| |
| |||||||
Log-Analyse und Auswertung: Kein Zugriff auf Dateien auf externen Karten, u.a. ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.10.2011, 18:32
| #16 |
 |  Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Der PC ist beim Reboot, den das Fix gefordert hat, nicht mehr hochgekommen. Rien ne va plus. X-Mal hintereinander. Bis ich in den abgesicherten Modus gegangen bin und heute morgen er dann überhaupt nicht mehr wollte und die Starthilfe was repariert hat. Wenn er das Fix-Log nicht automatisch irgendwo abspeichert, ist es nicht mehr vorhanden. |
|
23.10.2011, 19:09
| #17 |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Wie geht es denn jetzt weiter? Ich würde unheimlich gerne noch einen Schritt heute Abend erledigt bekommen.
__________________ |
|
23.10.2011, 19:17
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:
__________________1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
23.10.2011, 19:26
| #19 |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Hab ich erledigt ... ich hoffe, ich habe es richtig gemacht ... ist jedenfalls hochgeladen ... Ich wollte nur kurz am Rande anmerken, dass ich NICHT weiß, ob das, was in dem Log steht, noch der aktuelle Stand ist, weil ich ja nicht weiß, was die Starthilfe repariert hat. Für den Fall, dass du meinem Gedankengang folgen kannst ... |
|
23.10.2011, 19:31
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56222
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56222
FF - prefs.js..network.proxy.type: 1
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\Shell - "" = AutoRun
O33 - MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\Shell - "" = AutoRun
O33 - MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\Shell - "" = AutoRun
O33 - MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\Shell - "" = AutoRun
O33 - MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
[2011.10.17 18:53:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Fest\taskmgr.exe
[2011.10.17 18:53:49 | 000,005,632 | -HS- | M] () -- C:\Users\Fest\wevtapi.dll
:Files
C:\Windows\Tasks\at*.job
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.10.2011, 19:46
| #21 |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Diesmal hat es einwandfrei geklappt ... ich wünschte nur, ich wüsste, was ich gestern falsch gemacht habe. Aber egal. Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 56222 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951ce3-86c3-11df-924f-001fc6f55680}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951ce3-86c3-11df-924f-001fc6f55680}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951ce3-86c3-11df-924f-001fc6f55680}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951cf0-86c3-11df-924f-001fc6f55680}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20951cf0-86c3-11df-924f-001fc6f55680}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20951cf0-86c3-11df-924f-001fc6f55680}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{844f82ca-8779-11df-991f-d89a0763a026}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{844f82ca-8779-11df-991f-d89a0763a026}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{844f82ca-8779-11df-991f-d89a0763a026}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b02346cc-881b-11df-98ec-001fc6f55680}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b02346cc-881b-11df-98ec-001fc6f55680}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b02346cc-881b-11df-98ec-001fc6f55680}\ not found.
File K:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\AutoRun.exe not found.
C:\Users\Fest\taskmgr.exe moved successfully.
C:\Users\Fest\wevtapi.dll moved successfully.
========== FILES ==========
C:\Windows\Tasks\At1.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 53632 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fest
->Temp folder emptied: 951589247 bytes
->Temporary Internet Files folder emptied: 5705757 bytes
->FireFox cache emptied: 1307076 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 117528519 bytes
->Flash cache emptied: 54402 bytes
User: Gast
->Temp folder emptied: 246440 bytes
->Temporary Internet Files folder emptied: 1296 bytes
->Flash cache emptied: 53632 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 878 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 678217692 bytes
Total Files Cleaned = 1.673,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 10232011_204119
Files\Folders moved on Reboot...
C:\Users\Fest\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
24.10.2011, 07:17
| #22 |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Guten Morgen Arne, nachdem wir uns heute Abend hier verpassen werden und du ja inzwischen auch weißt, was ich für eine kleine Miss Ungeduld bin, habe ich nun mal Kaspersky TDSSKiller ausgeführt - und mach dann gleich noch unhide.: Code:
ATTFilter 08:10:26.0495 4116 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
08:10:26.0623 4116 ============================================================
08:10:26.0623 4116 Current date / time: 2011/10/24 08:10:26.0623
08:10:26.0623 4116 SystemInfo:
08:10:26.0623 4116
08:10:26.0623 4116 OS Version: 6.1.7601 ServicePack: 1.0
08:10:26.0623 4116 Product type: Workstation
08:10:26.0623 4116 ComputerName: FEST-PC
08:10:26.0623 4116 UserName: Fest
08:10:26.0623 4116 Windows directory: C:\Windows
08:10:26.0623 4116 System windows directory: C:\Windows
08:10:26.0623 4116 Running under WOW64
08:10:26.0623 4116 Processor architecture: Intel x64
08:10:26.0623 4116 Number of processors: 4
08:10:26.0623 4116 Page size: 0x1000
08:10:26.0623 4116 Boot type: Normal boot
08:10:26.0623 4116 ============================================================
08:10:29.0613 4116 Initialize success
08:10:55.0213 4608 ============================================================
08:10:55.0213 4608 Scan started
08:10:55.0213 4608 Mode: Manual; SigCheck; TDLFS;
08:10:55.0213 4608 ============================================================
08:10:56.0601 4608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:10:56.0695 4608 1394ohci - ok
08:10:56.0741 4608 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:10:56.0773 4608 ACPI - ok
08:10:56.0788 4608 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:10:56.0866 4608 AcpiPmi - ok
08:10:56.0944 4608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:10:56.0975 4608 adp94xx - ok
08:10:57.0007 4608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:10:57.0022 4608 adpahci - ok
08:10:57.0038 4608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:10:57.0053 4608 adpu320 - ok
08:10:57.0116 4608 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:10:57.0209 4608 AFD - ok
08:10:57.0225 4608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:10:57.0256 4608 agp440 - ok
08:10:57.0272 4608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:10:57.0287 4608 aliide - ok
08:10:57.0334 4608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:10:57.0350 4608 amdide - ok
08:10:57.0412 4608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:10:57.0475 4608 AmdK8 - ok
08:10:57.0506 4608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:10:57.0553 4608 AmdPPM - ok
08:10:57.0599 4608 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:10:57.0615 4608 amdsata - ok
08:10:57.0631 4608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:10:57.0662 4608 amdsbs - ok
08:10:57.0662 4608 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:10:57.0677 4608 amdxata - ok
08:10:57.0771 4608 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:10:57.0911 4608 AppID - ok
08:10:57.0974 4608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:10:58.0005 4608 arc - ok
08:10:58.0021 4608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:10:58.0036 4608 arcsas - ok
08:10:58.0083 4608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:10:58.0223 4608 AsyncMac - ok
08:10:58.0239 4608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:10:58.0255 4608 atapi - ok
08:10:58.0286 4608 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
08:10:58.0301 4608 avgntflt - ok
08:10:58.0317 4608 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
08:10:58.0317 4608 avipbb - ok
08:10:58.0364 4608 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
08:10:58.0379 4608 avmeject - ok
08:10:58.0442 4608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:10:58.0520 4608 b06bdrv - ok
08:10:58.0535 4608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:10:58.0598 4608 b57nd60a - ok
08:10:58.0660 4608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:10:58.0738 4608 Beep - ok
08:10:58.0785 4608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:10:58.0816 4608 blbdrive - ok
08:10:58.0925 4608 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:10:59.0019 4608 bowser - ok
08:10:59.0035 4608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:10:59.0097 4608 BrFiltLo - ok
08:10:59.0128 4608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:10:59.0159 4608 BrFiltUp - ok
08:10:59.0191 4608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:10:59.0237 4608 Brserid - ok
08:10:59.0253 4608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:10:59.0269 4608 BrSerWdm - ok
08:10:59.0284 4608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:10:59.0315 4608 BrUsbMdm - ok
08:10:59.0331 4608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:10:59.0378 4608 BrUsbSer - ok
08:10:59.0409 4608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:10:59.0456 4608 BTHMODEM - ok
08:10:59.0503 4608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:10:59.0549 4608 cdfs - ok
08:10:59.0596 4608 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:10:59.0627 4608 cdrom - ok
08:10:59.0659 4608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:10:59.0690 4608 circlass - ok
08:10:59.0721 4608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:10:59.0752 4608 CLFS - ok
08:10:59.0815 4608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:10:59.0830 4608 CmBatt - ok
08:10:59.0877 4608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:10:59.0893 4608 cmdide - ok
08:10:59.0939 4608 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
08:10:59.0986 4608 CNG - ok
08:10:59.0986 4608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:11:00.0002 4608 Compbatt - ok
08:11:00.0017 4608 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:11:00.0064 4608 CompositeBus - ok
08:11:00.0111 4608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:11:00.0111 4608 crcdisk - ok
08:11:00.0158 4608 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:11:00.0189 4608 DfsC - ok
08:11:00.0220 4608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:11:00.0283 4608 discache - ok
08:11:00.0345 4608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:11:00.0361 4608 Disk - ok
08:11:00.0423 4608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:11:00.0454 4608 drmkaud - ok
08:11:00.0501 4608 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:11:00.0532 4608 DXGKrnl - ok
08:11:00.0626 4608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:11:00.0719 4608 ebdrv - ok
08:11:00.0766 4608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:11:00.0782 4608 elxstor - ok
08:11:00.0813 4608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:11:00.0860 4608 ErrDev - ok
08:11:00.0891 4608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:11:00.0938 4608 exfat - ok
08:11:00.0969 4608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:11:01.0063 4608 fastfat - ok
08:11:01.0078 4608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:11:01.0125 4608 fdc - ok
08:11:01.0156 4608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:11:01.0172 4608 FileInfo - ok
08:11:01.0203 4608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:11:01.0265 4608 Filetrace - ok
08:11:01.0297 4608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:11:01.0312 4608 flpydisk - ok
08:11:01.0375 4608 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:11:01.0406 4608 FltMgr - ok
08:11:01.0437 4608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:11:01.0453 4608 FsDepends - ok
08:11:01.0468 4608 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:11:01.0468 4608 Fs_Rec - ok
08:11:01.0499 4608 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:11:01.0515 4608 fvevol - ok
08:11:01.0577 4608 fwlanusbn (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
08:11:01.0624 4608 fwlanusbn - ok
08:11:01.0640 4608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:11:01.0655 4608 gagp30kx - ok
08:11:01.0874 4608 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:11:01.0889 4608 GEARAspiWDM - ok
08:11:01.0905 4608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:11:01.0967 4608 hcw85cir - ok
08:11:02.0014 4608 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:11:02.0045 4608 HDAudBus - ok
08:11:02.0077 4608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:11:02.0123 4608 HidBatt - ok
08:11:02.0155 4608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:11:02.0217 4608 HidBth - ok
08:11:02.0233 4608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:11:02.0279 4608 HidIr - ok
08:11:02.0311 4608 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:11:02.0342 4608 HidUsb - ok
08:11:02.0404 4608 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:11:02.0420 4608 HpSAMD - ok
08:11:02.0482 4608 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:11:02.0560 4608 HTTP - ok
08:11:02.0607 4608 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:11:02.0669 4608 hwdatacard - ok
08:11:02.0716 4608 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:11:02.0732 4608 hwpolicy - ok
08:11:02.0794 4608 hwusbdev (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbdev.sys
08:11:02.0825 4608 hwusbdev - ok
08:11:02.0888 4608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:11:02.0903 4608 i8042prt - ok
08:11:02.0935 4608 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:11:02.0966 4608 iaStorV - ok
08:11:02.0981 4608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:11:02.0997 4608 iirsp - ok
08:11:03.0091 4608 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
08:11:03.0137 4608 IntcAzAudAddService - ok
08:11:03.0169 4608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:11:03.0184 4608 intelide - ok
08:11:03.0215 4608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:11:03.0262 4608 intelppm - ok
08:11:03.0293 4608 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:11:03.0340 4608 IpFilterDriver - ok
08:11:03.0371 4608 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:11:03.0403 4608 IPMIDRV - ok
08:11:03.0449 4608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:11:03.0512 4608 IPNAT - ok
08:11:03.0543 4608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:11:03.0637 4608 IRENUM - ok
08:11:03.0652 4608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:11:03.0652 4608 isapnp - ok
08:11:03.0683 4608 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:11:03.0699 4608 iScsiPrt - ok
08:11:03.0730 4608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:11:03.0746 4608 kbdclass - ok
08:11:03.0793 4608 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:11:03.0824 4608 kbdhid - ok
08:11:03.0871 4608 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
08:11:03.0886 4608 KSecDD - ok
08:11:03.0902 4608 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
08:11:03.0917 4608 KSecPkg - ok
08:11:03.0933 4608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:11:04.0011 4608 ksthunk - ok
08:11:04.0105 4608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:11:04.0198 4608 lltdio - ok
08:11:04.0229 4608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:11:04.0245 4608 LSI_FC - ok
08:11:04.0261 4608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:11:04.0276 4608 LSI_SAS - ok
08:11:04.0307 4608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:11:04.0307 4608 LSI_SAS2 - ok
08:11:04.0339 4608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:11:04.0370 4608 LSI_SCSI - ok
08:11:04.0417 4608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:11:04.0479 4608 luafv - ok
08:11:04.0495 4608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:11:04.0510 4608 megasas - ok
08:11:04.0526 4608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:11:04.0541 4608 MegaSR - ok
08:11:04.0588 4608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:11:04.0635 4608 Modem - ok
08:11:04.0666 4608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:11:04.0713 4608 monitor - ok
08:11:04.0760 4608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:11:04.0775 4608 mouclass - ok
08:11:04.0807 4608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:11:04.0822 4608 mouhid - ok
08:11:04.0869 4608 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:11:04.0885 4608 mountmgr - ok
08:11:04.0916 4608 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:11:04.0931 4608 mpio - ok
08:11:04.0947 4608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:11:05.0025 4608 mpsdrv - ok
08:11:05.0072 4608 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:11:05.0150 4608 MRxDAV - ok
08:11:05.0181 4608 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:11:05.0243 4608 mrxsmb - ok
08:11:05.0290 4608 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:11:05.0353 4608 mrxsmb10 - ok
08:11:05.0368 4608 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:11:05.0384 4608 mrxsmb20 - ok
08:11:05.0415 4608 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:11:05.0415 4608 msahci - ok
08:11:05.0446 4608 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:11:05.0462 4608 msdsm - ok
08:11:05.0477 4608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:11:05.0524 4608 Msfs - ok
08:11:05.0524 4608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:11:05.0587 4608 mshidkmdf - ok
08:11:05.0602 4608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:11:05.0618 4608 msisadrv - ok
08:11:05.0680 4608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:11:05.0743 4608 MSKSSRV - ok
08:11:05.0774 4608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:11:05.0821 4608 MSPCLOCK - ok
08:11:05.0821 4608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:11:05.0852 4608 MSPQM - ok
08:11:05.0914 4608 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:11:05.0945 4608 MsRPC - ok
08:11:05.0961 4608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:11:05.0977 4608 mssmbios - ok
08:11:05.0992 4608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:11:06.0023 4608 MSTEE - ok
08:11:06.0039 4608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:11:06.0086 4608 MTConfig - ok
08:11:06.0117 4608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:11:06.0148 4608 Mup - ok
08:11:06.0195 4608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:11:06.0257 4608 NativeWifiP - ok
08:11:06.0351 4608 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:11:06.0398 4608 NDIS - ok
08:11:06.0413 4608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:11:06.0429 4608 NdisCap - ok
08:11:06.0476 4608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:11:06.0538 4608 NdisTapi - ok
08:11:06.0569 4608 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:11:06.0616 4608 Ndisuio - ok
08:11:06.0647 4608 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:11:06.0710 4608 NdisWan - ok
08:11:06.0757 4608 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:11:06.0835 4608 NDProxy - ok
08:11:06.0866 4608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:11:06.0913 4608 NetBIOS - ok
08:11:06.0944 4608 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:11:07.0022 4608 NetBT - ok
08:11:07.0084 4608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:11:07.0100 4608 nfrd960 - ok
08:11:07.0131 4608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:11:07.0162 4608 Npfs - ok
08:11:07.0178 4608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:11:07.0225 4608 nsiproxy - ok
08:11:07.0271 4608 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:11:07.0318 4608 Ntfs - ok
08:11:07.0334 4608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:11:07.0381 4608 Null - ok
08:11:07.0427 4608 NVHDA (17a7e888e330c7dfe59c97be44ddcf16) C:\Windows\system32\drivers\nvhda64v.sys
08:11:07.0427 4608 NVHDA - ok
08:11:07.0693 4608 nvlddmkm (f0fbfe1e29ff233b0e000054c1fb968a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:11:07.0849 4608 nvlddmkm - ok
08:11:07.0864 4608 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
08:11:07.0880 4608 NVNET - ok
08:11:07.0911 4608 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:11:07.0927 4608 nvraid - ok
08:11:07.0958 4608 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
08:11:07.0958 4608 nvsmu - ok
08:11:08.0005 4608 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:11:08.0036 4608 nvstor - ok
08:11:08.0051 4608 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
08:11:08.0067 4608 nvstor64 - ok
08:11:08.0083 4608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:11:08.0098 4608 nv_agp - ok
08:11:08.0161 4608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:11:08.0192 4608 ohci1394 - ok
08:11:08.0239 4608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:11:08.0270 4608 Parport - ok
08:11:08.0317 4608 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:11:08.0332 4608 partmgr - ok
08:11:08.0348 4608 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:11:08.0363 4608 pci - ok
08:11:08.0379 4608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:11:08.0395 4608 pciide - ok
08:11:08.0426 4608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:11:08.0441 4608 pcmcia - ok
08:11:08.0457 4608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:11:08.0473 4608 pcw - ok
08:11:08.0488 4608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:11:08.0535 4608 PEAUTH - ok
08:11:08.0613 4608 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:11:08.0691 4608 PptpMiniport - ok
08:11:08.0707 4608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:11:08.0738 4608 Processor - ok
08:11:08.0785 4608 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:11:08.0831 4608 Psched - ok
08:11:08.0909 4608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:11:08.0987 4608 ql2300 - ok
08:11:09.0003 4608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:11:09.0019 4608 ql40xx - ok
08:11:09.0034 4608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:11:09.0050 4608 QWAVEdrv - ok
08:11:09.0081 4608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:11:09.0159 4608 RasAcd - ok
08:11:09.0221 4608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:11:09.0284 4608 RasAgileVpn - ok
08:11:09.0315 4608 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:11:09.0393 4608 Rasl2tp - ok
08:11:09.0424 4608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:11:09.0471 4608 RasPppoe - ok
08:11:09.0487 4608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:11:09.0502 4608 RasSstp - ok
08:11:09.0549 4608 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:11:09.0596 4608 rdbss - ok
08:11:09.0611 4608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:11:09.0627 4608 rdpbus - ok
08:11:09.0658 4608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:11:09.0689 4608 RDPCDD - ok
08:11:09.0736 4608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:11:09.0814 4608 RDPENCDD - ok
08:11:09.0830 4608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:11:09.0861 4608 RDPREFMP - ok
08:11:09.0923 4608 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:11:10.0001 4608 RDPWD - ok
08:11:10.0033 4608 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:11:10.0048 4608 rdyboost - ok
08:11:10.0095 4608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:11:10.0126 4608 rspndr - ok
08:11:10.0157 4608 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:11:10.0173 4608 sbp2port - ok
08:11:10.0220 4608 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:11:10.0282 4608 scfilter - ok
08:11:10.0298 4608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:11:10.0345 4608 secdrv - ok
08:11:10.0376 4608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:11:10.0391 4608 Serenum - ok
08:11:10.0407 4608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:11:10.0454 4608 Serial - ok
08:11:10.0485 4608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:11:10.0516 4608 sermouse - ok
08:11:10.0563 4608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:11:10.0625 4608 sffdisk - ok
08:11:10.0672 4608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:11:10.0703 4608 sffp_mmc - ok
08:11:10.0719 4608 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:11:10.0735 4608 sffp_sd - ok
08:11:10.0781 4608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:11:10.0813 4608 sfloppy - ok
08:11:10.0891 4608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:11:10.0906 4608 SiSRaid2 - ok
08:11:10.0922 4608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:11:10.0937 4608 SiSRaid4 - ok
08:11:10.0969 4608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:11:11.0062 4608 Smb - ok
08:11:11.0093 4608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:11:11.0093 4608 spldr - ok
08:11:11.0125 4608 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:11:11.0140 4608 srv - ok
08:11:11.0203 4608 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:11:11.0249 4608 srv2 - ok
08:11:11.0296 4608 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:11:11.0343 4608 srvnet - ok
08:11:11.0374 4608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:11:11.0405 4608 stexstor - ok
08:11:11.0452 4608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:11:11.0468 4608 swenum - ok
08:11:11.0608 4608 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
08:11:11.0702 4608 Tcpip - ok
08:11:11.0749 4608 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
08:11:11.0780 4608 TCPIP6 - ok
08:11:11.0827 4608 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:11:11.0905 4608 tcpipreg - ok
08:11:11.0967 4608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:11:12.0014 4608 TDPIPE - ok
08:11:12.0014 4608 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:11:12.0061 4608 TDTCP - ok
08:11:12.0092 4608 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:11:12.0154 4608 tdx - ok
08:11:12.0185 4608 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:11:12.0185 4608 TermDD - ok
08:11:12.0248 4608 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:11:12.0326 4608 tssecsrv - ok
08:11:12.0404 4608 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:11:12.0435 4608 TsUsbFlt - ok
08:11:12.0482 4608 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:11:12.0544 4608 tunnel - ok
08:11:12.0575 4608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:11:12.0575 4608 uagp35 - ok
08:11:12.0622 4608 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:11:12.0669 4608 udfs - ok
08:11:12.0700 4608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:11:12.0716 4608 uliagpkx - ok
08:11:12.0747 4608 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:11:12.0794 4608 umbus - ok
08:11:12.0825 4608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:11:12.0872 4608 UmPass - ok
08:11:12.0919 4608 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:11:12.0965 4608 usbccgp - ok
08:11:13.0028 4608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:11:13.0059 4608 usbcir - ok
08:11:13.0075 4608 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:11:13.0106 4608 usbehci - ok
08:11:13.0137 4608 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:11:13.0153 4608 usbhub - ok
08:11:13.0168 4608 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:11:13.0199 4608 usbohci - ok
08:11:13.0231 4608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:11:13.0262 4608 usbprint - ok
08:11:13.0277 4608 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:11:13.0309 4608 USBSTOR - ok
08:11:13.0324 4608 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:11:13.0355 4608 usbuhci - ok
08:11:13.0387 4608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:11:13.0402 4608 vdrvroot - ok
08:11:13.0449 4608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:11:13.0465 4608 vga - ok
08:11:13.0480 4608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:11:13.0511 4608 VgaSave - ok
08:11:13.0558 4608 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:11:13.0589 4608 vhdmp - ok
08:11:13.0636 4608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:11:13.0652 4608 viaide - ok
08:11:13.0699 4608 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:11:13.0730 4608 volmgr - ok
08:11:13.0777 4608 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:11:13.0792 4608 volmgrx - ok
08:11:13.0808 4608 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:11:13.0808 4608 volsnap - ok
08:11:13.0855 4608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:11:13.0886 4608 vsmraid - ok
08:11:13.0901 4608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:11:13.0917 4608 vwifibus - ok
08:11:13.0948 4608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:11:13.0995 4608 WacomPen - ok
08:11:14.0026 4608 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:11:14.0073 4608 WANARP - ok
08:11:14.0073 4608 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:11:14.0104 4608 Wanarpv6 - ok
08:11:14.0135 4608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:11:14.0151 4608 Wd - ok
08:11:14.0167 4608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:11:14.0182 4608 Wdf01000 - ok
08:11:14.0245 4608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:11:14.0307 4608 WfpLwf - ok
08:11:14.0323 4608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:11:14.0323 4608 WIMMount - ok
08:11:14.0385 4608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:11:14.0416 4608 WmiAcpi - ok
08:11:14.0463 4608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:11:14.0494 4608 ws2ifsl - ok
08:11:14.0541 4608 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:11:14.0603 4608 WudfPf - ok
08:11:14.0635 4608 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:11:14.0681 4608 WUDFRd - ok
08:11:14.0713 4608 MBR (0x1B8) (9584e87b637328298df815aa49d3cfa0) \Device\Harddisk0\DR0
08:11:14.0869 4608 \Device\Harddisk0\DR0 - ok
08:11:14.0884 4608 Boot (0x1200) (32eebb431ad9553a559b951e10e50078) \Device\Harddisk0\DR0\Partition0
08:11:14.0884 4608 \Device\Harddisk0\DR0\Partition0 - ok
08:11:14.0931 4608 Boot (0x1200) (c7109835f91040e26ae302c6167b165a) \Device\Harddisk0\DR0\Partition1
08:11:14.0931 4608 \Device\Harddisk0\DR0\Partition1 - ok
08:11:14.0947 4608 Boot (0x1200) (e029946fa7b5ca4111d1df1cf3895cb7) \Device\Harddisk0\DR0\Partition2
08:11:14.0947 4608 \Device\Harddisk0\DR0\Partition2 - ok
08:11:14.0962 4608 ============================================================
08:11:14.0962 4608 Scan finished
08:11:14.0962 4608 ============================================================
08:11:14.0978 3164 Detected object count: 0
08:11:14.0978 3164 Actual detected object count: 0
|
|
24.10.2011, 10:21
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2011, 11:16
| #24 |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Erledigt :-) Code:
ATTFilter ComboFix 11-10-24.01 - Fest 24.10.2011 11:43:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6143.4853 [GMT 2:00]
ausgeführt von:: c:\users\Fest\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-24 bis 2011-10-24 ))))))))))))))))))))))))))))))
.
.
2011-10-24 09:47 . 2011-10-24 09:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-22 16:59 . 2011-10-23 18:21 -------- d-----w- C:\_OTL
2011-10-21 10:23 . 2011-10-21 10:23 -------- d-----w- c:\program files (x86)\ESET
2011-10-19 07:10 . 2011-10-23 17:18 -------- d-----w- c:\users\Gast
2011-10-17 20:13 . 2011-10-17 20:13 -------- d-----w- c:\users\Fest\AppData\Roaming\Malwarebytes
2011-10-17 20:13 . 2011-10-17 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-10-17 20:13 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 20:13 . 2011-10-17 21:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-14 17:04 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45790A69-C00E-4EE3-9BEA-A1C6CC3C6ABE}\mpengine.dll
2011-10-13 14:13 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 14:13 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 14:13 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 14:13 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 14:12 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 14:12 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 14:12 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 14:12 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 15:31 . 2011-05-17 21:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 12:38 . 2011-01-11 11:40 640 ----a-w- c:\windows\uninstallstickies.bat
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Fest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-1-11 1122304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe [2011-9-1 1302640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-21 c:\windows\Tasks\HPCeeScheduleForFest.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fest\AppData\Roaming\Mozilla\Firefox\Profiles\xo9lld2z.default\
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-24 11:53:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-24 09:53
.
Vor Suchlauf: 10 Verzeichnis(se), 344.160.215.040 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 343.787.114.496 Bytes frei
.
- - End Of File - - C07A499E1F6141DCB92C06C9735B9EC6
|
|
24.10.2011, 11:25
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2011, 12:35
| #26 |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Et voilà: Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-24 13:02:51
-----------------------------
13:02:51.562 OS Version: Windows x64 6.1.7601 Service Pack 1
13:02:51.562 Number of processors: 4 586 0x502
13:02:51.562 ComputerName: FEST-PC UserName: Fest
13:02:52.608 Initialize success
13:02:56.476 AVAST engine defs: 11102401
13:02:59.238 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
13:02:59.238 Disk 0 Vendor: ST375052 HP34 Size: 715404MB BusType: 3
13:03:01.281 Disk 0 MBR read successfully
13:03:01.281 Disk 0 MBR scan
13:03:01.297 Disk 0 unknown MBR code
13:03:01.312 Service scanning
13:03:02.389 Modules scanning
13:03:02.389 Disk 0 trace - called modules:
13:03:02.404 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
13:03:02.420 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e14060]
13:03:02.420 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80051aac20]
13:03:02.436 5 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8005bdc5f0]
13:03:18.270 AVAST engine scan C:\Windows
13:03:52.605 AVAST engine scan C:\Windows\system32
13:06:08.044 AVAST engine scan C:\Windows\system32\drivers
13:06:32.084 AVAST engine scan C:\Users\Fest
13:27:19.117 AVAST engine scan C:\ProgramData
13:29:40.468 Scan finished successfully
13:30:05.756 Disk 0 MBR has been saved successfully to "C:\Users\Fest\Desktop\MBR.dat"
13:30:05.756 The log file has been saved successfully to "C:\Users\Fest\Desktop\aswMBR.txt"
|
|
24.10.2011, 13:20
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2011, 14:24
| #28 | |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Okay, derzeit scheinen nicht mein Tage zu sein ... Habe ich schon wieder etwas falsch gemacht? Wie lange dauert denn bitte der MBR-Fix? Sekundenbruchteile? Woran sehe ich, dass er fertig ist? Hätte da was stehen sollen? Mien Log nach dem Fix schaut in meinen Augen jedenfalls genaus aus, wie vor dem Fix. Zitat:
|
|
24.10.2011, 14:57
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Vorher => 13:03:01.297 Disk 0 unknown MBR code Nachher => 14:31:01.489 Disk 0 Windows 7 default MBR code Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2011, 15:02
| #30 |
| | Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme Danke, Arne. (Jetzt habe ich den Beweis rot auf grün, dass ich auch noch blind bin. :-))) ) Scans mache ich heute Nacht/morgen Vormittag. Muss los. Bis hier her: DANKE!! S. |
|
| Themen zu Kein Zugriff auf Dateien auf externen Karten, u.a. Probleme |
| 64-bit, 7-zip, akamai, antivir, autorun, avira, backdoor.cycbot, bho, bonjour, browser, c:\windows\system32\rundll32.exe, computer, dcim.exe, defender, error, firefox, format, helper, home, install.exe, karte, logfile, lvvm.exe, microsoft office word, mozilla thunderbird, nicht gefunden, photoshop, problem, proxy-server, realtek, registry, richtlinie, rundll, sd-karten, security, senden, shortcut, software, sparbuch, version=1.0, webcheck |
Linear-Darstellung
