Trojaner-Board - OTLPE Ergebnisse hab ich, was nun?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - OTLPE Ergebnisse hab ich, was nun? (https://www.trojaner-board.de/129908-otlpe-ergebnisse-hab.html)

OTLPE Ergebnisse hab ich, was nun?

Hallo zusammen,

nachdem ich nun auch von dem weißen Bildschirm unter Windows 7 Starter betroffen bin und auch schon Eure Anleitung zur Verwendung von OTLPE durchgeführt habe, stehe ich nun vor den zwei Textdateien OTL.txt und Extra.txt und weiß nicht weiter.

Könnt Ihr mir hier weiter helfen?

Zur Info noch, ich komme nicht auf das Desktop, denn ich sehe immer nur weiß mit Pfeil, außer kurz beim herunter fahren, da kann ich für wenige Sekunden zugreifen.

Vielen Dank!

---

Anhang:

Hallo und :hallo:

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Hallo und Entschuldigung, habs kapiert ;)
Ich hoffe so passt das dann:

Code:

OTL logfile created on: 1/21/2013 9:12:44 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Windows 7 Starter Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,014.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free

902.00 Mb Paging File | 820.00 Mb Available in Paging File | 91.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files

Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS

Drive D: | 27.99 Gb Total Space | 16.45 Gb Free Space | 58.75% Space Free | Partition Type: NTFS

Drive E: | 201.78 Gb Total Space | 160.14 Gb Free Space | 79.36% Space Free | Partition Type: NTFS

Drive F: | 15.16 Gb Total Space | 15.16 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] --  -- (HWDeviceService.exe)

SRV - [2013/01/21 04:35:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/01/03 04:44:21 | 000,246,112 | ---- | M] () [Auto] -- E:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)

SRV - [2011/10/01 02:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 02:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/05/20 08:28:56 | 000,182,128 | R--- | M] (Swisscom) [Auto] -- E:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe -- (UDM Service)

SRV - [2011/05/16 09:14:02 | 001,482,240 | ---- | M] (Swisscom) [Auto] -- E:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe -- (SesamService)

SRV - [2011/02/16 13:08:52 | 000,920,576 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV - [2011/02/11 05:39:50 | 000,993,616 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011/02/11 05:39:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011/02/11 05:39:44 | 000,907,600 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2011/02/08 21:52:08 | 000,102,672 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)

SRV - [2011/02/04 09:13:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)

SRV - [2011/02/04 09:02:10 | 000,227,600 | ---- | M] () [On_Demand] -- E:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV - [2011/02/04 08:58:18 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)

SRV - [2010/11/02 15:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)

SRV - [2010/09/22 09:49:50 | 000,226,672 | ---- | M] (Sierra Wireless, Inc.) [Auto] -- E:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)

SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/10 07:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (ewusbnet)

DRV - [2012/01/03 04:44:23 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)

DRV - [2012/01/03 04:44:23 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2012/01/03 04:44:23 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2012/01/03 04:44:23 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2011/12/09 12:45:00 | 000,047,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV - [2011/11/14 18:04:00 | 000,263,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)

DRV - [2011/10/01 02:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011/10/01 02:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011/10/01 02:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011/10/01 02:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2011/07/05 10:39:59 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System] -- E:\Windows\System32\drivers\klif.sys -- (KLIF)

DRV - [2011/04/11 09:53:22 | 000,263,024 | ---- | M] (Swisscom) [Kernel | System] -- E:\Windows\System32\drivers\wtsmpflt.sys -- (WtSmpFlt)

DRV - [2011/04/11 09:53:22 | 000,041,328 | ---- | M] (Swisscom) [Kernel | On_Demand] -- E:\Windows\System32\drivers\wtsmpadap.sys -- (WtSmpAdap)

DRV - [2011/02/24 10:01:14 | 000,242,176 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- E:\Windows\system32\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)

DRV - [2011/02/24 10:01:14 | 000,064,000 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- E:\Windows\system32\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)

DRV - [2011/02/24 04:38:58 | 007,507,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)

DRV - [2011/02/16 07:46:28 | 000,209,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP) Intel(R) Centrino(R)

DRV - [2011/02/16 07:46:28 | 000,209,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL) Intel(R) Centrino(R)

DRV - [2011/01/23 19:24:48 | 000,047,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmaux.sys -- (btmaux)

DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/10/28 13:07:44 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\clwvd.sys -- (clwvd)

DRV - [2010/09/09 11:48:36 | 000,055,808 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\fspad_wlh32.sys -- (fspad_wlh32)

DRV - [2010/06/09 09:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- E:\Windows\System32\drivers\kl2.sys -- (kl2)

DRV - [2010/06/09 09:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- E:\Windows\System32\drivers\kl1.sys -- (KL1)

DRV - [2010/04/22 11:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- E:\Windows\System32\drivers\klim6.sys -- (KLIM6)

DRV - [2010/03/01 09:56:18 | 000,031,232 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)

DRV - [2009/11/02 12:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- E:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 17:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2009/06/09 14:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\system32\drivers\ATKACPI.SYS -- (ACPIService)

DRV - [2006/11/10 09:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\afc.sys -- (Afc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com

IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\Otello_ON_E\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\Otello_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/07/05 13:09:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/07/05 13:09:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/07/05 13:09:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2011/11/06 04:51:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/16 02:37:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011/07/05 13:22:41 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Otello\AppData\Roaming\Mozilla\Extensions

[2011/07/06 00:32:44 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions

[2012/10/30 08:07:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

File not found (No name found) -- 

[2011/09/16 02:37:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [ArcSoft Connection Service] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [BTMTrayAgent] E:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4 - HKLM..\Run: [CLMLServer] E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [FLxHCIm] E:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)

O4 - HKLM..\Run: [fspuip] E:\Program Files\FSP\FspUip.exe (Sentelic Corporation)

O4 - HKLM..\Run: [HostManager] E:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [Hotkey] E:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe ()

O4 - HKLM..\Run: [UDM] E:\Program Files\Swisscom\Unlimited Data Manager\LscaGui.exe (Swisscom)

O4 - HKU\Otello_ON_E..\Run: [busoo.exe] E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe ()

O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: E:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKU\Otello_ON_E Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\Otello_ON_E Winlogon: Shell - (C:\Users\Otello\AppData\Roaming\skype.dat) - E:\Users\Otello\AppData\Roaming\skype.dat ()

O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - E:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{27211244-aad7-11e0-86d3-dca9710654a9}\Shell - "" = AutoRun

O33 - MountPoints2\{27211244-aad7-11e0-86d3-dca9710654a9}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{3e02580a-5277-11e1-a43d-001e101f1f6e}\Shell - "" = AutoRun

O33 - MountPoints2\{3e02580a-5277-11e1-a43d-001e101f1f6e}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{7ab39843-36d7-11e1-92c4-dca9710654a9}\Shell - "" = AutoRun

O33 - MountPoints2\{7ab39843-36d7-11e1-92c4-dca9710654a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8d1b1dcc-2eee-11e1-8838-00ade1ac1c1a}\Shell - "" = AutoRun

O33 - MountPoints2\{8d1b1dcc-2eee-11e1-8838-00ade1ac1c1a}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8d1b1ddc-2eee-11e1-8838-00ade1ac1c1a}\Shell - "" = AutoRun

O33 - MountPoints2\{8d1b1ddc-2eee-11e1-8838-00ade1ac1c1a}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{a345bc66-085b-11e1-8701-dca9710654a9}\Shell - "" = AutoRun

O33 - MountPoints2\{a345bc66-085b-11e1-8701-dca9710654a9}\Shell\AutoRun\command - "" = E:\Start.exe

O33 - MountPoints2\{ca8de48d-927f-11e1-a30e-dca9710654a9}\Shell - "" = AutoRun

O33 - MountPoints2\{ca8de48d-927f-11e1-a30e-dca9710654a9}\Shell\AutoRun\command - "" = E:\Start.exe

O33 - MountPoints2\{f78ba0b9-6401-11e2-956d-806e6f6e6963}\Shell\Option1\Command - "" = E:\HBCD\HBCDMenu.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013/01/21 03:57:02 | 000,000,000 | ---D | C] -- E:\478c85c5afddc849ceea772842c63319

[2013/01/19 19:13:37 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection

[2013/01/19 19:11:16 | 000,000,000 | ---D | C] -- E:\ProgramData\24E3B857140F749C000024E393797A96

[2013/01/19 19:10:14 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Yhorow

[2013/01/19 19:10:14 | 000,000,000 | ---D | C] -- E:\Users\Otello\AppData\Roaming\Avgymo

[6 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]

[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013/01/21 14:43:32 | 000,067,584 | -H-- | M] () -- E:\Windows\bootstat.dat

[2013/01/21 14:42:44 | 000,000,004 | ---- | M] () -- E:\Users\Otello\AppData\Roaming\skype.ini

[2013/01/21 14:40:39 | 000,000,004 | ---- | M] () -- E:\ProgramData\WBLD.INI

[2013/01/21 14:40:39 | 000,000,004 | ---- | M] () -- E:\ProgramData\RELED.INI

[2013/01/21 14:40:25 | 000,001,094 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/21 14:39:49 | 797,581,312 | -HS- | M] () -- E:\hiberfil.sys

[2013/01/21 13:47:19 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/21 13:47:19 | 000,016,160 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/21 12:50:45 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/21 12:50:45 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/21 04:35:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe

[2013/01/21 04:35:27 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/01/19 19:13:36 | 000,002,068 | ---- | M] () -- E:\Users\Otello\Desktop\System Progressive Protection.lnk

[2013/01/19 18:22:33 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013/01/14 17:09:59 | 002,200,862 | ---- | M] () -- E:\Users\Otello\Documents\Northwind.accdt

[2013/01/14 17:07:35 | 000,468,534 | ---- | M] () -- E:\Users\Otello\Documents\Tasks.accdt

[2013/01/11 10:49:34 | 001,699,644 | ---- | M] () -- E:\Users\Otello\Desktop\Urlaubsangebote.pdf

[2012/12/23 17:05:35 | 000,490,896 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT

[6 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]

[1 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013/01/19 19:14:55 | 000,000,004 | ---- | C] () -- E:\Users\Otello\AppData\Roaming\skype.ini

[2013/01/19 19:13:36 | 000,002,068 | ---- | C] () -- E:\Users\Otello\Desktop\System Progressive Protection.lnk

[2013/01/14 17:09:59 | 002,200,862 | ---- | C] () -- E:\Users\Otello\Documents\Northwind.accdt

[2013/01/14 17:07:35 | 000,468,534 | ---- | C] () -- E:\Users\Otello\Documents\Tasks.accdt

[2013/01/11 10:49:31 | 001,699,644 | ---- | C] () -- E:\Users\Otello\Desktop\Urlaubsangebote.pdf

[2012/04/27 14:56:43 | 000,000,017 | ---- | C] () -- E:\Windows\System32\shortcut_ex.dat

[2012/01/13 03:05:37 | 000,110,592 | ---- | C] () -- E:\Users\Otello\AppData\Roaming\skype.dat

[2011/11/01 06:36:21 | 000,006,144 | ---- | C] () -- E:\Users\Otello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/05 10:41:36 | 000,116,189 | ---- | C] () -- E:\Windows\System32\drivers\klin.dat

[2011/07/05 10:41:35 | 000,098,168 | ---- | C] () -- E:\Windows\System32\drivers\klick.dat

[2011/04/22 22:09:11 | 000,000,004 | ---- | C] () -- E:\ProgramData\WBLD.INI

[2011/04/21 04:04:23 | 000,000,004 | ---- | C] () -- E:\ProgramData\RELED.INI

[2011/04/21 02:00:39 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll

[2011/04/13 08:16:30 | 000,016,456 | ---- | C] () -- E:\Windows\System32\drivers\ATKACPI.SYS

[2011/03/24 12:36:12 | 000,012,800 | ---- | C] () -- E:\Windows\System32\Install-VR-pulse.exe

[2011/03/24 12:13:52 | 000,044,544 | ---- | C] () -- E:\Windows\System32\Install-VR-pulse.dll

[2010/11/20 19:46:14 | 000,654,844 | ---- | C] () -- E:\Windows\System32\perfh007.dat

[2010/11/20 19:46:14 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat

[2010/11/20 19:46:14 | 000,130,426 | ---- | C] () -- E:\Windows\System32\perfc007.dat

[2010/11/20 19:46:14 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat

[2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll

[2009/09/09 11:01:40 | 000,027,675 | ---- | C] () -- E:\Windows\System32\drivers\klopp.dat

[2009/07/13 23:57:37 | 000,067,584 | -H-- | C] () -- E:\Windows\bootstat.dat

[2009/07/13 23:33:53 | 000,490,896 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT

[2009/07/13 21:05:48 | 000,616,686 | ---- | C] () -- E:\Windows\System32\perfh009.dat

[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat

[2009/07/13 21:05:48 | 000,106,808 | ---- | C] () -- E:\Windows\System32\perfc009.dat

[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat

[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT

[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat

[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2013/01/19 19:13:14 | 000,000,000 | ---D | M] -- E:\ProgramData\24E3B857140F749C000024E393797A96

[2011/04/21 02:03:17 | 000,000,000 | ---D | M] -- E:\ProgramData\AmUStor

[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data

[2012/01/03 04:49:30 | 000,000,000 | ---D | M] -- E:\ProgramData\DatacardService

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents

[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente

[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites

[2011/11/06 04:55:47 | 000,000,000 | ---D | M] -- E:\ProgramData\Local

[2012/01/03 04:48:34 | 000,000,000 | ---D | M] -- E:\ProgramData\Mobile Partner

[2011/07/28 23:59:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner

[2011/04/24 22:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\Roaming

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu

[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü

[2011/04/21 03:03:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates

[2013/01/21 14:42:32 | 000,000,000 | ---D | M] -- E:\ProgramData\UDM

[2011/11/06 04:48:35 | 000,000,000 | ---D | M] -- E:\ProgramData\UDM_21168

[2011/07/10 05:07:04 | 000,000,000 | ---D | M] -- E:\ProgramData\VirtualizedApplications

[2011/07/05 10:37:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen

[2013/01/21 14:16:57 | 000,000,000 | ---D | M] -- E:\ProgramData\WtDashboard

[2011/12/25 07:02:37 | 000,000,000 | -H-D | M] -- E:\ProgramData\{168F2BF3-5528-4D9C-A12E-B02CA5A44257}

[2012/11/10 11:57:22 | 000,032,634 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

< End of report >

Code:

OTL Extras logfile created on: 1/21/2013 9:12:44 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Windows 7 Starter Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,014.00 Mb Total Physical Memory | 749.00 Mb Available Physical Memory | 74.00% Memory free

902.00 Mb Paging File | 820.00 Mb Available in Paging File | 91.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files

Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS

Drive D: | 27.99 Gb Total Space | 16.45 Gb Free Space | 58.75% Space Free | Partition Type: NTFS

Drive E: | 201.78 Gb Total Space | 160.14 Gb Free Space | 79.36% Space Free | Partition Type: NTFS

Drive F: | 15.16 Gb Total Space | 15.16 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- E:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- E:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- E:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{13709A29-963F-4C88-866F-132B12ABA40A}" = AM Usb Card Reader Driver

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24

"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{339474F5-C557-4140-BB96-B7C49A4F5D65}" = VR-pulse Installer

"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D9326E1-E378-48A6-A82B-800147E63306}" = ArcSoft MediaImpression 2

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Hotkey

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi-Software

"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT

"{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed

"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B219E8B-B0B5-4730-9E27-BD3EC339A0CC}" = Unlimited Data Manager 10.0.0

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch

"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B9E88160-4159-4BA4-A5E3-5EA7C3BD0888}" = Fresco Logic USB3.0 Host Controller

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES

"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher

"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AmUStor" = AM Usb Card Reader Driver

"AOL Deinstallation" = AOL Deinstallation

"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander

"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer

"Digital Editions" = Adobe Digital Editions

"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer

"Google Chrome" = Google Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"IrfanView" = IrfanView (remove only)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mobile Partner" = Mobile Partner

"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)

"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010

"Picasa 3" = Picasa 3

"ProInst" = Intel PROSet Wireless

"PROPLUSR" = Microsoft Office Professional Plus 2007

"VLC media player" = VLC media player 2.0.4

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

 

< End of report >

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKU\Otello_ON_E..\Run: [busoo.exe] E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe ()

O20 - HKU\Otello_ON_E Winlogon: Shell - (C:\Users\Otello\AppData\Roaming\skype.dat) - E:\Users\Otello\AppData\Roaming\skype.dat ()

:Files

E:\Users\Otello\AppData\Roaming\skype.dat

E:\Users\Otello\AppData\Roaming\Yhorow

E:\ProgramData\24E3B857140F749C000024E393797A96

E:\Users\Otello\AppData\Roaming\Avgymo

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Soooo, also ich habe das Fix gemacht. Nur mit dem Logfile habe ich Probleme, ich habe es nun beim dritten geschafft zu speichern:

Code:

========== OTL ==========

Registry value HKEY_USERS\Otello_ON_E\Software\Microsoft\Windows\CurrentVersion\Run\\busoo.exe not found.

File E:\Users\Otello\AppData\Roaming\Yhorow\busoo.exe not found.

Registry value HKEY_USERS\Otello_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Otello\AppData\Roaming\skype.dat deleted successfully.

File E:\Users\Otello\AppData\Roaming\skype.dat not found.

========== FILES ==========

File\Folder E:\Users\Otello\AppData\Roaming\skype.dat not found.

File\Folder E:\Users\Otello\AppData\Roaming\Yhorow not found.

File\Folder E:\ProgramData\24E3B857140F749C000024E393797A96 not found.

File\Folder E:\Users\Otello\AppData\Roaming\Avgymo not found.

========== COMMANDS ==========

E:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 01222013_143631

Startet Windows nun wieder normal?

ja, macht es, ich lade gerade Avira neu zum installieren.
Muss ich dann noch was tun?

Bitte keine neuen Virenscans erstmal machen!!

Hast du die MovedFiles gezippt und hochgeladen?

nee, noch nicht, ich habe das ganze Verzeichnis gepackt, was soll ich damit tun?

Ja sagma liest du vllt mal meine Anleitungen richtig? :wtf: :(

Ja, habbe. Die Datei habe ich eben hochgeladen

Zitat:

Ja, habbe.

Ähm :wtf: und warum fragst du mich was damit passieren wenn du angeblich die Anleitung komplett gelesen hast?! :D

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Es gibt Neuigkeiten:

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software

Run date: 2013-01-22 16:03:29

-----------------------------

16:03:29.717    OS Version: Windows 6.1.7601 Service Pack 1

16:03:29.717    Number of processors: 4 586 0x1C0A

16:03:29.722    ComputerName: OTELLO-PC  UserName: Otello

16:04:38.174    Initialize success

16:31:50.233    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:31:50.280    Disk 0 Vendor: ST9250315AS 0003SDM1 Size: 238475MB BusType: 3

16:31:50.405    Disk 0 MBR read successfully

16:31:50.405    Disk 0 MBR scan

16:31:50.421    Disk 0 unknown MBR code

16:31:50.577    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

16:31:50.639    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       206627 MB offset 206848

16:31:50.639    Disk 0 Partition - 00     0F Extended LBA             30714 MB offset 423378944

16:31:50.764    Disk 0 Partition 3 00     12  Compaq diag NTFS         1026 MB offset 486285312

16:31:50.882    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        28664 MB offset 423380992

16:31:50.902    Disk 0 Partition - 00     05     Extended               129 MB offset 482084864

16:31:50.952    Disk 0 Partition 5 00     27 Hidden NTFS WinRE               128 MB offset 482086912

16:31:50.972    Disk 0 Partition - 00     05     Extended               896 MB offset 541054976

16:31:51.002    Disk 0 Partition 6 00     27 Hidden NTFS WinRE               895 MB offset 482351104

16:31:51.062    Disk 0 Partition - 00     05     Extended              1024 MB offset 543154176

16:31:51.117    Disk 0 Partition 7 00     27 Hidden NTFS WinRE              1023 MB offset 484186112

16:31:51.197    Disk 0 scanning sectors +488386560

16:31:51.382    Disk 0 scanning C:\Windows\system32\drivers

16:32:16.294    Service scanning

16:33:05.125    Modules scanning

16:33:26.820    Disk 0 trace - called modules:

16:33:26.863    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys Wdf01000.sys FLxHCIc.sys 

16:33:26.880    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b96618]

16:33:26.898    3 CLASSPNP.SYS[86faa59e] -> nt!IofCallDriver -> [0x83d789e0]

16:33:26.915    5 ACPI.sys[86cb73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a48030]

16:33:26.933    Scan finished successfully

16:44:41.323    Disk 0 MBR has been saved successfully to "E:\MBR.dat"

16:44:41.385    The log file has been saved successfully to "E:\aswMBR.txt"

Code:

16:46:29.0911 5816  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

16:46:30.0125 5816  ============================================================

16:46:30.0126 5816  Current date / time: 2013/01/22 16:46:30.0125

16:46:30.0126 5816  SystemInfo:

16:46:30.0126 5816  

16:46:30.0126 5816  OS Version: 6.1.7601 ServicePack: 1.0

16:46:30.0126 5816  Product type: Workstation

16:46:30.0126 5816  ComputerName: OTELLO-PC

16:46:30.0127 5816  UserName: Otello

16:46:30.0127 5816  Windows directory: C:\Windows

16:46:30.0127 5816  System windows directory: C:\Windows

16:46:30.0127 5816  Processor architecture: Intel x86

16:46:30.0127 5816  Number of processors: 4

16:46:30.0127 5816  Page size: 0x1000

16:46:30.0127 5816  Boot type: Normal boot

16:46:30.0127 5816  ============================================================

16:46:33.0363 5816  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:46:33.0363 5816  Drive \Device\Harddisk1\DR1 - Size: 0x3CB1FFE00 (15.17 Gb), SectorSize: 0x200, Cylinders: 0x7BC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:46:33.0363 5816  ============================================================

16:46:33.0363 5816  \Device\Harddisk0\DR0:

16:46:33.0378 5816  MBR partitions:

16:46:33.0378 5816  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

16:46:33.0378 5816  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800

16:46:33.0394 5816  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4800, BlocksNum 0x37FC000

16:46:33.0472 5816  \Device\Harddisk1\DR1:

16:46:33.0472 5816  MBR partitions:

16:46:33.0472 5816  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E58FDF

16:46:33.0472 5816  ============================================================

16:46:33.0534 5816  C: <-> \Device\Harddisk0\DR0\Partition2

16:46:33.0581 5816  D: <-> \Device\Harddisk0\DR0\Partition3

16:46:33.0722 5816  ============================================================

16:46:33.0722 5816  Initialize success

16:46:33.0722 5816  ============================================================

16:46:54.0782 1640  ============================================================

16:46:54.0782 1640  Scan started

16:46:54.0782 1640  Mode: Manual; SigCheck; TDLFS; 

16:46:54.0782 1640  ============================================================

16:46:57.0618 1640  ================ Scan system memory ========================

16:46:57.0618 1640  System memory - ok

16:46:57.0618 1640  ================ Scan services =============================

16:46:57.0798 1640  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

16:46:58.0038 1640  1394ohci - ok

16:46:58.0138 1640  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

16:46:58.0198 1640  ACDaemon - ok

16:46:58.0258 1640  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

16:46:58.0298 1640  ACPI - ok

16:46:58.0328 1640  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

16:46:58.0438 1640  AcpiPmi - ok

16:46:58.0468 1640  [ C1C7EEF1A53A6B47323187A22559E553 ] ACPIService     C:\Windows\system32\drivers\ATKACPI.SYS

16:46:58.0498 1640  ACPIService - ok

16:46:58.0578 1640  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

16:46:58.0608 1640  AdobeARMservice - ok

16:46:58.0708 1640  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:46:58.0758 1640  AdobeFlashPlayerUpdateSvc - ok

16:46:58.0818 1640  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

16:46:58.0870 1640  adp94xx - ok

16:46:58.0901 1640  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys

16:46:58.0948 1640  adpahci - ok

16:46:58.0979 1640  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

16:46:59.0010 1640  adpu320 - ok

16:46:59.0057 1640  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

16:46:59.0228 1640  AeLookupSvc - ok

16:46:59.0306 1640  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\Windows\system32\drivers\Afc.sys

16:46:59.0338 1640  Afc - ok

16:46:59.0384 1640  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

16:46:59.0478 1640  AFD - ok

16:46:59.0525 1640  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

16:46:59.0556 1640  agp440 - ok

16:46:59.0587 1640  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

16:46:59.0618 1640  aic78xx - ok

16:46:59.0665 1640  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

16:46:59.0743 1640  ALG - ok

16:46:59.0774 1640  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

16:46:59.0806 1640  aliide - ok

16:46:59.0852 1640  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

16:46:59.0884 1640  amdagp - ok

16:46:59.0930 1640  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

16:46:59.0962 1640  amdide - ok

16:47:00.0664 1640  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

16:47:00.0726 1640  AmdK8 - ok

16:47:00.0773 1640  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys

16:47:00.0830 1640  AmdPPM - ok

16:47:00.0880 1640  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

16:47:00.0925 1640  amdsata - ok

16:47:00.0962 1640  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

16:47:00.0997 1640  amdsbs - ok

16:47:01.0029 1640  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

16:47:01.0059 1640  amdxata - ok

16:47:01.0108 1640  [ 6A590E84B7645BA059C45BA416546E39 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys

16:47:01.0212 1640  AMPPAL - ok

16:47:01.0233 1640  [ 6A590E84B7645BA059C45BA416546E39 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys

16:47:01.0264 1640  AMPPALP - ok

16:47:01.0329 1640  [ AD29A8912C605CF8B784FEDBB6AD5467 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

16:47:01.0415 1640  AMPPALR3 - ok

16:47:01.0462 1640  [ F2DFC6991630B91E9DA263DCA939C8B2 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS

16:47:01.0543 1640  AmUStor - ok

16:47:01.0583 1640  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

16:47:01.0655 1640  AppID - ok

16:47:01.0698 1640  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

16:47:01.0780 1640  AppIDSvc - ok

16:47:01.0804 1640  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

16:47:01.0879 1640  Appinfo - ok

16:47:01.0908 1640  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys

16:47:01.0940 1640  arc - ok

16:47:01.0963 1640  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

16:47:01.0995 1640  arcsas - ok

16:47:02.0034 1640  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

16:47:02.0162 1640  AsyncMac - ok

16:47:02.0193 1640  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

16:47:02.0222 1640  atapi - ok

16:47:02.0268 1640  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:47:02.0360 1640  AudioEndpointBuilder - ok

16:47:02.0379 1640  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

16:47:02.0465 1640  Audiosrv - ok

16:47:02.0494 1640  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

16:47:02.0629 1640  AxInstSV - ok

16:47:02.0674 1640  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys

16:47:02.0773 1640  b06bdrv - ok

16:47:02.0817 1640  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

16:47:02.0879 1640  b57nd60x - ok

16:47:02.0926 1640  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

16:47:03.0019 1640  BDESVC - ok

16:47:03.0051 1640  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

16:47:03.0129 1640  Beep - ok

16:47:03.0191 1640  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll

16:47:03.0300 1640  BITS - ok

16:47:03.0331 1640  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

16:47:03.0378 1640  blbdrive - ok

16:47:03.0456 1640  [ E202305F27FC0984BC33D8F6195564D0 ] Bluetooth Device Monitor C:\Program Files\Intel\Bluetooth\devmonsrv.exe

16:47:03.0534 1640  Bluetooth Device Monitor - ok

16:47:03.0628 1640  [ F9224764267B387065384C86F6AE7189 ] Bluetooth Media Service C:\Program Files\Intel\Bluetooth\mediasrv.exe

16:47:03.0729 1640  Bluetooth Media Service - ok

16:47:03.0769 1640  [ C4F2AB05AB88601316ED05C4396668E2 ] Bluetooth OBEX Service C:\Program Files\Intel\Bluetooth\obexsrv.exe

16:47:03.0849 1640  Bluetooth OBEX Service - ok

16:47:03.0889 1640  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

16:47:03.0971 1640  bowser - ok

16:47:04.0009 1640  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

16:47:04.0064 1640  BrFiltLo - ok

16:47:04.0096 1640  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

16:47:04.0159 1640  BrFiltUp - ok

16:47:04.0211 1640  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

16:47:04.0304 1640  Browser - ok

16:47:04.0336 1640  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

16:47:04.0439 1640  Brserid - ok

16:47:04.0479 1640  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

16:47:04.0529 1640  BrSerWdm - ok

16:47:04.0551 1640  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

16:47:04.0604 1640  BrUsbMdm - ok

16:47:04.0641 1640  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

16:47:04.0691 1640  BrUsbSer - ok

16:47:04.0754 1640  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

16:47:04.0911 1640  BthEnum - ok

16:47:04.0951 1640  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

16:47:05.0006 1640  BTHMODEM - ok

16:47:05.0039 1640  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

16:47:05.0096 1640  BthPan - ok

16:47:05.0241 1640  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

16:47:05.0321 1640  BTHPORT - ok

16:47:05.0366 1640  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

16:47:05.0449 1640  bthserv - ok

16:47:05.0486 1640  [ 3A80BE49133745FDCB0AE7E248FB808C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

16:47:05.0511 1640  BTHSSecurityMgr - ok

16:47:05.0569 1640  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

16:47:05.0629 1640  BTHUSB - ok

16:47:05.0666 1640  [ 0CE0A06DC095D070E128DC24C1196F41 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys

16:47:05.0694 1640  btmaux - ok

16:47:05.0739 1640  [ 58351A9ED9A5AD3C8A22EC5BEBF4DA2A ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys

16:47:05.0817 1640  btmhsf - ok

16:47:05.0864 1640  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

16:47:05.0959 1640  cdfs - ok

16:47:05.0999 1640  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

16:47:06.0044 1640  cdrom - ok

16:47:06.0084 1640  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

16:47:06.0164 1640  CertPropSvc - ok

16:47:06.0194 1640  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys

16:47:06.0234 1640  circlass - ok

16:47:06.0259 1640  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

16:47:06.0304 1640  CLFS - ok

16:47:06.0374 1640  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:47:06.0409 1640  clr_optimization_v2.0.50727_32 - ok

16:47:06.0479 1640  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:47:06.0554 1640  clr_optimization_v4.0.30319_32 - ok

16:47:06.0584 1640  [ 125C828BF3673406DFD642D7BEE8434F ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys

16:47:06.0619 1640  clwvd - ok

16:47:06.0654 1640  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys

16:47:06.0709 1640  CmBatt - ok

16:47:06.0754 1640  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

16:47:06.0784 1640  cmdide - ok

16:47:06.0924 1640  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

16:47:07.0109 1640  CNG - ok

16:47:07.0134 1640  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

16:47:07.0164 1640  Compbatt - ok

16:47:07.0199 1640  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

16:47:07.0249 1640  CompositeBus - ok

16:47:07.0259 1640  COMSysApp - ok

16:47:07.0304 1640  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

16:47:07.0354 1640  crcdisk - ok

16:47:07.0419 1640  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll

16:47:07.0519 1640  CryptSvc - ok

16:47:07.0639 1640  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

16:47:07.0719 1640  cvhsvc - ok

16:47:07.0789 1640  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

16:47:07.0904 1640  DcomLaunch - ok

16:47:07.0935 1640  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

16:47:08.0013 1640  defragsvc - ok

16:47:08.0045 1640  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

16:47:08.0138 1640  DfsC - ok

16:47:08.0169 1640  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

16:47:08.0247 1640  Dhcp - ok

16:47:08.0263 1640  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

16:47:08.0357 1640  discache - ok

16:47:08.0372 1640  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys

16:47:08.0403 1640  Disk - ok

16:47:08.0435 1640  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

16:47:08.0513 1640  Dnscache - ok

16:47:08.0544 1640  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

16:47:08.0637 1640  dot3svc - ok

16:47:08.0653 1640  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

16:47:08.0747 1640  DPS - ok

16:47:08.0793 1640  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

16:47:08.0840 1640  drmkaud - ok

16:47:08.0887 1640  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

16:47:08.0965 1640  DXGKrnl - ok

16:47:08.0996 1640  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

16:47:09.0090 1640  EapHost - ok

16:47:09.0199 1640  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys

16:47:09.0386 1640  ebdrv - ok

16:47:09.0433 1640  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

16:47:09.0573 1640  EFS - ok

16:47:09.0620 1640  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys

16:47:09.0667 1640  elxstor - ok

16:47:09.0698 1640  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

16:47:09.0748 1640  ErrDev - ok

16:47:09.0818 1640  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

16:47:09.0918 1640  EventSystem - ok

16:47:09.0998 1640  [ 9A581303C7B0436E4B8D613EE0A79C7C ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe

16:47:10.0078 1640  EvtEng - ok

16:47:10.0148 1640  [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys

16:47:10.0268 1640  ewusbmbb - ok

16:47:10.0278 1640  ewusbnet - ok

16:47:10.0318 1640  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

16:47:10.0388 1640  ew_hwusbdev - ok

16:47:10.0418 1640  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

16:47:10.0498 1640  exfat - ok

16:47:10.0998 1640  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

16:47:11.0088 1640  fastfat - ok

16:47:11.0148 1640  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

16:47:11.0268 1640  Fax - ok

16:47:11.0308 1640  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys

16:47:11.0348 1640  fdc - ok

16:47:11.0378 1640  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

16:47:11.0458 1640  fdPHost - ok

16:47:11.0488 1640  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

16:47:11.0558 1640  FDResPub - ok

16:47:11.0598 1640  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

16:47:11.0628 1640  FileInfo - ok

16:47:11.0648 1640  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

16:47:11.0728 1640  Filetrace - ok

16:47:11.0763 1640  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

16:47:11.0813 1640  flpydisk - ok

16:47:11.0848 1640  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

16:47:11.0883 1640  FltMgr - ok

16:47:11.0928 1640  [ 2A7700BEDBBEF962B2BDD14A36B872EF ] FLxHCIc         C:\Windows\system32\drivers\FLxHCIc.sys

16:47:12.0003 1640  FLxHCIc - ok

16:47:12.0048 1640  [ A2AB780E5D7E8DE7AC0397D4E6C0FE72 ] FLxHCIh         C:\Windows\system32\drivers\FLxHCIh.sys

16:47:12.0103 1640  FLxHCIh - ok

16:47:12.0158 1640  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll

16:47:12.0283 1640  FontCache - ok

16:47:12.0343 1640  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:47:12.0378 1640  FontCache3.0.0.0 - ok

16:47:12.0403 1640  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

16:47:12.0433 1640  FsDepends - ok

16:47:12.0478 1640  [ 5739510AA7EC9D1F9C5D1268C153B7A2 ] fspad_wlh32     C:\Windows\system32\drivers\fspad_wlh32.sys

16:47:12.0543 1640  fspad_wlh32 - ok

16:47:12.0593 1640  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

16:47:12.0623 1640  Fs_Rec - ok

16:47:12.0653 1640  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

16:47:12.0698 1640  fvevol - ok

16:47:12.0733 1640  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

16:47:12.0763 1640  gagp30kx - ok

16:47:12.0808 1640  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

16:47:12.0903 1640  gpsvc - ok

16:47:12.0993 1640  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

16:47:13.0018 1640  gupdate - ok

16:47:13.0028 1640  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

16:47:13.0068 1640  gupdatem - ok

16:47:13.0098 1640  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

16:47:13.0128 1640  gusvc - ok

16:47:13.0248 1640  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

16:47:13.0363 1640  hcw85cir - ok

16:47:13.0393 1640  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:47:13.0483 1640  HdAudAddService - ok

16:47:13.0524 1640  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

16:47:13.0555 1640  HDAudBus - ok

16:47:13.0586 1640  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

16:47:13.0633 1640  HidBatt - ok

16:47:13.0680 1640  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

16:47:13.0727 1640  HidBth - ok

16:47:13.0758 1640  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys

16:47:13.0805 1640  HidIr - ok

16:47:13.0836 1640  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll

16:47:13.0914 1640  hidserv - ok

16:47:13.0945 1640  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

16:47:14.0007 1640  HidUsb - ok

16:47:14.0039 1640  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

16:47:14.0132 1640  hkmsvc - ok

16:47:14.0148 1640  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:47:14.0257 1640  HomeGroupListener - ok

16:47:14.0288 1640  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:47:14.0351 1640  HomeGroupProvider - ok

16:47:14.0397 1640  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

16:47:14.0429 1640  HpSAMD - ok

16:47:14.0460 1640  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

16:47:14.0553 1640  HTTP - ok

16:47:14.0616 1640  [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys

16:47:14.0678 1640  huawei_enumerator - ok

16:47:14.0772 1640  [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys

16:47:14.0834 1640  hwdatacard - ok

16:47:14.0928 1640  [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe

16:47:14.0959 1640  HWDeviceService.exe - ok

16:47:14.0990 1640  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

16:47:15.0021 1640  hwpolicy - ok

16:47:15.0053 1640  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

16:47:15.0099 1640  i8042prt - ok

16:47:15.0162 1640  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

16:47:15.0209 1640  iaStorV - ok

16:47:15.0255 1640  [ AE2DC615F928AC6A18CF25A58630809E ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys

16:47:15.0302 1640  iBtFltCoex - ok

16:47:15.0365 1640  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:47:15.0443 1640  idsvc - ok

16:47:15.0599 1640  [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

16:47:15.0926 1640  igfx - ok

16:47:15.0973 1640  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

16:47:16.0004 1640  iirsp - ok

16:47:16.0035 1640  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

16:47:16.0147 1640  IKEEXT - ok

16:47:16.0285 1640  [ 67E94D5C722164D7FBF4A79FEAF41C37 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

16:47:16.0482 1640  IntcAzAudAddService - ok

16:47:16.0505 1640  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

16:47:16.0535 1640  intelide - ok

16:47:16.0560 1640  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

16:47:16.0600 1640  intelppm - ok

16:47:16.0630 1640  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

16:47:16.0715 1640  IPBusEnum - ok

16:47:16.0737 1640  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:47:16.0807 1640  IpFilterDriver - ok

16:47:16.0840 1640  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

16:47:16.0875 1640  IPMIDRV - ok

16:47:16.0907 1640  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

16:47:16.0997 1640  IPNAT - ok

16:47:17.0025 1640  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

16:47:17.0077 1640  IRENUM - ok

16:47:17.0120 1640  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

16:47:17.0150 1640  isapnp - ok

16:47:17.0185 1640  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

16:47:17.0225 1640  iScsiPrt - ok

16:47:17.0252 1640  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

16:47:17.0285 1640  kbdclass - ok

16:47:17.0327 1640  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

16:47:17.0372 1640  kbdhid - ok

16:47:17.0392 1640  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

16:47:17.0425 1640  KeyIso - ok

16:47:17.0485 1640  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

16:47:17.0517 1640  KSecDD - ok

16:47:17.0565 1640  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

16:47:17.0600 1640  KSecPkg - ok

16:47:17.0637 1640  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

16:47:17.0730 1640  KtmRm - ok

16:47:17.0765 1640  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll

16:47:17.0852 1640  LanmanServer - ok

16:47:17.0900 1640  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:47:17.0970 1640  LanmanWorkstation - ok

16:47:17.0995 1640  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

16:47:18.0085 1640  lltdio - ok

16:47:18.0123 1640  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

16:47:18.0185 1640  lltdsvc - ok

16:47:18.0217 1640  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

16:47:18.0295 1640  lmhosts - ok

16:47:18.0326 1640  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

16:47:18.0357 1640  LSI_FC - ok

16:47:18.0404 1640  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

16:47:18.0442 1640  LSI_SAS - ok

16:47:18.0463 1640  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

16:47:18.0496 1640  LSI_SAS2 - ok

16:47:18.0531 1640  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

16:47:18.0564 1640  LSI_SCSI - ok

16:47:18.0593 1640  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

16:47:18.0672 1640  luafv - ok

16:47:18.0729 1640  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys

16:47:18.0761 1640  megasas - ok

16:47:18.0784 1640  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

16:47:18.0823 1640  MegaSR - ok

16:47:18.0862 1640  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

16:47:18.0953 1640  MMCSS - ok

16:47:19.0053 1640  [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe

16:47:19.0089 1640  Mobile Partner. RunOuc - ok

16:47:19.0114 1640  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

16:47:19.0194 1640  Modem - ok

16:47:19.0244 1640  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

16:47:19.0296 1640  monitor - ok

16:47:19.0338 1640  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

16:47:19.0369 1640  mouclass - ok

16:47:19.0408 1640  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

16:47:19.0458 1640  mouhid - ok

16:47:19.0488 1640  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

16:47:19.0519 1640  mountmgr - ok

16:47:19.0548 1640  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

16:47:19.0583 1640  mpio - ok

16:47:19.0619 1640  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

16:47:19.0686 1640  mpsdrv - ok

16:47:19.0712 1640  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

16:47:19.0768 1640  MRxDAV - ok

16:47:19.0807 1640  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

16:47:19.0906 1640  mrxsmb - ok

16:47:19.0959 1640  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:47:20.0017 1640  mrxsmb10 - ok

16:47:20.0062 1640  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:47:20.0112 1640  mrxsmb20 - ok

16:47:20.0251 1640  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

16:47:20.0294 1640  msahci - ok

16:47:20.0329 1640  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

16:47:20.0366 1640  msdsm - ok

16:47:20.0386 1640  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

16:47:20.0434 1640  MSDTC - ok

16:47:20.0481 1640  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

16:47:20.0574 1640  Msfs - ok

16:47:20.0652 1640  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

16:47:20.0746 1640  mshidkmdf - ok

16:47:20.0824 1640  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

16:47:20.0855 1640  msisadrv - ok

16:47:20.0886 1640  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

16:47:20.0977 1640  MSiSCSI - ok

16:47:20.0987 1640  msiserver - ok

16:47:21.0022 1640  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

16:47:21.0092 1640  MSKSSRV - ok

16:47:21.0117 1640  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

16:47:21.0197 1640  MSPCLOCK - ok

16:47:21.0237 1640  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

16:47:21.0317 1640  MSPQM - ok

16:47:21.0342 1640  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

16:47:21.0377 1640  MsRPC - ok

16:47:21.0417 1640  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

16:47:21.0452 1640  mssmbios - ok

16:47:21.0477 1640  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

16:47:21.0546 1640  MSTEE - ok

16:47:21.0572 1640  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

16:47:21.0626 1640  MTConfig - ok

16:47:21.0661 1640  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

16:47:21.0691 1640  Mup - ok

16:47:21.0726 1640  [ 05B53873D183876F28D8F7F0A844F053 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

16:47:21.0757 1640  MyWiFiDHCPDNS - ok

16:47:21.0800 1640  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

16:47:21.0905 1640  napagent - ok

16:47:21.0947 1640  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

16:47:22.0006 1640  NativeWifiP - ok

16:47:22.0077 1640  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

16:47:22.0156 1640  NDIS - ok

16:47:22.0176 1640  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

16:47:22.0252 1640  NdisCap - ok

16:47:22.0281 1640  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

16:47:22.0364 1640  NdisTapi - ok

16:47:22.0399 1640  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

16:47:22.0477 1640  Ndisuio - ok

16:47:22.0500 1640  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

16:47:22.0576 1640  NdisWan - ok

16:47:22.0617 1640  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

16:47:22.0684 1640  NDProxy - ok

16:47:22.0704 1640  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

16:47:22.0772 1640  NetBIOS - ok

16:47:22.0797 1640  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

16:47:22.0884 1640  NetBT - ok

16:47:22.0906 1640  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

16:47:22.0941 1640  Netlogon - ok

16:47:22.0982 1640  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

16:47:23.0062 1640  Netman - ok

16:47:23.0079 1640  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

16:47:23.0180 1640  netprofm - ok

16:47:23.0275 1640  [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys

16:47:23.0350 1640  netr28u - ok

16:47:23.0389 1640  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:47:23.0422 1640  NetTcpPortSharing - ok

16:47:23.0625 1640  [ 620695631CF043B654EBDBA8F5EBA4CC ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys

16:47:23.0968 1640  NETwNs32 - ok

16:47:24.0000 1640  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

16:47:24.0031 1640  nfrd960 - ok

16:47:24.0078 1640  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll

16:47:24.0171 1640  NlaSvc - ok

16:47:24.0202 1640  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

16:47:24.0296 1640  Npfs - ok

16:47:24.0327 1640  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

16:47:24.0421 1640  nsi - ok

16:47:24.0436 1640  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

16:47:24.0514 1640  nsiproxy - ok

16:47:24.0592 1640  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

16:47:24.0702 1640  Ntfs - ok

16:47:24.0733 1640  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

16:47:24.0795 1640  Null - ok

16:47:24.0842 1640  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

16:47:24.0873 1640  nvraid - ok

16:47:24.0904 1640  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

16:47:24.0936 1640  nvstor - ok

16:47:24.0967 1640  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

16:47:25.0014 1640  nv_agp - ok

16:47:25.0138 1640  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:47:25.0201 1640  odserv - ok

16:47:25.0248 1640  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

16:47:25.0294 1640  ohci1394 - ok

16:47:25.0326 1640  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:47:25.0357 1640  ose - ok

16:47:25.0513 1640  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:47:25.0825 1640  osppsvc - ok

16:47:25.0918 1640  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

16:47:26.0043 1640  p2pimsvc - ok

16:47:26.0090 1640  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

16:47:26.0159 1640  p2psvc - ok

16:47:26.0179 1640  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys

16:47:26.0216 1640  Parport - ok

16:47:26.0256 1640  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

16:47:26.0299 1640  partmgr - ok

16:47:26.0316 1640  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

16:47:26.0351 1640  Parvdm - ok

16:47:26.0379 1640  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

16:47:26.0426 1640  PcaSvc - ok

16:47:26.0449 1640  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

16:47:26.0484 1640  pci - ok

16:47:26.0526 1640  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

16:47:26.0556 1640  pciide - ok

16:47:26.0601 1640  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

16:47:26.0639 1640  pcmcia - ok

16:47:26.0674 1640  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

16:47:26.0704 1640  pcw - ok

16:47:26.0736 1640  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

16:47:26.0851 1640  PEAUTH - ok

16:47:26.0949 1640  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

16:47:27.0086 1640  pla - ok

16:47:27.0136 1640  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

16:47:27.0226 1640  PlugPlay - ok

16:47:27.0244 1640  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

16:47:27.0291 1640  PNRPAutoReg - ok

16:47:27.0326 1640  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

16:47:27.0366 1640  PNRPsvc - ok

16:47:27.0411 1640  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

16:47:27.0499 1640  PolicyAgent - ok

16:47:27.0546 1640  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

16:47:27.0654 1640  Power - ok

16:47:27.0749 1640  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

16:47:27.0844 1640  PptpMiniport - ok

16:47:27.0874 1640  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys

16:47:27.0921 1640  Processor - ok

16:47:27.0996 1640  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

16:47:28.0091 1640  ProfSvc - ok

16:47:28.0219 1640  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:47:28.0250 1640  ProtectedStorage - ok

16:47:28.0313 1640  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

16:47:28.0375 1640  Psched - ok

16:47:28.0422 1640  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

16:47:28.0438 1640  PSI_SVC_2 - ok

16:47:28.0500 1640  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

16:47:28.0625 1640  ql2300 - ok

16:47:28.0650 1640  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

16:47:28.0682 1640  ql40xx - ok

16:47:28.0727 1640  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

16:47:28.0792 1640  QWAVE - ok

16:47:28.0825 1640  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

16:47:28.0867 1640  QWAVEdrv - ok

16:47:28.0892 1640  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

16:47:28.0975 1640  RasAcd - ok

16:47:29.0012 1640  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

16:47:29.0090 1640  RasAgileVpn - ok

16:47:29.0127 1640  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

16:47:29.0217 1640  RasAuto - ok

16:47:29.0242 1640  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

16:47:29.0327 1640  Rasl2tp - ok

16:47:29.0362 1640  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

16:47:29.0452 1640  RasMan - ok

16:47:29.0472 1640  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

16:47:29.0545 1640  RasPppoe - ok

16:47:29.0582 1640  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

16:47:29.0662 1640  RasSstp - ok

16:47:29.0702 1640  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

16:47:29.0787 1640  rdbss - ok

16:47:29.0812 1640  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys

16:47:29.0850 1640  rdpbus - ok

16:47:29.0875 1640  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

16:47:29.0952 1640  RDPCDD - ok

16:47:29.0985 1640  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

16:47:30.0062 1640  RDPENCDD - ok

16:47:30.0090 1640  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

16:47:30.0182 1640  RDPREFMP - ok

16:47:30.0232 1640  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

16:47:30.0307 1640  RDPWD - ok

16:47:30.0342 1640  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

16:47:30.0377 1640  rdyboost - ok

16:47:30.0450 1640  [ 3F7B27F7F19A2F2B0E75768410D05DC3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

16:47:30.0490 1640  RegSrvc - ok

16:47:30.0532 1640  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

16:47:30.0596 1640  RemoteAccess - ok

16:47:30.0627 1640  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

16:47:30.0705 1640  RemoteRegistry - ok

16:47:30.0939 1640  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

16:47:31.0001 1640  RFCOMM - ok

16:47:31.0032 1640  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

16:47:31.0126 1640  RpcEptMapper - ok

16:47:31.0173 1640  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

16:47:31.0204 1640  RpcLocator - ok

16:47:31.0344 1640  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

16:47:31.0438 1640  RpcSs - ok

16:47:31.0485 1640  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

16:47:31.0578 1640  rspndr - ok

16:47:31.0610 1640  [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys

16:47:31.0656 1640  RTL8167 - ok

16:47:31.0688 1640  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

16:47:31.0719 1640  SamSs - ok

16:47:31.0734 1640  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

16:47:31.0766 1640  sbp2port - ok

16:47:31.0797 1640  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

16:47:31.0875 1640  SCardSvr - ok

16:47:31.0906 1640  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

16:47:31.0984 1640  scfilter - ok

16:47:32.0031 1640  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

16:47:32.0140 1640  Schedule - ok

16:47:32.0171 1640  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

16:47:32.0240 1640  SCPolicySvc - ok

16:47:32.0255 1640  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

16:47:32.0352 1640  SDRSVC - ok

16:47:32.0392 1640  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

16:47:32.0462 1640  secdrv - ok

16:47:32.0487 1640  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

16:47:32.0575 1640  seclogon - ok

16:47:32.0607 1640  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll

16:47:32.0692 1640  SENS - ok

16:47:32.0712 1640  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys

16:47:32.0747 1640  Serenum - ok

16:47:32.0785 1640  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys

16:47:32.0835 1640  Serial - ok

16:47:32.0867 1640  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

16:47:32.0902 1640  sermouse - ok

16:47:33.0100 1640  [ 1E26803454642E2C6E3C03E8E42854EC ] SesamService    C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe

16:47:33.0205 1640  SesamService ( UnsignedFile.Multi.Generic ) - warning

16:47:33.0207 1640  SesamService - detected UnsignedFile.Multi.Generic (1)

16:47:33.0247 1640  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

16:47:33.0330 1640  SessionEnv - ok

16:47:33.0352 1640  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

16:47:33.0405 1640  sffdisk - ok

16:47:33.0430 1640  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

16:47:33.0467 1640  sffp_mmc - ok

16:47:33.0510 1640  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

16:47:33.0560 1640  sffp_sd - ok

16:47:33.0607 1640  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

16:47:33.0650 1640  sfloppy - ok

16:47:33.0722 1640  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys

16:47:33.0780 1640  Sftfs - ok

16:47:33.0885 1640  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

16:47:33.0945 1640  sftlist - ok

16:47:33.0995 1640  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys

16:47:34.0037 1640  Sftplay - ok

16:47:34.0090 1640  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys

16:47:34.0127 1640  Sftredir - ok

16:47:34.0167 1640  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys

16:47:34.0195 1640  Sftvol - ok

16:47:34.0220 1640  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

16:47:34.0251 1640  sftvsa - ok

16:47:34.0298 1640  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:47:34.0407 1640  ShellHWDetection - ok

16:47:34.0438 1640  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

16:47:34.0469 1640  sisagp - ok

16:47:34.0501 1640  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys

16:47:34.0532 1640  SiSRaid2 - ok

16:47:34.0547 1640  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

16:47:34.0579 1640  SiSRaid4 - ok

16:47:34.0756 1640  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

16:47:34.0951 1640  Skype C2C Service - ok

16:47:35.0016 1640  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

16:47:35.0056 1640  SkypeUpdate - ok

16:47:35.0081 1640  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

16:47:35.0156 1640  Smb - ok

16:47:35.0211 1640  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

16:47:35.0251 1640  SNMPTRAP - ok

16:47:35.0291 1640  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

16:47:35.0321 1640  spldr - ok

16:47:35.0381 1640  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

16:47:35.0481 1640  Spooler - ok

16:47:35.0606 1640  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

16:47:35.0824 1640  sppsvc - ok

16:47:35.0914 1640  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

16:47:35.0999 1640  sppuinotify - ok

16:47:36.0074 1640  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

16:47:36.0156 1640  srv - ok

16:47:36.0191 1640  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

16:47:36.0256 1640  srv2 - ok

16:47:36.0286 1640  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

16:47:36.0324 1640  srvnet - ok

16:47:36.0364 1640  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

16:47:36.0444 1640  SSDPSRV - ok

16:47:36.0469 1640  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

16:47:36.0551 1640  SstpSvc - ok

16:47:36.0579 1640  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys

16:47:36.0611 1640  stexstor - ok

16:47:36.0669 1640  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

16:47:36.0749 1640  StiSvc - ok

16:47:36.0781 1640  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

16:47:36.0811 1640  swenum - ok

16:47:36.0904 1640  [ A6B7C24BCA99B2474F165E35A28E65EF ] SwiCardDetectSvc C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe

16:47:36.0944 1640  SwiCardDetectSvc - ok

16:47:36.0996 1640  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

16:47:37.0079 1640  swprv - ok

16:47:37.0277 1640  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

16:47:37.0370 1640  SysMain - ok

16:47:37.0386 1640  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:47:37.0448 1640  TabletInputService - ok

16:47:37.0479 1640  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

16:47:37.0557 1640  TapiSrv - ok

16:47:37.0589 1640  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

16:47:37.0682 1640  TBS - ok

16:47:37.0760 1640  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

16:47:37.0869 1640  Tcpip - ok

16:47:37.0932 1640  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

16:47:37.0994 1640  TCPIP6 - ok

16:47:38.0041 1640  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

16:47:38.0088 1640  tcpipreg - ok

16:47:38.0135 1640  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

16:47:38.0213 1640  TDPIPE - ok

16:47:38.0275 1640  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

16:47:38.0306 1640  TDTCP - ok

16:47:38.0322 1640  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

16:47:38.0384 1640  tdx - ok

16:47:38.0415 1640  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

16:47:38.0447 1640  TermDD - ok

16:47:38.0493 1640  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

16:47:38.0587 1640  TermService - ok

16:47:38.0603 1640  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

16:47:38.0665 1640  Themes - ok

16:47:38.0681 1640  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

16:47:38.0759 1640  THREADORDER - ok

16:47:38.0805 1640  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

16:47:38.0883 1640  TrkWks - ok

16:47:38.0946 1640  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:47:39.0024 1640  TrustedInstaller - ok

16:47:39.0071 1640  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

16:47:39.0149 1640  tssecsrv - ok

16:47:39.0164 1640  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

16:47:39.0258 1640  TsUsbFlt - ok

16:47:39.0305 1640  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys

16:47:39.0351 1640  TsUsbGD - ok

16:47:39.0383 1640  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

16:47:39.0461 1640  tunnel - ok

16:47:39.0492 1640  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys

16:47:39.0526 1640  uagp35 - ok

16:47:39.0558 1640  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

16:47:39.0643 1640  udfs - ok

16:47:39.0721 1640  [ 8191E7E62F1A593CB0EAA483824AE389 ] UDM Service     C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe

16:47:39.0763 1640  UDM Service - ok

16:47:39.0816 1640  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

16:47:39.0868 1640  UI0Detect - ok

16:47:39.0903 1640  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

16:47:39.0936 1640  uliagpkx - ok

16:47:39.0961 1640  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

16:47:40.0013 1640  umbus - ok

16:47:40.0046 1640  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys

16:47:40.0091 1640  UmPass - ok

16:47:40.0141 1640  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

16:47:40.0236 1640  upnphost - ok

16:47:40.0291 1640  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

16:47:40.0366 1640  usbccgp - ok

16:47:40.0386 1640  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

16:47:40.0426 1640  usbcir - ok

16:47:40.0463 1640  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys

16:47:40.0508 1640  usbehci - ok

16:47:40.0538 1640  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

16:47:40.0578 1640  usbhub - ok

16:47:40.0618 1640  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

16:47:40.0661 1640  usbohci - ok

16:47:40.0693 1640  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys

16:47:40.0743 1640  usbprint - ok

16:47:40.0776 1640  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:47:40.0875 1640  USBSTOR - ok

16:47:40.0916 1640  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

16:47:40.0966 1640  usbuhci - ok

16:47:41.0682 1640  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

16:47:41.0793 1640  usbvideo - ok

16:47:41.0824 1640  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

16:47:41.0910 1640  UxSms - ok

16:47:41.0933 1640  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

16:47:41.0965 1640  VaultSvc - ok

16:47:42.0001 1640  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

16:47:42.0032 1640  vdrvroot - ok

16:47:42.0069 1640  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

16:47:42.0159 1640  vds - ok

16:47:42.0188 1640  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

16:47:42.0237 1640  vga - ok

16:47:42.0259 1640  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

16:47:42.0328 1640  VgaSave - ok

16:47:42.0358 1640  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

16:47:42.0395 1640  vhdmp - ok

16:47:42.0435 1640  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

16:47:42.0466 1640  viaagp - ok

16:47:42.0489 1640  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys

16:47:42.0542 1640  ViaC7 - ok

16:47:42.0565 1640  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

16:47:42.0596 1640  viaide - ok

16:47:42.0626 1640  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

16:47:42.0659 1640  volmgr - ok

16:47:42.0686 1640  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

16:47:42.0728 1640  volmgrx - ok

16:47:42.0759 1640  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

16:47:42.0790 1640  volsnap - ok

16:47:42.0837 1640  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

16:47:42.0868 1640  vsmraid - ok

16:47:42.0930 1640  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

16:47:43.0086 1640  VSS - ok

16:47:43.0102 1640  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

16:47:43.0149 1640  vwifibus - ok

16:47:43.0196 1640  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

16:47:43.0242 1640  vwififlt - ok

16:47:43.0258 1640  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

16:47:43.0305 1640  vwifimp - ok

16:47:43.0367 1640  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

16:47:43.0445 1640  W32Time - ok

16:47:43.0476 1640  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

16:47:43.0523 1640  WacomPen - ok

16:47:43.0554 1640  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

16:47:43.0617 1640  WANARP - ok

16:47:43.0632 1640  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

16:47:43.0695 1640  Wanarpv6 - ok

16:47:43.0757 1640  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

16:47:43.0955 1640  wbengine - ok

16:47:43.0987 1640  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

16:47:44.0049 1640  WbioSrvc - ok

16:47:44.0087 1640  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

16:47:44.0140 1640  wcncsvc - ok

16:47:44.0159 1640  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:47:44.0262 1640  WcsPlugInService - ok

16:47:44.0294 1640  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys

16:47:44.0324 1640  Wd - ok

16:47:44.0384 1640  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

16:47:44.0438 1640  Wdf01000 - ok

16:47:44.0474 1640  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

16:47:44.0572 1640  WdiServiceHost - ok

16:47:44.0582 1640  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

16:47:44.0625 1640  WdiSystemHost - ok

16:47:44.0650 1640  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

16:47:44.0714 1640  WebClient - ok

16:47:44.0743 1640  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

16:47:44.0820 1640  Wecsvc - ok

16:47:44.0838 1640  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

16:47:44.0910 1640  wercplsupport - ok

16:47:44.0935 1640  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

16:47:45.0028 1640  WerSvc - ok

16:47:45.0067 1640  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

16:47:45.0135 1640  WfpLwf - ok

16:47:45.0162 1640  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

16:47:45.0193 1640  WIMMount - ok

16:47:45.0207 1640  WinHttpAutoProxySvc - ok

16:47:45.0284 1640  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

16:47:45.0363 1640  Winmgmt - ok

16:47:45.0424 1640  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

16:47:45.0574 1640  WinRM - ok

16:47:45.0647 1640  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

16:47:45.0738 1640  Wlansvc - ok

16:47:45.0808 1640  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:47:45.0824 1640  wlcrasvc - ok

16:47:45.0902 1640  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:47:46.0011 1640  wlidsvc - ok

16:47:46.0042 1640  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

16:47:46.0089 1640  WmiAcpi - ok

16:47:46.0136 1640  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

16:47:46.0183 1640  wmiApSrv - ok

16:47:46.0261 1640  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

16:47:46.0386 1640  WMPNetworkSvc - ok

16:47:46.0417 1640  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

16:47:46.0510 1640  WPCSvc - ok

16:47:46.0526 1640  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

16:47:46.0588 1640  WPDBusEnum - ok

16:47:46.0635 1640  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

16:47:46.0713 1640  ws2ifsl - ok

16:47:46.0744 1640  WSearch - ok

16:47:46.0807 1640  [ 2BAB01260CAA5CA6639B8C9B0F3888B1 ] WtSmpAdap       C:\Windows\system32\DRIVERS\wtsmpadap.sys

16:47:46.0822 1640  WtSmpAdap - ok

16:47:46.0854 1640  [ 1224AA52EABBAC58CFCF962B35551971 ] WtSmpFlt        C:\Windows\system32\DRIVERS\wtsmpflt.sys

16:47:46.0885 1640  WtSmpFlt - ok

16:47:46.0978 1640  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

16:47:47.0166 1640  wuauserv - ok

16:47:47.0212 1640  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

16:47:47.0264 1640  WudfPf - ok

16:47:47.0292 1640  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

16:47:47.0347 1640  WUDFRd - ok

16:47:47.0375 1640  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

16:47:47.0425 1640  wudfsvc - ok

16:47:47.0466 1640  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

16:47:47.0525 1640  WwanSvc - ok

16:47:47.0660 1640  ================ Scan global ===============================

16:47:47.0729 1640  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

16:47:47.0767 1640  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll

16:47:47.0786 1640  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll

16:47:47.0826 1640  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

16:47:47.0855 1640  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

16:47:47.0866 1640  [Global] - ok

16:47:47.0867 1640  ================ Scan MBR ==================================

16:47:47.0882 1640  [ 33EDF9D6A274CE67E7777CBFD375EC9E ] \Device\Harddisk0\DR0

16:47:57.0061 1640  \Device\Harddisk0\DR0 - ok

16:47:57.0075 1640  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1

16:48:00.0921 1640  \Device\Harddisk1\DR1 - ok

16:48:00.0921 1640  ================ Scan VBR ==================================

16:48:00.0921 1640  [ 67CD13D40239BC84C0CEA6A41F3D1EF4 ] \Device\Harddisk0\DR0\Partition1

16:48:00.0936 1640  \Device\Harddisk0\DR0\Partition1 - ok

16:48:00.0999 1640  [ 8EEE87F9DAD3775E811CA6090BA2A32E ] \Device\Harddisk0\DR0\Partition2

16:48:01.0014 1640  \Device\Harddisk0\DR0\Partition2 - ok

16:48:01.0061 1640  [ 2EDAB29950BD29DB5B669667D14E8165 ] \Device\Harddisk0\DR0\Partition3

16:48:01.0061 1640  \Device\Harddisk0\DR0\Partition3 - ok

16:48:01.0077 1640  [ 684B9C7967B92439692BDC824252BC9E ] \Device\Harddisk1\DR1\Partition1

16:48:01.0077 1640  \Device\Harddisk1\DR1\Partition1 - ok

16:48:01.0077 1640  ============================================================

16:48:01.0077 1640  Scan finished

16:48:01.0077 1640  ============================================================

16:48:01.0108 5196  Detected object count: 1

16:48:01.0108 5196  Actual detected object count: 1

16:52:25.0453 5196  SesamService ( UnsignedFile.Multi.Generic ) - skipped by user

16:52:25.0453 5196  SesamService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier ist das Ergebnis:

Code:

ComboFix 13-01-22.01 - Otello 23.01.2013   1:17.1.4 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.42 [GMT 1:00]

ausgeführt von:: c:\users\Otello\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\$recycle.bin\S-1-5-18\$5d6ca331fff6e63b7098caba1410851a\@

c:\$recycle.bin\S-1-5-18\$5d6ca331fff6e63b7098caba1410851a\n

c:\$recycle.bin\S-1-5-21-3781519261-38176514-1814062476-1000\$5d6ca331fff6e63b7098caba1410851a\n

c:\program files\Pegatron\Hotkey\FastUserSwitching.exe

c:\programdata\Local

c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\10.bb

c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\8.bb

c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\9.bb

c:\programdata\Roaming

c:\users\Otello\004.jpg

c:\users\Otello\AppData\Roaming\skype.ini

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ACPIService

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-12-23 bis 2013-01-23  ))))))))))))))))))))))))))))))

.

.

2013-01-23 00:37 . 2013-01-23 00:37        --------        d-----w-        c:\programdata\Local

2013-01-23 00:34 . 2013-01-23 00:38        --------        d-----w-        c:\users\Otello\AppData\Local\temp

2013-01-23 00:34 . 2013-01-23 00:34        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-01-22 19:32 . 2013-01-22 19:32        --------        d-----w-        C:\_OTL

2013-01-22 16:44 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\system32\atmfd.dll

2013-01-22 16:44 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\system32\atmlib.dll

2013-01-22 16:33 . 2013-01-22 16:33        --------        d-----w-        C:\virus

2013-01-22 14:16 . 2013-01-22 14:16        --------        d-----w-        c:\users\Otello\AppData\Local\VS Revo Group

2013-01-21 18:15 . 2013-01-21 18:15        0        ----a-w-        c:\windows\system32\shoB193.tmp

2013-01-21 08:57 . 2013-01-21 08:57        --------        d-----w-        C:\478c85c5afddc849ceea772842c63319

2013-01-11 15:37 . 2012-11-22 04:45        626688        ----a-w-        c:\windows\system32\usp10.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-21 09:35 . 2012-04-13 18:56        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2013-01-21 09:35 . 2011-07-13 06:44        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-22 02:56 . 2012-12-16 15:25        2345984        ----a-w-        c:\windows\system32\win32k.sys

2012-11-14 02:09 . 2012-12-20 21:08        1800704        ----a-w-        c:\windows\system32\jscript9.dll

2012-11-14 01:58 . 2012-12-20 21:08        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-11-14 01:57 . 2012-12-20 21:08        1129472        ----a-w-        c:\windows\system32\wininet.dll

2012-11-14 01:49 . 2012-12-20 21:09        142848        ----a-w-        c:\windows\system32\ieUnatt.exe

2012-11-14 01:48 . 2012-12-20 21:09        420864        ----a-w-        c:\windows\system32\vbscript.dll

2012-11-14 01:44 . 2012-12-20 21:09        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-11-09 04:42 . 2012-12-16 15:23        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-11-02 05:11 . 2012-12-16 15:23        376832        ----a-w-        c:\windows\system32\dpnet.dll

2011-09-16 07:37 . 2011-07-05 18:22        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-05 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-01 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-01 150552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-19 9755240]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-24 36864]

"fspuip"="c:\program files\FSP\fspuip.exe" [2010-09-09 3704320]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2011-02-11 9894160]

"HostManager"="c:\program files\Common Files\AOL\1309972422\ee\AOLSoftware.exe" [2006-04-27 50760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"UDM"="c:\program files\Swisscom\Unlimited Data Manager\LscaGui.exe" [2011-05-20 2426736]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

.

c:\users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Versandhelfer.lnk - c:\program files\Versandhelfer\Versandhelfer.exe [2011-7-5 142336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 WtSmpFlt;Sesam LightWeight Filter;c:\windows\system32\DRIVERS\wtsmpflt.sys [x]

S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [x]

S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]

S2 SesamService;Sesam Control Service;c:\program files\Swisscom\Sesam\BIN\SecMIPService.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [x]

S2 UDM Service;UDM Service;c:\program files\Swisscom\Unlimited Data Manager\DashBoardS.exe [x]

S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [x]

S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 WtSmpAdap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 09:35]

.

2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 15:37]

.

2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 15:37]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.startfenster.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4

TCP: Interfaces\{4014011F-239C-46A8-9CF9-7C2DE7B69FFE}: NameServer = 193.189.244.206 193.189.244.225

TCP: Interfaces\{6EEF9E2D-4B3B-4D44-8FD6-36B66190A6E0}: NameServer = 193.189.244.225 193.189.244.206

TCP: Interfaces\{F156FA64-377D-4AB1-A127-78DF9271C392}: NameServer = 193.189.244.225 193.189.244.206

FF - ProfilePath - c:\users\Otello\AppData\Roaming\Mozilla\Firefox\Profiles\f6680zuo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-busoo.exe - c:\users\Otello\AppData\Roaming\Yhorow\busoo.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\UI0Detect.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\System32\rundll32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\Intel\Bluetooth\BTPlayerCtrl.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\prevhost.exe

c:\windows\System32\WUDFHost.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-01-23  01:47:12 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-01-23 00:47

.

Vor Suchlauf: 11 Verzeichnis(se), 172.873.011.200 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 172.860.432.384 Bytes frei

.

- - End Of File - - 29AE374E2B9CE938661B8CE7621824F3

Bitte nun (neue) Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Hallo auch,

hier die Logfiles:

Code:

GMER 2.0.18444 - hxxp://www.gmer.net

Rootkit scan 2013-01-23 14:29:01

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0003SDM1 232,89GB

Running: gmer-2.0.18444.exe; Driver: C:\Users\Otello\AppData\Local\Temp\kwriapod.sys
 
 

---- Kernel code sections - GMER 2.0 ----
 

.text   ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                             82681A49 1 Byte  [06]

.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                               826BB4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 

---- User IAT/EAT - GMER 2.0 ----
 

IAT     C:\Windows\System32\rundll32.exe[3772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                [7517FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT     C:\Windows\System32\rundll32.exe[3772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                 [7517FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT     C:\Windows\System32\rundll32.exe[3772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                              [7517FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT     C:\Windows\System32\rundll32.exe[3772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                               [7517FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT     C:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe[3872] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)

IAT     C:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe[3872] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)

IAT     C:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe[3872] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)

IAT     C:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe[3872] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)

IAT     C:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe[3872] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)

IAT     C:\Program Files\Common Files\AOL\1309972422\ee\aolsoftware.exe[3872] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
 

---- Threads - GMER 2.0 ----
 

Thread  System [4:732]                                                                                                                                       B2849F2E
 

---- Registry - GMER 2.0 ----
 

Reg     HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\dca971028ed7 (not active ControlSet)                                                      

Reg     HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\dca9710654a9 (not active ControlSet)                                                      

Reg     HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\dca9710654a9@04180f145c69                                                                 0x57 0xEF 0x3A 0x0E ...

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971028ed7                                                                          

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710654a9                                                                          

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710654a9@04180f145c69                                                             0x57 0xEF 0x3A 0x0E ...

Reg     HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\dca971028ed7 (not active ControlSet)                                                      

Reg     HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\dca9710654a9 (not active ControlSet)                                                      

Reg     HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\dca9710654a9@04180f145c69                                                                 0x57 0xEF 0x3A 0x0E ...
 

---- EOF - GMER 2.0 ----

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software

Run date: 2013-01-23 14:32:55

-----------------------------

14:32:55.539    OS Version: Windows 6.1.7601 Service Pack 1

14:32:55.539    Number of processors: 4 586 0x1C0A

14:32:55.555    ComputerName: OTELLO-PC  UserName: Otello

14:32:56.647    Initialize success

14:33:22.424    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:33:22.424    Disk 0 Vendor: ST9250315AS 0003SDM1 Size: 238475MB BusType: 3

14:33:22.502    Disk 0 MBR read successfully

14:33:22.502    Disk 0 MBR scan

14:33:22.517    Disk 0 unknown MBR code

14:33:22.533    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

14:33:22.564    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       206627 MB offset 206848

14:33:22.564    Disk 0 Partition - 00     0F Extended LBA             30714 MB offset 423378944

14:33:22.611    Disk 0 Partition 3 00     12  Compaq diag NTFS         1026 MB offset 486285312

14:33:22.658    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        28664 MB offset 423380992

14:33:22.673    Disk 0 Partition - 00     05     Extended               129 MB offset 482084864

14:33:22.705    Disk 0 Partition 5 00     27 Hidden NTFS WinRE               128 MB offset 482086912

14:33:22.720    Disk 0 Partition - 00     05     Extended               896 MB offset 541054976

14:33:22.751    Disk 0 Partition 6 00     27 Hidden NTFS WinRE               895 MB offset 482351104

14:33:22.767    Disk 0 Partition - 00     05     Extended              1024 MB offset 543154176

14:33:22.798    Disk 0 Partition 7 00     27 Hidden NTFS WinRE              1023 MB offset 484186112

14:33:22.861    Disk 0 scanning sectors +488386560

14:33:22.985    Disk 0 scanning C:\Windows\system32\drivers

14:33:36.807    Service scanning

14:33:56.947    Modules scanning

14:34:07.102    Disk 0 trace - called modules:

14:34:07.134    

14:34:07.149    Scan finished successfully

14:35:02.965    Disk 0 MBR has been saved successfully to "E:\MBR.dat"

14:35:02.996    The log file has been saved successfully to "E:\aswMBR.txt"

Mal ne Zwischenfrage:
So einfach scheint das Problem ja nicht zu sein,
kannst Du in etwa abschätzen was noch zu tun ist?

Wir sind bald durch

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hallo, hier das Logfile

Code:

# AdwCleaner v2.107 - Datei am 23/01/2013 um 19:04:57 erstellt

# Aktualisiert am 21/01/2013 von Xplode

# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)

# Benutzer : Otello - OTELLO-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Otello\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Users\Otello\Desktop\eBay.lnk

Ordner Gefunden : C:\ProgramData\Partner
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16457
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v6.0 (de)
 

Datei : C:\Users\Otello\AppData\Roaming\Mozilla\Firefox\Profiles\f6680zuo.default\prefs.js
 

[OK] Die Datei ist sauber.
 

-\\ Google Chrome v23.0.1271.97
 

Datei : C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1244 octets] - [23/01/2013 19:04:57]
 

########## EOF - C:\AdwCleaner[R1].txt - [1304 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

So da bin ich wieder :)
Hier nun die 4 Logfiles für Dich.

AdwCleaner[R2].txt

Code:

# AdwCleaner v2.107 - Datei am 23/01/2013 um 21:09:00 erstellt

# Aktualisiert am 21/01/2013 von Xplode

# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)

# Benutzer : Otello - OTELLO-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Otello\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Users\Otello\Desktop\eBay.lnk

Ordner Gefunden : C:\ProgramData\Partner
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16457
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v6.0 (de)
 

Datei : C:\Users\Otello\AppData\Roaming\Mozilla\Firefox\Profiles\f6680zuo.default\prefs.js
 

[OK] Die Datei ist sauber.
 

-\\ Google Chrome v23.0.1271.97
 

Datei : C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1373 octets] - [23/01/2013 19:04:57]

AdwCleaner[R2].txt - [1304 octets] - [23/01/2013 21:09:00]
 

########## EOF - C:\AdwCleaner[R2].txt - [1364 octets] ##########

AdwCleaner[S1].txt

Code:

# AdwCleaner v2.107 - Datei am 23/01/2013 um 21:09:50 erstellt

# Aktualisiert am 21/01/2013 von Xplode

# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)

# Benutzer : Otello - OTELLO-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Otello\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\Otello\Desktop\eBay.lnk

Ordner Gelöscht : C:\ProgramData\Partner
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16457
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v6.0 (de)
 

Datei : C:\Users\Otello\AppData\Roaming\Mozilla\Firefox\Profiles\f6680zuo.default\prefs.js
 

C:\Users\Otello\AppData\Roaming\Mozilla\Firefox\Profiles\f6680zuo.default\user.js ... Gelöscht !
 

[OK] Die Datei ist sauber.
 

-\\ Google Chrome v23.0.1271.97
 

Datei : C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1373 octets] - [23/01/2013 19:04:57]

AdwCleaner[R2].txt - [1433 octets] - [23/01/2013 21:09:00]

AdwCleaner[S1].txt - [1466 octets] - [23/01/2013 21:09:50]
 

########## EOF - C:\AdwCleaner[S1].txt - [1526 octets] ##########

OTL.Txt

Code:

OTL logfile created on: 23.01.2013 21:19:13 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Otello\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,18 Mb Total Physical Memory | 129,04 Mb Available Physical Memory | 12,72% Memory free

1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 201,78 Gb Total Space | 161,51 Gb Free Space | 80,04% Space Free | Partition Type: NTFS

Drive D: | 27,99 Gb Total Space | 16,44 Gb Free Space | 58,74% Space Free | Partition Type: NTFS

Drive E: | 15,16 Gb Total Space | 15,15 Gb Free Space | 99,91% Space Free | Partition Type: FAT32

 

Computer Name: OTELLO-PC | User Name: Otello | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Otello\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)

PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()

PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Programme\Versandhelfer\Versandhelfer.exe ()

PRC - C:\Programme\Swisscom\Unlimited Data Manager\DashBoardS.exe (Swisscom)

PRC - C:\Programme\Swisscom\Sesam\BIN\SecMIPService.exe (Swisscom)

PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()

PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)

PRC - C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

PRC - C:\Programme\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

PRC - C:\Programme\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

PRC - C:\Programme\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

PRC - C:\Programme\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)

PRC - C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Programme\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\FSP\FspUip.exe (Sentelic Corporation)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

PRC - C:\Programme\Common Files\AOL\1309972422\ee\aolsoftware.exe (America Online, Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Versandhelfer\Versandhelfer.exe ()

MOD - C:\Programme\FSP\FspLib.dll ()

MOD - C:\Programme\FSP\KbdHook.dll ()

MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)

SRV - (Mobile Partner. RunOuc) -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe ()

SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (UDM Service) -- C:\Programme\Swisscom\Unlimited Data Manager\DashBoardS.exe (Swisscom)

SRV - (SesamService) -- C:\Programme\Swisscom\Sesam\BIN\SecMIPService.exe (Swisscom)

SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()

SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV - (Bluetooth OBEX Service) -- C:\Programme\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

SRV - (Bluetooth Media Service) -- C:\Programme\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

SRV - (Bluetooth Device Monitor) -- C:\Programme\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)

SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (SwiCardDetectSvc) -- C:\Programme\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found

DRV - (catchme) -- C:\Users\Otello\AppData\Local\Temp\catchme.sys File not found

DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)

DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)

DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)

DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)

DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)

DRV - (WtSmpFlt) -- C:\Windows\System32\drivers\wtsmpflt.sys (Swisscom)

DRV - (WtSmpAdap) -- C:\Windows\System32\drivers\wtsmpadap.sys (Swisscom)

DRV - (FLxHCIc) -- C:\Windows\System32\drivers\FLxHCIc.sys (Fresco Logic)

DRV - (FLxHCIh) -- C:\Windows\System32\drivers\FLxHCIh.sys (Fresco Logic)

DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)

DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV - (btmaux) -- C:\Windows\System32\drivers\btmaux.sys (Intel Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)

DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)

DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\..\SearchScopes,DefaultScope = {55CEB74C-3169-4255-99BA-3D8E9D290F74}

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\..\SearchScopes\{55CEB74C-3169-4255-99BA-3D8E9D290F74}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_de

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2011.11.06 10:51:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.16 08:37:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.07.05 19:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otello\AppData\Roaming\mozilla\Extensions

[2011.07.06 06:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.10.30 14:07:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.10.30 14:07:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.09.16 08:37:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.startfenster.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.startfenster.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Otello\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google-Suche = C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Skype Click to Call = C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\

CHR - Extension: Google Mail = C:\Users\Otello\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2013.01.23 01:37:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)

O4 - HKLM..\Run: [fspuip] C:\Programme\FSP\FspUip.exe (Sentelic Corporation)

O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\AOL\1309972422\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [UDM] C:\Program Files\Swisscom\Unlimited Data Manager\LscaGui.exe (Swisscom)

O4 - Startup: C:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = C:\Programme\Versandhelfer\Versandhelfer.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3781519261-38176514-1814062476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4014011F-239C-46A8-9CF9-7C2DE7B69FFE}: NameServer = 193.189.244.206 193.189.244.225

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EEF9E2D-4B3B-4D44-8FD6-36B66190A6E0}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCDDF61-20B9-43BC-BF56-BFC1E84678FA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F156FA64-377D-4AB1-A127-78DF9271C392}: NameServer = 193.189.244.225 193.189.244.206

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.01.23 21:14:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Otello\Desktop\OTL.exe

[2013.01.23 01:47:16 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.01.23 01:38:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.01.23 01:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Local

[2013.01.23 01:34:26 | 000,000,000 | ---D | C] -- C:\Users\Otello\AppData\Local\temp

[2013.01.23 01:11:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.01.23 01:11:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.01.23 01:11:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.01.23 01:07:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.01.23 01:06:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.01.22 20:32:19 | 000,000,000 | ---D | C] -- C:\_OTL

[2013.01.22 17:44:55 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013.01.22 17:44:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2013.01.22 17:33:17 | 000,000,000 | ---D | C] -- C:\virus

[2013.01.22 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\Otello\AppData\Local\VS Revo Group

[2013.01.21 09:57:02 | 000,000,000 | ---D | C] -- C:\478c85c5afddc849ceea772842c63319

[2013.01.20 01:13:37 | 000,000,000 | ---D | C] -- C:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection

[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.01.23 21:24:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.01.23 21:19:29 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.01.23 21:19:29 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.01.23 21:11:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.01.23 21:11:43 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat

[2013.01.23 21:11:38 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys

[2013.01.23 21:06:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Otello\Desktop\OTL.exe

[2013.01.23 20:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.01.23 01:37:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.01.23 01:18:09 | 000,000,004 | ---- | M] () -- C:\ProgramData\RELED.INI

[2013.01.23 01:03:25 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI

[2013.01.23 01:02:48 | 000,490,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013.01.22 17:38:33 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.01.22 17:38:33 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.01.22 17:38:33 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.01.22 17:38:33 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.01.21 10:35:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.01.21 10:35:27 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013.01.20 01:13:36 | 000,002,068 | ---- | M] () -- C:\Users\Otello\Desktop\System Progressive Protection.lnk

[2013.01.14 23:09:59 | 002,200,862 | ---- | M] () -- C:\Users\Otello\Documents\Northwind.accdt

[2013.01.14 23:07:35 | 000,468,534 | ---- | M] () -- C:\Users\Otello\Documents\Tasks.accdt

[2013.01.11 16:49:34 | 001,699,644 | ---- | M] () -- C:\Users\Otello\Desktop\Urlaubsangebote.pdf

[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.01.23 01:11:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.01.23 01:11:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.01.23 01:11:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.01.23 01:11:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.01.23 01:11:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.01.20 01:13:36 | 000,002,068 | ---- | C] () -- C:\Users\Otello\Desktop\System Progressive Protection.lnk

[2013.01.14 23:09:59 | 002,200,862 | ---- | C] () -- C:\Users\Otello\Documents\Northwind.accdt

[2013.01.14 23:07:35 | 000,468,534 | ---- | C] () -- C:\Users\Otello\Documents\Tasks.accdt

[2013.01.11 16:49:31 | 001,699,644 | ---- | C] () -- C:\Users\Otello\Desktop\Urlaubsangebote.pdf

[2012.04.27 20:56:43 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011.11.01 12:36:21 | 000,006,144 | ---- | C] () -- C:\Users\Otello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.03 21:41:42 | 000,936,366 | ---- | C] () -- C:\Users\Otello\Foto0168.jpg

[2011.09.04 09:54:07 | 001,332,208 | ---- | C] () -- C:\Users\Otello\Foto0128.jpg

[2011.04.23 04:09:11 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI

[2011.04.21 10:04:23 | 000,000,004 | ---- | C] () -- C:\ProgramData\RELED.INI

[2011.04.21 08:00:39 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011.04.13 14:16:30 | 000,016,456 | ---- | C] () -- C:\Windows\System32\drivers\ATKACPI.SYS

[2011.03.24 18:36:12 | 000,012,800 | ---- | C] () -- C:\Windows\System32\Install-VR-pulse.exe

[2011.03.24 18:13:52 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Install-VR-pulse.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

Extras.Txt

Code:

OTL Extras logfile created on: 23.01.2013 21:19:13 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Otello\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,18 Mb Total Physical Memory | 129,04 Mb Available Physical Memory | 12,72% Memory free

1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 201,78 Gb Total Space | 161,51 Gb Free Space | 80,04% Space Free | Partition Type: NTFS

Drive D: | 27,99 Gb Total Space | 16,44 Gb Free Space | 58,74% Space Free | Partition Type: NTFS

Drive E: | 15,16 Gb Total Space | 15,15 Gb Free Space | 99,91% Space Free | Partition Type: FAT32

 

Computer Name: OTELLO-PC | User Name: Otello | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-3781519261-38176514-1814062476-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{13709A29-963F-4C88-866F-132B12ABA40A}" = AM Usb Card Reader Driver

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24

"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{339474F5-C557-4140-BB96-B7C49A4F5D65}" = VR-pulse Installer

"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D9326E1-E378-48A6-A82B-800147E63306}" = ArcSoft MediaImpression 2

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Hotkey

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi-Software

"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT

"{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed

"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B219E8B-B0B5-4730-9E27-BD3EC339A0CC}" = Unlimited Data Manager 10.0.0

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch

"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B9E88160-4159-4BA4-A5E3-5EA7C3BD0888}" = Fresco Logic USB3.0 Host Controller

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES

"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher

"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AmUStor" = AM Usb Card Reader Driver

"AOL Deinstallation" = AOL Deinstallation

"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander

"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer

"Digital Editions" = Adobe Digital Editions

"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer

"Google Chrome" = Google Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"IrfanView" = IrfanView (remove only)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mobile Partner" = Mobile Partner

"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)

"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010

"Picasa 3" = Picasa 3

"ProInst" = Intel PROSet Wireless

"PROPLUSR" = Microsoft Office Professional Plus 2007

"VLC media player" = VLC media player 2.0.4

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 22.01.2013 20:37:22 | Computer Name = Otello-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 22.01.2013 20:47:34 | Computer Name = Otello-PC | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 23.01.2013 09:03:38 | Computer Name = Otello-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.01.2013 09:13:46 | Computer Name = Otello-PC | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 23.01.2013 10:00:15 | Computer Name = Otello-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.01.2013 10:10:29 | Computer Name = Otello-PC | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 23.01.2013 13:40:10 | Computer Name = Otello-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.01.2013 13:50:29 | Computer Name = Otello-PC | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 23.01.2013 16:12:00 | Computer Name = Otello-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.01.2013 16:22:21 | Computer Name = Otello-PC | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

[ System Events ]

Error - 19.01.2013 19:34:46 | Computer Name = Otello-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 (KB2786081)

 

Error - 19.01.2013 20:13:41 | Computer Name = Otello-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 19.01.2013 20:18:46 | Computer Name = Otello-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?20.?01.?2013 um 01:16:37 unerwartet heruntergefahren.

 

Error - 19.01.2013 20:19:08 | Computer Name = Otello-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060

 

Error - 19.01.2013 20:19:11 | Computer Name = Otello-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 19.01.2013 20:19:12 | Computer Name = Otello-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem

 Fehler beendet:   %%-2147024891

 

Error - 19.01.2013 20:19:15 | Computer Name = Otello-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Mobile Partner. OUC erreicht.

 

Error - 19.01.2013 20:19:15 | Computer Name = Otello-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 

nicht gestartet:   %%1053

 

Error - 19.01.2013 20:19:15 | Computer Name = Otello-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:

 BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 19.01.2013 20:20:21 | Computer Name = Otello-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

 

< End of report >

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Guten Morgen,

also ich war fleißig und habe die Ergebnisse. Welche Nachricht zuerst?
Die Schlechte oder die Schlechte?

Code:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.01.23.10
 

Windows 7 Service Pack 1 x86 FAT32

Internet Explorer 9.0.8112.16421

Otello :: OTELLO-PC [Administrator]
 

Schutz: Aktiviert
 

23.01.2013 23:24:47

mbam-log-2013-01-23 (23-24-47).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 221375

Laufzeit: 10 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 1

C:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 2

C:\Users\Otello\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Otello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=39ef37a75fb79649ab2a453103d392b5

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-24 03:08:50

# local_time=2013-01-24 04:08:50 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 55622262 110628121 0 0

# scanned=132605

# found=6

# cleaned=0

# scan_time=11555

C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$5d6ca331fff6e63b7098caba1410851a\n.vir        Win32/Sirefef.EV trojan        0035514086D43D4274B383851AC78A622882A2F1        I

C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-3781519261-38176514-1814062476-1000\$5d6ca331fff6e63b7098caba1410851a\n.vir        Win32/Sirefef.EV trojan        0035514086D43D4274B383851AC78A622882A2F1        I

C:\Users\Otello\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\20ed320f-6d8e9707        a variant of Java/Exploit.CVE-2013-0422.D trojan        A2024128EECD488253C40579D4E8C7E0C8FD6DCD        I

C:\Users\Otello\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2145f685-71c3571b        a variant of Java/Exploit.CVE-2012-4681.CK trojan        C2F92DD7C3C4C9DF1E8D47455F3A1176FF331C53        I

C:\Users\Otello\Downloads\vlc-2.0.4-win32 (1).exe.rxsfs3s.partial        Win32/StartPage.OPH trojan        D73D7295D5FD9ECB1EF8FC1734EA1646C13AD117        I

C:\Users\Otello\Downloads\vlc-2.0.4-win32 (2).exe        Win32/StartPage.OPH trojan        A23519E8073FDB68C377074CFC41DEF71AD03D44        I

1.) Qoobox ist nur der Q-Ordner von CF, das ist folgerichtig dass dort Schädlinge sind, ist aber harmlos sie sind dort ja isoliert

2.) JavaCache bitte leeren zB mit TFC:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

3.) C:\Users\Otello\Downloads\vlc-2.0.4-win32 (1).exe.rxsfs3s.partial

NIEMALS den VLC-Player von Fakeseiten wie vlc.de runterladen!
Die Heimatseite vom VLC-Player ist videolan.org und nicht vlc.de!

Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony - nicht von Fakeseiten oder gar Toolbarklitschen wie zB Softonic

Hallo nochmals,

also TFC - Temp File Cleaner habe ich durch laufen lassen.
Den VLC Download habe ich gelöscht.

Sind wir nun durch?

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

SUPPI!

Vielen lieben Dank dafür!
Wie kann ich mich erkenntlich zeigen?

Gruß

Zitat:

Wie kann ich mich erkenntlich zeigen?

Deine Dankbarkeit ist schon genug Erkenntlichkeit, Spenden sind rein freiwillig!

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.