Service - ok
16:47:39.0816 1640  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:47:39.0868 1640  UI0Detect - ok
16:47:39.0903 1640  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:47:39.0936 1640  uliagpkx - ok
16:47:39.0961 1640  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:47:40.0013 1640  umbus - ok
16:47:40.0046 1640  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:47:40.0091 1640  UmPass - ok
16:47:40.0141 1640  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:47:40.0236 1640  upnphost - ok
16:47:40.0291 1640  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:40.0366 1640  usbccgp - ok
16:47:40.0386 1640  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:47:40.0426 1640  usbcir - ok
16:47:40.0463 1640  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:47:40.0508 1640  usbehci - ok
16:47:40.0538 1640  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:47:40.0578 1640  usbhub - ok
16:47:40.0618 1640  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:47:40.0661 1640  usbohci - ok
16:47:40.0693 1640  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:47:40.0743 1640  usbprint - ok
16:47:40.0776 1640  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:40.0875 1640  USBSTOR - ok
16:47:40.0916 1640  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:47:40.0966 1640  usbuhci - ok
16:47:41.0682 1640  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:47:41.0793 1640  usbvideo - ok
16:47:41.0824 1640  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:47:41.0910 1640  UxSms - ok
16:47:41.0933 1640  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:47:41.0965 1640  VaultSvc - ok
16:47:42.0001 1640  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:47:42.0032 1640  vdrvroot - ok
16:47:42.0069 1640  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:47:42.0159 1640  vds - ok
16:47:42.0188 1640  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:42.0237 1640  vga - ok
16:47:42.0259 1640  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:47:42.0328 1640  VgaSave - ok
16:47:42.0358 1640  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:47:42.0395 1640  vhdmp - ok
16:47:42.0435 1640  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:47:42.0466 1640  viaagp - ok
16:47:42.0489 1640  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:47:42.0542 1640  ViaC7 - ok
16:47:42.0565 1640  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:47:42.0596 1640  viaide - ok
16:47:42.0626 1640  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:47:42.0659 1640  volmgr - ok
16:47:42.0686 1640  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:47:42.0728 1640  volmgrx - ok
16:47:42.0759 1640  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:47:42.0790 1640  volsnap - ok
16:47:42.0837 1640  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:47:42.0868 1640  vsmraid - ok
16:47:42.0930 1640  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:47:43.0086 1640  VSS - ok
16:47:43.0102 1640  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:47:43.0149 1640  vwifibus - ok
16:47:43.0196 1640  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:47:43.0242 1640  vwififlt - ok
16:47:43.0258 1640  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:47:43.0305 1640  vwifimp - ok
16:47:43.0367 1640  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:47:43.0445 1640  W32Time - ok
16:47:43.0476 1640  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:47:43.0523 1640  WacomPen - ok
16:47:43.0554 1640  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:47:43.0617 1640  WANARP - ok
16:47:43.0632 1640  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:47:43.0695 1640  Wanarpv6 - ok
16:47:43.0757 1640  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:47:43.0955 1640  wbengine - ok
16:47:43.0987 1640  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:47:44.0049 1640  WbioSrvc - ok
16:47:44.0087 1640  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:47:44.0140 1640  wcncsvc - ok
16:47:44.0159 1640  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:44.0262 1640  WcsPlugInService - ok
16:47:44.0294 1640  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
16:47:44.0324 1640  Wd - ok
16:47:44.0384 1640  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:47:44.0438 1640  Wdf01000 - ok
16:47:44.0474 1640  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:47:44.0572 1640  WdiServiceHost - ok
16:47:44.0582 1640  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:47:44.0625 1640  WdiSystemHost - ok
16:47:44.0650 1640  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:47:44.0714 1640  WebClient - ok
16:47:44.0743 1640  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:47:44.0820 1640  Wecsvc - ok
16:47:44.0838 1640  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:47:44.0910 1640  wercplsupport - ok
16:47:44.0935 1640  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:47:45.0028 1640  WerSvc - ok
16:47:45.0067 1640  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:47:45.0135 1640  WfpLwf - ok
16:47:45.0162 1640  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:47:45.0193 1640  WIMMount - ok
16:47:45.0207 1640  WinHttpAutoProxySvc - ok
16:47:45.0284 1640  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:47:45.0363 1640  Winmgmt - ok
16:47:45.0424 1640  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:47:45.0574 1640  WinRM - ok
16:47:45.0647 1640  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:47:45.0738 1640  Wlansvc - ok
16:47:45.0808 1640  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:47:45.0824 1640  wlcrasvc - ok
16:47:45.0902 1640  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:47:46.0011 1640  wlidsvc - ok
16:47:46.0042 1640  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:47:46.0089 1640  WmiAcpi - ok
16:47:46.0136 1640  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:47:46.0183 1640  wmiApSrv - ok
16:47:46.0261 1640  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:47:46.0386 1640  WMPNetworkSvc - ok
16:47:46.0417 1640  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:47:46.0510 1640  WPCSvc - ok
16:47:46.0526 1640  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:47:46.0588 1640  WPDBusEnum - ok
16:47:46.0635 1640  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:47:46.0713 1640  ws2ifsl - ok
16:47:46.0744 1640  WSearch - ok
16:47:46.0807 1640  [ 2BAB01260CAA5CA6639B8C9B0F3888B1 ] WtSmpAdap       C:\Windows\system32\DRIVERS\wtsmpadap.sys
16:47:46.0822 1640  WtSmpAdap - ok
16:47:46.0854 1640  [ 1224AA52EABBAC58CFCF962B35551971 ] WtSmpFlt        C:\Windows\system32\DRIVERS\wtsmpflt.sys
16:47:46.0885 1640  WtSmpFlt - ok
16:47:46.0978 1640  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:47:47.0166 1640  wuauserv - ok
16:47:47.0212 1640  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:47:47.0264 1640  WudfPf - ok
16:47:47.0292 1640  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:47.0347 1640  WUDFRd - ok
16:47:47.0375 1640  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:47:47.0425 1640  wudfsvc - ok
16:47:47.0466 1640  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:47:47.0525 1640  WwanSvc - ok
16:47:47.0660 1640  ================ Scan global ===============================
16:47:47.0729 1640  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:47:47.0767 1640  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:47:47.0786 1640  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:47:47.0826 1640  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:47:47.0855 1640  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:47:47.0866 1640  [Global] - ok
16:47:47.0867 1640  ================ Scan MBR ==================================
16:47:47.0882 1640  [ 33EDF9D6A274CE67E7777CBFD375EC9E ] \Device\Harddisk0\DR0
16:47:57.0061 1640  \Device\Harddisk0\DR0 - ok
16:47:57.0075 1640  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
16:48:00.0921 1640  \Device\Harddisk1\DR1 - ok
16:48:00.0921 1640  ================ Scan VBR ==================================
16:48:00.0921 1640  [ 67CD13D40239BC84C0CEA6A41F3D1EF4 ] \Device\Harddisk0\DR0\Partition1
16:48:00.0936 1640  \Device\Harddisk0\DR0\Partition1 - ok
16:48:00.0999 1640  [ 8EEE87F9DAD3775E811CA6090BA2A32E ] \Device\Harddisk0\DR0\Partition2
16:48:01.0014 1640  \Device\Harddisk0\DR0\Partition2 - ok
16:48:01.0061 1640  [ 2EDAB29950BD29DB5B669667D14E8165 ] \Device\Harddisk0\DR0\Partition3
16:48:01.0061 1640  \Device\Harddisk0\DR0\Partition3 - ok
16:48:01.0077 1640  [ 684B9C7967B92439692BDC824252BC9E ] \Device\Harddisk1\DR1\Partition1
16:48:01.0077 1640  \Device\Harddisk1\DR1\Partition1 - ok
16:48:01.0077 1640  ============================================================
16:48:01.0077 1640  Scan finished
16:48:01.0077 1640  ============================================================
16:48:01.0108 5196  Detected object count: 1
16:48:01.0108 5196  Actual detected object count: 1
16:52:25.0453 5196  SesamService ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:25.0453 5196  SesamService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 23.01.2013, 00:23   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.01.2013, 01:50   #15
fkress
 
OTLPE Ergebnisse hab ich, was nun? - Standard

OTLPE Ergebnisse hab ich, was nun?



Hier ist das Ergebnis:

Code:
ATTFilter
ComboFix 13-01-22.01 - Otello 23.01.2013   1:17.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.42 [GMT 1:00]
ausgeführt von:: c:\users\Otello\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$5d6ca331fff6e63b7098caba1410851a\@
c:\$recycle.bin\S-1-5-18\$5d6ca331fff6e63b7098caba1410851a\n
c:\$recycle.bin\S-1-5-21-3781519261-38176514-1814062476-1000\$5d6ca331fff6e63b7098caba1410851a\n
c:\program files\Pegatron\Hotkey\FastUserSwitching.exe
c:\programdata\Local
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\10.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\8.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\9.bb
c:\programdata\Roaming
c:\users\Otello\004.jpg
c:\users\Otello\AppData\Roaming\skype.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-23 bis 2013-01-23  ))))))))))))))))))))))))))))))
.
.
2013-01-23 00:37 . 2013-01-23 00:37	--------	d-----w-	c:\programdata\Local
2013-01-23 00:34 . 2013-01-23 00:38	--------	d-----w-	c:\users\Otello\AppData\Local\temp
2013-01-23 00:34 . 2013-01-23 00:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-22 19:32 . 2013-01-22 19:32	--------	d-----w-	C:\_OTL
2013-01-22 16:44 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2013-01-22 16:44 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-01-22 16:33 . 2013-01-22 16:33	--------	d-----w-	C:\virus
2013-01-22 14:16 . 2013-01-22 14:16	--------	d-----w-	c:\users\Otello\AppData\Local\VS Revo Group
2013-01-21 18:15 . 2013-01-21 18:15	0	----a-w-	c:\windows\system32\shoB193.tmp
2013-01-21 08:57 . 2013-01-21 08:57	--------	d-----w-	C:\478c85c5afddc849ceea772842c63319
2013-01-11 15:37 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-21 09:35 . 2012-04-13 18:56	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-21 09:35 . 2011-07-13 06:44	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 02:56 . 2012-12-16 15:25	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-14 02:09 . 2012-12-20 21:08	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-20 21:08	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-20 21:08	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-20 21:09	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-20 21:09	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-20 21:09	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-16 15:23	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-16 15:23	376832	----a-w-	c:\windows\system32\dpnet.dll
2011-09-16 07:37 . 2011-07-05 18:22	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-01 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-19 9755240]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-24 36864]
"fspuip"="c:\program files\FSP\fspuip.exe" [2010-09-09 3704320]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-02-11 9894160]
"HostManager"="c:\program files\Common Files\AOL\1309972422\ee\AOLSoftware.exe" [2006-04-27 50760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"UDM"="c:\program files\Swisscom\Unlimited Data Manager\LscaGui.exe" [2011-05-20 2426736]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Versandhelfer.lnk - c:\program files\Versandhelfer\Versandhelfer.exe [2011-7-5 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 WtSmpFlt;Sesam LightWeight Filter;c:\windows\system32\DRIVERS\wtsmpflt.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
S2 SesamService;Sesam Control Service;c:\program files\Swisscom\Sesam\BIN\SecMIPService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [x]
S2 UDM Service;UDM Service;c:\program files\Swisscom\Unlimited Data Manager\DashBoardS.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [x]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WtSmpAdap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 09:35]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 15:37]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 15:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.startfenster.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: Interfaces\{4014011F-239C-46A8-9CF9-7C2DE7B69FFE}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{6EEF9E2D-4B3B-4D44-8FD6-36B66190A6E0}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{F156FA64-377D-4AB1-A127-78DF9271C392}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Otello\AppData\Roaming\Mozilla\Firefox\Profiles\f6680zuo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-busoo.exe - c:\users\Otello\AppData\Roaming\Yhorow\busoo.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Intel\Bluetooth\BTPlayerCtrl.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\prevhost.exe
c:\windows\System32\WUDFHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-23  01:47:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-23 00:47
.
Vor Suchlauf: 11 Verzeichnis(se), 172.873.011.200 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 172.860.432.384 Bytes frei
.
- - End Of File - - 29AE374E2B9CE938661B8CE7621824F3
         

Antwort

Themen zu OTLPE Ergebnisse hab ich, was nun?
anleitung, bildschirm, dateien, desktop, durchgeführt, ergebnisse, fahren, hallo zusammen, herunter, leitung, otl.txt, otlpe, otlpe ergebnisse beurteilen, sekunden, stehe, verwendung, weiße, wenige, windows, windows 7, windows 7 starter, zugreife, zusammen



Ähnliche Themen: OTLPE Ergebnisse hab ich, was nun?


  1. Google Ergebnisse manipuliert
    Log-Analyse und Auswertung - 02.12.2014 (9)
  2. OTL Ergebnisse
    Log-Analyse und Auswertung - 24.06.2014 (1)
  3. Google zeigt keine Ergebnisse an
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (13)
  4. Ergebnisse des ADWcleaners
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (1)
  5. Malwarebytes Ergebnisse
    Log-Analyse und Auswertung - 17.04.2012 (1)
  6. Malwarebyte - 16 Ergebnisse (Rogue.Multiple)
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (2)
  7. Google-Ergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (2)
  8. Google hat nur Englische ergebnisse
    Log-Analyse und Auswertung - 24.02.2009 (1)
  9. Google ergebnisse
    Log-Analyse und Auswertung - 23.02.2009 (3)
  10. Google Ergebnisse
    Log-Analyse und Auswertung - 09.01.2009 (0)
  11. Hijackthis, smitfraund ergebnisse
    Log-Analyse und Auswertung - 25.05.2007 (1)
  12. Escan Ergebnisse
    Log-Analyse und Auswertung - 11.05.2005 (11)
  13. scan ergebnisse beseitigen
    Plagegeister aller Art und deren Bekämpfung - 02.03.2004 (4)
  14. Ergebnisse von CW Shredder
    Plagegeister aller Art und deren Bekämpfung - 06.02.2004 (4)
  15. Ergebnisse von CW Shredder
    Überwachung, Datenschutz und Spam - 05.02.2004 (3)
  16. 35 Ergebnisse bei Adaware 6...
    Überwachung, Datenschutz und Spam - 25.06.2003 (9)
  17. Ergebnisse von Spybot
    Antiviren-, Firewall- und andere Schutzprogramme - 18.01.2003 (4)

Zum Thema OTLPE Ergebnisse hab ich, was nun? - Hallo zusammen, nachdem ich nun auch von dem weißen Bildschirm unter Windows 7 Starter betroffen bin und auch schon Eure Anleitung zur Verwendung von OTLPE durchgeführt habe, stehe ich nun - OTLPE Ergebnisse hab ich, was nun?...
Archiv
Du betrachtest: OTLPE Ergebnisse hab ich, was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.