| |
| |||||||
Log-Analyse und Auswertung: Ordner sind nur noch VerknüpfungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.04.2012, 13:21
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Ordner sind nur noch Verknüpfungen Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.04.2012, 14:53
| #17 |
 | Ordner sind nur noch Verknüpfungen Hoffe, erfolgreich erledigt.
__________________Gruß, Susanne |
|
10.04.2012, 15:29
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ordner sind nur noch Verknüpfungen Wieso als "catchme.zip"
__________________ Ging der Ordner Qoobox nicht komplett?
__________________ |
|
10.04.2012, 15:39
| #19 |
| | Ordner sind nur noch Verknüpfungen erledigt... bin aber auch ein Dummerle  |
|
10.04.2012, 18:25
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ordner sind nur noch Verknüpfungen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Unkenntlichgemachte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de
IE - HKLM\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {47E77625-08E9-4EFF-911F-C907A0CB9D92}
IE - HKLM\..\SearchScopes\{47E77625-08E9-4EFF-911F-C907A0CB9D92}: "URL" = http://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKLM\..\SearchScopes\{A094BB5E-A51A-4618-8792-DF13770462FB}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=HP_ss&mntrId=947725b800000000000074f06d0acfa9
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110000&tt=050412_30b&babsrc=SP_ss&mntrId=947725b800000000000074f06d0acfa9
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{4E02A3BC-752D-4C27-90E2-471ED009561B}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{E066E1BA-DC47-4D2D-99F1-176DA84E52DE}: "URL" = http://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=KW_ss&mntrId=947725b800000000000074f06d0acfa9&q="
[2012/04/05 22:08:43 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/04/06 15:48:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com
[2012/04/06 16:05:46 | 000,002,270 | ---- | M] () -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\searchplugins\SearchTheWeb.xml
[2012/04/05 22:08:36 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2012/04/06 15:47:41 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/03/10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XTTBPos00 Class) - {7914D9F0-DD27-4260-9BC1-AE01834B77CA} - C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Deutsche Telekom AG)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (T-Online Toolbar 2.0) - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1333650196\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
MsConfig - StartUpFolder: C:^Users^Raphael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk - - File not found
[2012/04/08 13:06:02 | 000,000,000 | ---D | C] -- C:\7c98a69f12a8cb291aa47f6af8
[2012/04/05 22:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\IMinent Toolbar
[2012/04/05 22:04:17 | 000,825,312 | ---- | C] (Iminent) -- C:\Users\1\Desktop\IminentSetup_2-KFRPtAWP-1_.exe
[2012/04/05 20:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Babylon
[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Babylon
[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/04/05 20:03:28 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\XTTB00001
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2012, 21:01
| #21 |
| | Ordner sind nur noch Verknüpfungen Hallo, habe es so drüber laufen lassen, Computer wurde neu gestartet und es kam auch ein Fenster mit "ok". Allerdings kam dann keine Log-Datei, die ich hätte posten können. Habe ich schon wieder was falsch gemacht? Gruß Susanne |
|
11.04.2012, 12:38
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ordner sind nur noch Verknüpfungen Schau nach in den Ordner C:\_OTL
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2012, 12:45
| #23 |
| | Ordner sind nur noch Verknüpfungen Ah, danke, habs gefunden: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0e3dbc69-a682-48da-84e1-82c63a5d678e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47E77625-08E9-4EFF-911F-C907A0CB9D92}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47E77625-08E9-4EFF-911F-C907A0CB9D92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A094BB5E-A51A-4618-8792-DF13770462FB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A094BB5E-A51A-4618-8792-DF13770462FB}\ not found.
HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!
HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{4E02A3BC-752D-4C27-90E2-471ED009561B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E02A3BC-752D-4C27-90E2-471ED009561B}\ not found.
Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E066E1BA-DC47-4D2D-99F1-176DA84E52DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E066E1BA-DC47-4D2D-99F1-176DA84E52DE}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?babsrc=HP_Prot" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=KW_ss&mntrId=947725b800000000000074f06d0acfa9&q=" removed from keyword.URL
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6 folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\searchplugins\SearchTheWeb.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\components_20 folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchTheWeb.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
C:\Program Files\IMinent Toolbar\tbcore3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7914D9F0-DD27-4260-9BC1-AE01834B77CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7914D9F0-DD27-4260-9BC1-AE01834B77CA}\ deleted successfully.
C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A}\ deleted successfully.
File Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ deleted successfully.
File C:\Program Files\IMinent Toolbar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry value HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HostManager deleted successfully.
C:\Program Files\Common Files\aol\1333650196\ee\aolsoftware.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent deleted successfully.
C:\Program Files\Iminent\Iminent.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger deleted successfully.
C:\Program Files\Iminent\Iminent.Messengers.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMSAppLogo5ChannelNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Raphael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk\ deleted successfully.
C:\Windows\pss\Game Alarm.lnk.Startup moved successfully.
C:\7c98a69f12a8cb291aa47f6af8 folder moved successfully.
C:\Program Files\IMinent Toolbar folder moved successfully.
C:\Users\1\Desktop\IminentSetup_2-KFRPtAWP-1_.exe moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Users\1\AppData\Roaming\Babylon folder moved successfully.
C:\Users\1\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\1\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\1\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\1\AppData\Local\XTTB00001\Toolbar\RSSReader folder moved successfully.
C:\Users\1\AppData\Local\XTTB00001\Toolbar folder moved successfully.
C:\Users\1\AppData\Local\XTTB00001 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: 1
->Temp folder emptied: 31746 bytes
->Temporary Internet Files folder emptied: 1138533 bytes
->Java cache emptied: 192402 bytes
->FireFox cache emptied: 289301349 bytes
->Flash cache emptied: 1412 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Raphael
->Temp folder emptied: 0 bytes
User: Sanne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
User: Susanne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 86407522 bytes
->Java cache emptied: 586665 bytes
->Flash cache emptied: 12111 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 322508966 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 668.00 mb
[EMPTYFLASH]
User: 1
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Public
User: Raphael
User: Sanne
User: Susanne
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04102012_212514
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\OutofProcReport810208.txt not found!
Registry entries deleted on Reboot...
|
|
11.04.2012, 14:11
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ordner sind nur noch Verknüpfungen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2012, 14:42
| #25 |
| | Ordner sind nur noch Verknüpfungen Huhu :-) erledigt: Code:
ATTFilter 15:37:18.0430 2292 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:37:18.0659 2292 ============================================================
15:37:18.0659 2292 Current date / time: 2012/04/11 15:37:18.0659
15:37:18.0659 2292 SystemInfo:
15:37:18.0659 2292
15:37:18.0659 2292 OS Version: 6.1.7600 ServicePack: 0.0
15:37:18.0659 2292 Product type: Workstation
15:37:18.0659 2292 ComputerName: RAPHAEL-PC
15:37:18.0660 2292 UserName: 1
15:37:18.0660 2292 Windows directory: C:\Windows
15:37:18.0660 2292 System windows directory: C:\Windows
15:37:18.0660 2292 Processor architecture: Intel x86
15:37:18.0660 2292 Number of processors: 4
15:37:18.0660 2292 Page size: 0x1000
15:37:18.0660 2292 Boot type: Normal boot
15:37:18.0660 2292 ============================================================
15:37:19.0740 2292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:37:19.0743 2292 \Device\Harddisk0\DR0:
15:37:19.0744 2292 MBR used
15:37:19.0744 2292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:37:19.0744 2292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
15:37:19.0744 2292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
15:37:19.0813 2292 Initialize success
15:37:19.0813 2292 ============================================================
15:38:03.0203 3808 ============================================================
15:38:03.0203 3808 Scan started
15:38:03.0203 3808 Mode: Manual; SigCheck; TDLFS;
15:38:03.0203 3808 ============================================================
15:38:03.0546 3808 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:38:03.0671 3808 1394ohci - ok
15:38:03.0733 3808 AAV UpdateService - ok
15:38:03.0858 3808 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:38:03.0905 3808 ACPI - ok
15:38:04.0014 3808 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:38:04.0108 3808 AcpiPmi - ok
15:38:04.0248 3808 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:38:04.0326 3808 adp94xx - ok
15:38:04.0435 3808 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:38:04.0482 3808 adpahci - ok
15:38:04.0529 3808 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:38:04.0576 3808 adpu320 - ok
15:38:04.0607 3808 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:38:04.0669 3808 AeLookupSvc - ok
15:38:04.0794 3808 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
15:38:04.0981 3808 AFD - ok
15:38:05.0122 3808 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:38:05.0169 3808 agp440 - ok
15:38:05.0278 3808 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:38:05.0325 3808 aic78xx - ok
15:38:05.0387 3808 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:38:05.0496 3808 ALG - ok
15:38:05.0605 3808 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:38:05.0621 3808 aliide - ok
15:38:05.0683 3808 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:38:05.0746 3808 amdagp - ok
15:38:05.0839 3808 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:38:05.0871 3808 amdide - ok
15:38:05.0917 3808 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:38:05.0980 3808 AmdK8 - ok
15:38:06.0089 3808 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:38:06.0183 3808 AmdPPM - ok
15:38:06.0214 3808 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
15:38:06.0245 3808 amdsata - ok
15:38:06.0385 3808 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:38:06.0448 3808 amdsbs - ok
15:38:06.0463 3808 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
15:38:06.0495 3808 amdxata - ok
15:38:06.0604 3808 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:38:06.0682 3808 AntiVirSchedulerService - ok
15:38:06.0744 3808 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:38:06.0822 3808 AntiVirService - ok
15:38:06.0838 3808 AntiVirWebService (cc62fdc25725267a702f48c90c5cdf31) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:38:06.0916 3808 AntiVirWebService - ok
15:38:07.0025 3808 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
15:38:07.0087 3808 AOL ACS - ok
15:38:07.0181 3808 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:38:07.0290 3808 AppID - ok
15:38:07.0399 3808 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:38:07.0462 3808 AppIDSvc - ok
15:38:07.0493 3808 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
15:38:07.0555 3808 Appinfo - ok
15:38:07.0696 3808 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:38:07.0743 3808 arc - ok
15:38:07.0774 3808 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:38:07.0821 3808 arcsas - ok
15:38:07.0867 3808 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:38:07.0945 3808 AsyncMac - ok
15:38:08.0055 3808 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:38:08.0086 3808 atapi - ok
15:38:08.0133 3808 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
15:38:08.0257 3808 AudioEndpointBuilder - ok
15:38:08.0289 3808 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
15:38:08.0335 3808 Audiosrv - ok
15:38:08.0476 3808 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
15:38:08.0554 3808 avgntflt - ok
15:38:08.0663 3808 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
15:38:08.0710 3808 avipbb - ok
15:38:08.0725 3808 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
15:38:08.0757 3808 avkmgr - ok
15:38:08.0788 3808 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
15:38:08.0897 3808 AxInstSV - ok
15:38:09.0022 3808 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:38:09.0131 3808 b06bdrv - ok
15:38:09.0256 3808 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:38:09.0365 3808 b57nd60x - ok
15:38:09.0505 3808 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:38:09.0599 3808 BBSvc - ok
15:38:09.0708 3808 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:38:09.0833 3808 BBUpdate - ok
15:38:09.0942 3808 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:38:10.0005 3808 BDESVC - ok
15:38:10.0114 3808 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:38:10.0176 3808 Beep - ok
15:38:10.0223 3808 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
15:38:10.0332 3808 BFE - ok
15:38:10.0426 3808 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
15:38:10.0551 3808 BITS - ok
15:38:10.0597 3808 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:38:10.0660 3808 blbdrive - ok
15:38:10.0769 3808 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
15:38:10.0847 3808 bowser - ok
15:38:10.0894 3808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:38:10.0972 3808 BrFiltLo - ok
15:38:10.0987 3808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:38:11.0065 3808 BrFiltUp - ok
15:38:11.0175 3808 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:38:11.0268 3808 BridgeMP - ok
15:38:11.0362 3808 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
15:38:11.0471 3808 Browser - ok
15:38:11.0580 3808 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:38:11.0674 3808 Brserid - ok
15:38:11.0799 3808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:38:11.0861 3808 BrSerWdm - ok
15:38:11.0970 3808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:38:12.0017 3808 BrUsbMdm - ok
15:38:12.0064 3808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:38:12.0142 3808 BrUsbSer - ok
15:38:12.0173 3808 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:38:12.0235 3808 BTHMODEM - ok
15:38:12.0282 3808 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:38:12.0376 3808 bthserv - ok
15:38:12.0485 3808 catchme - ok
15:38:12.0594 3808 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:38:12.0703 3808 cdfs - ok
15:38:12.0813 3808 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:38:12.0859 3808 cdrom - ok
15:38:12.0906 3808 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
15:38:13.0000 3808 CertPropSvc - ok
15:38:13.0109 3808 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:38:13.0187 3808 circlass - ok
15:38:13.0281 3808 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:38:13.0327 3808 CLFS - ok
15:38:13.0390 3808 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:38:13.0452 3808 clr_optimization_v2.0.50727_32 - ok
15:38:13.0530 3808 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:38:13.0561 3808 clr_optimization_v4.0.30319_32 - ok
15:38:13.0639 3808 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:38:13.0686 3808 CmBatt - ok
15:38:13.0780 3808 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:38:13.0811 3808 cmdide - ok
15:38:13.0842 3808 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:38:13.0889 3808 CNG - ok
15:38:13.0920 3808 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:38:13.0967 3808 Compbatt - ok
15:38:14.0092 3808 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:38:14.0170 3808 CompositeBus - ok
15:38:14.0232 3808 COMSysApp - ok
15:38:14.0295 3808 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:38:14.0326 3808 crcdisk - ok
15:38:14.0419 3808 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
15:38:14.0529 3808 CryptSvc - ok
15:38:14.0575 3808 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
15:38:14.0653 3808 DcomLaunch - ok
15:38:14.0700 3808 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:38:14.0794 3808 defragsvc - ok
15:38:14.0856 3808 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
15:38:14.0950 3808 DfsC - ok
15:38:15.0059 3808 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
15:38:15.0137 3808 Dhcp - ok
15:38:15.0246 3808 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:38:15.0324 3808 discache - ok
15:38:15.0449 3808 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:38:15.0496 3808 Disk - ok
15:38:15.0527 3808 Dnscache (d0722e963d3c6145446874241401b209) C:\Windows\System32\dnsrslvr.dll
15:38:15.0621 3808 Dnscache - ok
15:38:15.0652 3808 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
15:38:15.0699 3808 dot3svc - ok
15:38:15.0730 3808 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
15:38:15.0777 3808 DPS - ok
15:38:15.0839 3808 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:38:15.0886 3808 drmkaud - ok
15:38:15.0933 3808 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
15:38:15.0964 3808 DXGKrnl - ok
15:38:16.0011 3808 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:38:16.0120 3808 EapHost - ok
15:38:16.0307 3808 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:38:16.0510 3808 ebdrv - ok
15:38:16.0619 3808 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
15:38:16.0666 3808 EFS - ok
15:38:16.0775 3808 ehRecvr (0f1a73c91cfa379f307f86e38c8c41ab) C:\Windows\ehome\ehRecvr.exe
15:38:16.0900 3808 ehRecvr - ok
15:38:16.0915 3808 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:38:17.0009 3808 ehSched - ok
15:38:17.0103 3808 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:38:17.0149 3808 elxstor - ok
15:38:17.0259 3808 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:38:17.0305 3808 ErrDev - ok
15:38:17.0415 3808 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:38:17.0493 3808 EventSystem - ok
15:38:17.0555 3808 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:38:17.0633 3808 exfat - ok
15:38:17.0649 3808 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:38:17.0711 3808 fastfat - ok
15:38:17.0820 3808 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
15:38:17.0961 3808 Fax - ok
15:38:18.0054 3808 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:38:18.0101 3808 fdc - ok
15:38:18.0132 3808 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:38:18.0195 3808 fdPHost - ok
15:38:18.0210 3808 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:38:18.0273 3808 FDResPub - ok
15:38:18.0304 3808 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:38:18.0366 3808 FileInfo - ok
15:38:18.0382 3808 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:38:18.0444 3808 Filetrace - ok
15:38:18.0475 3808 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:38:18.0522 3808 flpydisk - ok
15:38:18.0647 3808 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:38:18.0694 3808 FltMgr - ok
15:38:18.0725 3808 FontCache (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll
15:38:18.0819 3808 FontCache - ok
15:38:18.0897 3808 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:38:18.0943 3808 FontCache3.0.0.0 - ok
15:38:19.0021 3808 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:38:19.0068 3808 FsDepends - ok
15:38:19.0084 3808 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:38:19.0115 3808 Fs_Rec - ok
15:38:19.0162 3808 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:38:19.0209 3808 fvevol - ok
15:38:19.0318 3808 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:38:19.0380 3808 gagp30kx - ok
15:38:19.0427 3808 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
15:38:19.0505 3808 gpsvc - ok
15:38:19.0567 3808 gupdate - ok
15:38:19.0599 3808 gupdatem - ok
15:38:19.0614 3808 gusvc - ok
15:38:19.0739 3808 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:38:19.0817 3808 hcw85cir - ok
15:38:19.0942 3808 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:38:19.0989 3808 HdAudAddService - ok
15:38:20.0129 3808 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:38:20.0176 3808 HDAudBus - ok
15:38:20.0316 3808 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
15:38:20.0379 3808 HECI - ok
15:38:20.0410 3808 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:38:20.0457 3808 HidBatt - ok
15:38:20.0488 3808 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:38:20.0535 3808 HidBth - ok
15:38:20.0628 3808 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:38:20.0691 3808 HidIr - ok
15:38:20.0722 3808 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:38:20.0815 3808 hidserv - ok
15:38:20.0925 3808 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:38:20.0987 3808 HidUsb - ok
15:38:21.0018 3808 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
15:38:21.0081 3808 hkmsvc - ok
15:38:21.0096 3808 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
15:38:21.0174 3808 HomeGroupListener - ok
15:38:21.0252 3808 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
15:38:21.0315 3808 HomeGroupProvider - ok
15:38:21.0377 3808 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:38:21.0424 3808 HpSAMD - ok
15:38:21.0533 3808 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:38:21.0627 3808 HTTP - ok
15:38:21.0658 3808 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:38:21.0673 3808 hwpolicy - ok
15:38:21.0783 3808 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:38:21.0861 3808 i8042prt - ok
15:38:22.0001 3808 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
15:38:22.0063 3808 iaStor - ok
15:38:22.0079 3808 IAStorDataMgrSvc - ok
15:38:22.0188 3808 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
15:38:22.0235 3808 iaStorV - ok
15:38:22.0329 3808 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:38:22.0453 3808 idsvc - ok
15:38:22.0765 3808 igfx (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:38:23.0109 3808 igfx - ok
15:38:23.0218 3808 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:38:23.0265 3808 iirsp - ok
15:38:23.0311 3808 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
15:38:23.0389 3808 IKEEXT - ok
15:38:23.0514 3808 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
15:38:23.0592 3808 Impcd - ok
15:38:23.0733 3808 Installer Service (4aa2e012c1746d75c1217634d81f6da0) C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe
15:38:23.0889 3808 Installer Service ( UnsignedFile.Multi.Generic ) - warning
15:38:23.0889 3808 Installer Service - detected UnsignedFile.Multi.Generic (1)
15:38:24.0076 3808 IntcAzAudAddService (5f9882ba31b7755341bc7773cb1ead62) C:\Windows\system32\drivers\RTKVHDA.sys
15:38:24.0232 3808 IntcAzAudAddService - ok
15:38:24.0357 3808 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:38:24.0435 3808 IntcDAud - ok
15:38:24.0544 3808 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:38:24.0575 3808 intelide - ok
15:38:24.0684 3808 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:38:24.0762 3808 intelppm - ok
15:38:24.0793 3808 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:38:24.0856 3808 IPBusEnum - ok
15:38:24.0918 3808 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:38:24.0996 3808 IpFilterDriver - ok
15:38:25.0090 3808 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
15:38:25.0199 3808 iphlpsvc - ok
15:38:25.0246 3808 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:38:25.0324 3808 IPMIDRV - ok
15:38:25.0355 3808 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:38:25.0433 3808 IPNAT - ok
15:38:25.0527 3808 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:38:25.0589 3808 IRENUM - ok
15:38:25.0714 3808 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:38:25.0761 3808 isapnp - ok
15:38:25.0792 3808 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:38:25.0823 3808 iScsiPrt - ok
15:38:25.0870 3808 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:38:25.0917 3808 kbdclass - ok
15:38:26.0057 3808 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:38:26.0135 3808 kbdhid - ok
15:38:26.0151 3808 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:38:26.0182 3808 KeyIso - ok
15:38:26.0213 3808 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
15:38:26.0244 3808 KSecDD - ok
15:38:26.0291 3808 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
15:38:26.0353 3808 KSecPkg - ok
15:38:26.0385 3808 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:38:26.0447 3808 KtmRm - ok
15:38:26.0509 3808 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
15:38:26.0541 3808 L1C - ok
15:38:26.0587 3808 LanmanServer (bca92cb047a4326925ecef759dbaa233) C:\Windows\System32\srvsvc.dll
15:38:26.0681 3808 LanmanServer - ok
15:38:26.0775 3808 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
15:38:26.0853 3808 LanmanWorkstation - ok
15:38:26.0946 3808 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:38:27.0024 3808 lltdio - ok
15:38:27.0087 3808 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:38:27.0180 3808 lltdsvc - ok
15:38:27.0196 3808 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:38:27.0258 3808 lmhosts - ok
15:38:27.0289 3808 LMS - ok
15:38:27.0414 3808 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:38:27.0477 3808 LSI_FC - ok
15:38:27.0508 3808 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:38:27.0539 3808 LSI_SAS - ok
15:38:27.0570 3808 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:38:27.0617 3808 LSI_SAS2 - ok
15:38:27.0648 3808 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:38:27.0679 3808 LSI_SCSI - ok
15:38:27.0726 3808 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:38:27.0789 3808 luafv - ok
15:38:27.0835 3808 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
15:38:27.0913 3808 Mcx2Svc - ok
15:38:27.0976 3808 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:38:28.0007 3808 megasas - ok
15:38:28.0069 3808 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:38:28.0116 3808 MegaSR - ok
15:38:28.0147 3808 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:38:28.0210 3808 MMCSS - ok
15:38:28.0257 3808 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:38:28.0319 3808 Modem - ok
15:38:28.0428 3808 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:38:28.0506 3808 monitor - ok
15:38:28.0553 3808 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:38:28.0584 3808 mouclass - ok
15:38:28.0693 3808 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:38:28.0756 3808 mouhid - ok
15:38:28.0771 3808 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:38:28.0818 3808 mountmgr - ok
15:38:28.0943 3808 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
15:38:29.0021 3808 MpFilter - ok
15:38:29.0068 3808 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:38:29.0130 3808 mpio - ok
15:38:29.0271 3808 MpKsl5c6c1a1a (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\MpKsl5c6c1a1a.sys
15:38:29.0302 3808 MpKsl5c6c1a1a - ok
15:38:29.0411 3808 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:38:29.0473 3808 MpNWMon - ok
15:38:29.0536 3808 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:38:29.0614 3808 mpsdrv - ok
15:38:29.0661 3808 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
15:38:29.0770 3808 MpsSvc - ok
15:38:29.0817 3808 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:38:29.0895 3808 MRxDAV - ok
15:38:29.0941 3808 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:38:30.0004 3808 mrxsmb - ok
15:38:30.0113 3808 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:38:30.0175 3808 mrxsmb10 - ok
15:38:30.0207 3808 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:38:30.0269 3808 mrxsmb20 - ok
15:38:30.0316 3808 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:38:30.0347 3808 msahci - ok
15:38:30.0394 3808 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:38:30.0425 3808 msdsm - ok
15:38:30.0487 3808 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:38:30.0550 3808 MSDTC - ok
15:38:30.0597 3808 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:38:30.0659 3808 Msfs - ok
15:38:30.0690 3808 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:38:30.0753 3808 mshidkmdf - ok
15:38:30.0784 3808 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:38:30.0799 3808 msisadrv - ok
15:38:30.0831 3808 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:38:30.0924 3808 MSiSCSI - ok
15:38:30.0940 3808 msiserver - ok
15:38:30.0987 3808 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:38:31.0065 3808 MSKSSRV - ok
15:38:31.0221 3808 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:38:31.0252 3808 MsMpSvc - ok
15:38:31.0377 3808 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:38:31.0455 3808 MSPCLOCK - ok
15:38:31.0564 3808 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:38:31.0642 3808 MSPQM - ok
15:38:31.0657 3808 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:38:31.0720 3808 MsRPC - ok
15:38:31.0751 3808 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:38:31.0782 3808 mssmbios - ok
15:38:31.0829 3808 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:38:31.0860 3808 MSTEE - ok
15:38:31.0969 3808 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:38:32.0032 3808 MTConfig - ok
15:38:32.0063 3808 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:38:32.0110 3808 Mup - ok
15:38:32.0172 3808 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
15:38:32.0250 3808 napagent - ok
15:38:32.0313 3808 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:38:32.0375 3808 NativeWifiP - ok
15:38:32.0547 3808 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:38:32.0609 3808 NDIS - ok
15:38:32.0718 3808 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:38:32.0781 3808 NdisCap - ok
15:38:32.0796 3808 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:38:32.0859 3808 NdisTapi - ok
15:38:32.0952 3808 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:38:33.0046 3808 Ndisuio - ok
15:38:33.0061 3808 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:38:33.0124 3808 NdisWan - ok
15:38:33.0155 3808 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:38:33.0217 3808 NDProxy - ok
15:38:33.0342 3808 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:38:33.0420 3808 NetBIOS - ok
15:38:33.0514 3808 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:38:33.0623 3808 NetBT - ok
15:38:33.0685 3808 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:38:33.0732 3808 Netlogon - ok
15:38:33.0795 3808 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:38:33.0857 3808 Netman - ok
15:38:33.0888 3808 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:38:33.0935 3808 netprofm - ok
15:38:34.0029 3808 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:38:34.0075 3808 NetTcpPortSharing - ok
15:38:34.0169 3808 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:38:34.0216 3808 nfrd960 - ok
15:38:34.0356 3808 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:38:34.0403 3808 NisDrv - ok
15:38:34.0512 3808 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:38:34.0575 3808 NisSrv - ok
15:38:34.0653 3808 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
15:38:34.0746 3808 NlaSvc - ok
15:38:34.0902 3808 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys
15:38:34.0965 3808 nmwcd - ok
15:38:35.0011 3808 nmwcdc (7312987b6ccde6f6cee32c14bed1ca2e) C:\Windows\system32\drivers\ccdcmbo.sys
15:38:35.0074 3808 nmwcdc - ok
15:38:35.0136 3808 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:38:35.0199 3808 Npfs - ok
15:38:35.0230 3808 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:38:35.0308 3808 nsi - ok
15:38:35.0355 3808 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:38:35.0433 3808 nsiproxy - ok
15:38:35.0573 3808 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
15:38:35.0776 3808 Ntfs - ok
15:38:35.0885 3808 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:38:35.0932 3808 Null - ok
15:38:35.0994 3808 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
15:38:36.0057 3808 nvraid - ok
15:38:36.0072 3808 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
15:38:36.0119 3808 nvstor - ok
15:38:36.0150 3808 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:38:36.0197 3808 nv_agp - ok
15:38:36.0306 3808 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:38:36.0369 3808 ohci1394 - ok
15:38:36.0415 3808 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:38:36.0462 3808 p2pimsvc - ok
15:38:36.0493 3808 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:38:36.0556 3808 p2psvc - ok
15:38:36.0618 3808 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:38:36.0696 3808 Parport - ok
15:38:36.0805 3808 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:38:36.0852 3808 partmgr - ok
15:38:36.0868 3808 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:38:36.0915 3808 Parvdm - ok
15:38:36.0946 3808 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:38:37.0024 3808 PcaSvc - ok
15:38:37.0149 3808 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:38:37.0242 3808 pccsmcfd - ok
15:38:37.0289 3808 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:38:37.0320 3808 pci - ok
15:38:37.0351 3808 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:38:37.0367 3808 pciide - ok
15:38:37.0398 3808 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:38:37.0429 3808 pcmcia - ok
15:38:37.0476 3808 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:38:37.0507 3808 pcw - ok
15:38:37.0539 3808 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:38:37.0617 3808 PEAUTH - ok
15:38:37.0679 3808 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
15:38:37.0819 3808 pla - ok
15:38:37.0897 3808 PlugPlay (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
15:38:37.0991 3808 PlugPlay - ok
15:38:38.0022 3808 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:38:38.0053 3808 PNRPAutoReg - ok
15:38:38.0085 3808 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:38:38.0116 3808 PNRPsvc - ok
15:38:38.0163 3808 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
15:38:38.0209 3808 PolicyAgent - ok
15:38:38.0241 3808 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
15:38:38.0287 3808 Power - ok
15:38:38.0365 3808 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:38:38.0443 3808 PptpMiniport - ok
15:38:38.0568 3808 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:38:38.0615 3808 Processor - ok
15:38:38.0662 3808 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
15:38:38.0740 3808 ProfSvc - ok
15:38:38.0771 3808 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:38:38.0802 3808 ProtectedStorage - ok
15:38:38.0865 3808 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:38:38.0943 3808 Psched - ok
15:38:39.0005 3808 PSI_SVC_2 - ok
15:38:39.0145 3808 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:38:39.0239 3808 ql2300 - ok
15:38:39.0270 3808 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:38:39.0317 3808 ql40xx - ok
15:38:39.0348 3808 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:38:39.0426 3808 QWAVE - ok
15:38:39.0473 3808 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:38:39.0567 3808 QWAVEdrv - ok
15:38:39.0676 3808 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:38:39.0754 3808 RasAcd - ok
15:38:39.0879 3808 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:38:39.0957 3808 RasAgileVpn - ok
15:38:39.0988 3808 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:38:40.0081 3808 RasAuto - ok
15:38:40.0175 3808 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:38:40.0269 3808 Rasl2tp - ok
15:38:40.0300 3808 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
15:38:40.0362 3808 RasMan - ok
15:38:40.0425 3808 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:38:40.0487 3808 RasPppoe - ok
15:38:40.0518 3808 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:38:40.0581 3808 RasSstp - ok
15:38:40.0612 3808 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:38:40.0674 3808 rdbss - ok
15:38:40.0705 3808 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:38:40.0752 3808 rdpbus - ok
15:38:40.0799 3808 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:38:40.0861 3808 RDPCDD - ok
15:38:40.0893 3808 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:38:40.0955 3808 RDPENCDD - ok
15:38:41.0064 3808 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:38:41.0127 3808 RDPREFMP - ok
15:38:41.0158 3808 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:38:41.0236 3808 RDPWD - ok
15:38:41.0267 3808 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:38:41.0329 3808 rdyboost - ok
15:38:41.0423 3808 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:38:41.0517 3808 RemoteAccess - ok
15:38:41.0532 3808 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:38:41.0610 3808 RemoteRegistry - ok
15:38:41.0673 3808 RichVideo - ok
15:38:41.0797 3808 RMCAST (b4090006a82eeb608c358ab5d37de85a) C:\Windows\system32\DRIVERS\RMCAST.sys
15:38:41.0891 3808 RMCAST - ok
15:38:41.0938 3808 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:38:41.0985 3808 RpcEptMapper - ok
15:38:42.0016 3808 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:38:42.0078 3808 RpcLocator - ok
15:38:42.0125 3808 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
15:38:42.0203 3808 RpcSs - ok
15:38:42.0250 3808 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:38:42.0328 3808 rspndr - ok
15:38:42.0437 3808 RSUSBSTOR (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys
15:38:42.0484 3808 RSUSBSTOR - ok
15:38:42.0531 3808 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:38:42.0577 3808 rtl8192se - ok
15:38:42.0609 3808 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:38:42.0640 3808 SamSs - ok
15:38:42.0687 3808 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:38:42.0749 3808 sbp2port - ok
15:38:42.0780 3808 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:38:42.0843 3808 SCardSvr - ok
15:38:42.0921 3808 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:38:42.0983 3808 scfilter - ok
15:38:43.0045 3808 Schedule (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll
15:38:43.0123 3808 Schedule - ok
15:38:43.0155 3808 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
15:38:43.0201 3808 SCPolicySvc - ok
15:38:43.0248 3808 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
15:38:43.0295 3808 SDRSVC - ok
15:38:43.0357 3808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:38:43.0420 3808 secdrv - ok
15:38:43.0482 3808 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:38:43.0560 3808 seclogon - ok
15:38:43.0576 3808 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
15:38:43.0638 3808 SENS - ok
15:38:43.0669 3808 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:38:43.0701 3808 SensrSvc - ok
15:38:43.0763 3808 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:38:43.0810 3808 Serenum - ok
15:38:43.0841 3808 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:38:43.0919 3808 Serial - ok
15:38:43.0966 3808 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:38:44.0013 3808 sermouse - ok
15:38:44.0153 3808 ServiceLayer (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
15:38:44.0278 3808 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:38:44.0278 3808 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:38:44.0371 3808 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
15:38:44.0449 3808 SessionEnv - ok
15:38:44.0496 3808 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:38:44.0543 3808 sffdisk - ok
15:38:44.0559 3808 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:38:44.0590 3808 sffp_mmc - ok
15:38:44.0621 3808 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:38:44.0637 3808 sffp_sd - ok
15:38:44.0683 3808 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:38:44.0715 3808 sfloppy - ok
15:38:44.0824 3808 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:38:44.0917 3808 SharedAccess - ok
15:38:44.0949 3808 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
15:38:44.0995 3808 ShellHWDetection - ok
15:38:45.0073 3808 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:38:45.0120 3808 sisagp - ok
15:38:45.0120 3808 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:38:45.0151 3808 SiSRaid2 - ok
15:38:45.0183 3808 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:38:45.0214 3808 SiSRaid4 - ok
15:38:45.0261 3808 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:38:45.0339 3808 Smb - ok
15:38:45.0432 3808 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:38:45.0495 3808 SNMPTRAP - ok
15:38:45.0557 3808 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:38:45.0604 3808 spldr - ok
15:38:45.0651 3808 Spooler (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe
15:38:45.0697 3808 Spooler - ok
15:38:45.0791 3808 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
15:38:46.0041 3808 sppsvc - ok
15:38:46.0119 3808 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
15:38:46.0197 3808 sppuinotify - ok
15:38:46.0243 3808 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
15:38:46.0337 3808 srv - ok
15:38:46.0446 3808 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
15:38:46.0493 3808 srv2 - ok
15:38:46.0540 3808 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
15:38:46.0602 3808 srvnet - ok
15:38:46.0633 3808 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:38:46.0711 3808 SSDPSRV - ok
15:38:46.0774 3808 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:38:46.0805 3808 ssmdrv - ok
15:38:46.0836 3808 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:38:46.0883 3808 SstpSvc - ok
15:38:46.0930 3808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:38:46.0961 3808 stexstor - ok
15:38:46.0992 3808 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
15:38:47.0055 3808 StiSvc - ok
15:38:47.0101 3808 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:38:47.0117 3808 swenum - ok
15:38:47.0148 3808 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:38:47.0226 3808 swprv - ok
15:38:47.0304 3808 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
15:38:47.0351 3808 SynTP - ok
15:38:47.0460 3808 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
15:38:47.0569 3808 SysMain - ok
15:38:47.0647 3808 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
15:38:47.0710 3808 TabletInputService - ok
15:38:47.0741 3808 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
15:38:47.0803 3808 TapiSrv - ok
15:38:47.0835 3808 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:38:47.0913 3808 TBS - ok
15:38:47.0991 3808 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
15:38:48.0084 3808 Tcpip - ok
15:38:48.0225 3808 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
15:38:48.0287 3808 TCPIP6 - ok
15:38:48.0318 3808 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:38:48.0381 3808 tcpipreg - ok
15:38:48.0396 3808 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:38:48.0474 3808 TDPIPE - ok
15:38:48.0505 3808 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:38:48.0568 3808 TDTCP - ok
15:38:48.0677 3808 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:38:48.0771 3808 tdx - ok
15:38:48.0802 3808 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:38:48.0833 3808 TermDD - ok
15:38:48.0895 3808 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
15:38:48.0989 3808 TermService - ok
15:38:49.0020 3808 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:38:49.0067 3808 Themes - ok
15:38:49.0114 3808 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:38:49.0161 3808 THREADORDER - ok
15:38:49.0192 3808 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:38:49.0270 3808 TrkWks - ok
15:38:49.0332 3808 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
15:38:49.0426 3808 TrustedInstaller - ok
15:38:49.0504 3808 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:38:49.0597 3808 tssecsrv - ok
15:38:49.0722 3808 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:38:49.0800 3808 tunnel - ok
15:38:49.0831 3808 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:38:49.0863 3808 uagp35 - ok
15:38:49.0909 3808 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:38:49.0972 3808 udfs - ok
15:38:50.0003 3808 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:38:50.0034 3808 UI0Detect - ok
15:38:50.0097 3808 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:38:50.0143 3808 uliagpkx - ok
15:38:50.0175 3808 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:38:50.0221 3808 umbus - ok
15:38:50.0268 3808 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:38:50.0315 3808 UmPass - ok
15:38:50.0346 3808 UNS - ok
15:38:50.0424 3808 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:38:50.0518 3808 upnphost - ok
15:38:50.0580 3808 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
15:38:50.0627 3808 upperdev - ok
15:38:50.0658 3808 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
15:38:50.0721 3808 usbccgp - ok
15:38:50.0767 3808 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:38:50.0830 3808 usbcir - ok
15:38:50.0861 3808 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
15:38:50.0908 3808 usbehci - ok
15:38:51.0017 3808 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
15:38:51.0079 3808 usbhub - ok
15:38:51.0111 3808 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
15:38:51.0157 3808 usbohci - ok
15:38:51.0189 3808 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:38:51.0235 3808 usbprint - ok
15:38:51.0360 3808 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
15:38:51.0438 3808 usbser - ok
15:38:51.0454 3808 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
15:38:51.0501 3808 UsbserFilt - ok
15:38:51.0532 3808 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:38:51.0579 3808 USBSTOR - ok
15:38:51.0610 3808 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
15:38:51.0657 3808 usbuhci - ok
15:38:51.0781 3808 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
15:38:51.0828 3808 usbvideo - ok
15:38:51.0859 3808 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:38:51.0922 3808 UxSms - ok
15:38:51.0953 3808 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
15:38:52.0000 3808 VaultSvc - ok
15:38:52.0062 3808 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:38:52.0093 3808 vdrvroot - ok
15:38:52.0140 3808 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
15:38:52.0171 3808 vds - ok
15:38:52.0249 3808 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:38:52.0281 3808 vga - ok
15:38:52.0296 3808 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:38:52.0359 3808 VgaSave - ok
15:38:52.0390 3808 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:38:52.0421 3808 vhdmp - ok
15:38:52.0452 3808 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:38:52.0499 3808 viaagp - ok
15:38:52.0593 3808 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:38:52.0655 3808 ViaC7 - ok
15:38:52.0702 3808 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:38:52.0749 3808 viaide - ok
15:38:52.0764 3808 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:38:52.0811 3808 volmgr - ok
15:38:52.0842 3808 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:38:52.0873 3808 volmgrx - ok
15:38:52.0920 3808 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:38:52.0936 3808 volsnap - ok
15:38:52.0983 3808 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:38:53.0029 3808 vsmraid - ok
15:38:53.0092 3808 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
15:38:53.0201 3808 VSS - ok
15:38:53.0295 3808 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:38:53.0357 3808 vwifibus - ok
15:38:53.0388 3808 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:38:53.0435 3808 vwififlt - ok
15:38:53.0544 3808 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:38:53.0607 3808 vwifimp - ok
15:38:53.0638 3808 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:38:53.0700 3808 W32Time - ok
15:38:53.0763 3808 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:38:53.0809 3808 WacomPen - ok
15:38:53.0919 3808 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:38:54.0012 3808 WANARP - ok
15:38:54.0012 3808 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:38:54.0075 3808 Wanarpv6 - ok
15:38:54.0199 3808 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
15:38:54.0277 3808 wanatw - ok
15:38:54.0355 3808 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
15:38:54.0480 3808 wbengine - ok
15:38:54.0558 3808 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:38:54.0605 3808 WbioSrvc - ok
15:38:54.0636 3808 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
15:38:54.0683 3808 wcncsvc - ok
15:38:54.0699 3808 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:38:54.0761 3808 WcsPlugInService - ok
15:38:54.0792 3808 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:38:54.0823 3808 Wd - ok
15:38:54.0870 3808 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:38:54.0901 3808 Wdf01000 - ok
15:38:54.0948 3808 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:38:55.0011 3808 WdiServiceHost - ok
15:38:55.0011 3808 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:38:55.0042 3808 WdiSystemHost - ok
15:38:55.0073 3808 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
15:38:55.0120 3808 WebClient - ok
15:38:55.0151 3808 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:38:55.0229 3808 Wecsvc - ok
15:38:55.0245 3808 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:38:55.0307 3808 wercplsupport - ok
15:38:55.0416 3808 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:38:55.0479 3808 WerSvc - ok
15:38:55.0541 3808 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:38:55.0603 3808 WfpLwf - ok
15:38:55.0635 3808 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:38:55.0650 3808 WIMMount - ok
15:38:55.0744 3808 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:38:55.0837 3808 WinDefend - ok
15:38:55.0837 3808 WinHttpAutoProxySvc - ok
15:38:55.0931 3808 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:38:56.0040 3808 Winmgmt - ok
15:38:56.0103 3808 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
15:38:56.0243 3808 WinRM - ok
15:38:56.0368 3808 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
15:38:56.0446 3808 WinUsb - ok
15:38:56.0493 3808 WisLMSvc - ok
15:38:56.0571 3808 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:38:56.0695 3808 Wlansvc - ok
15:38:56.0820 3808 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:38:56.0867 3808 WmiAcpi - ok
15:38:56.0914 3808 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:38:57.0039 3808 wmiApSrv - ok
15:38:57.0148 3808 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:38:57.0304 3808 WMPNetworkSvc - ok
15:38:57.0382 3808 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:38:57.0444 3808 WPCSvc - ok
15:38:57.0460 3808 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
15:38:57.0522 3808 WPDBusEnum - ok
15:38:57.0585 3808 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:38:57.0647 3808 ws2ifsl - ok
15:38:57.0678 3808 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:38:57.0772 3808 wscsvc - ok
15:38:57.0787 3808 WSearch - ok
15:38:57.0834 3808 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
15:38:57.0975 3808 wuauserv - ok
15:38:58.0084 3808 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:38:58.0162 3808 WudfPf - ok
15:38:58.0287 3808 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:38:58.0365 3808 WUDFRd - ok
15:38:58.0396 3808 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
15:38:58.0443 3808 wudfsvc - ok
15:38:58.0474 3808 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:38:58.0521 3808 WwanSvc - ok
15:38:58.0552 3808 MBR (0x1B8) (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
15:39:01.0438 3808 \Device\Harddisk0\DR0 - ok
15:39:01.0469 3808 Boot (0x1200) (f31dc2512ad53822a7e28369d1c5e63f) \Device\Harddisk0\DR0\Partition0
15:39:01.0469 3808 \Device\Harddisk0\DR0\Partition0 - ok
15:39:01.0485 3808 Boot (0x1200) (880637bea931fe8c03abed6dd053f59b) \Device\Harddisk0\DR0\Partition1
15:39:01.0485 3808 \Device\Harddisk0\DR0\Partition1 - ok
15:39:01.0516 3808 Boot (0x1200) (41300ec0d0bbc9dab6d46fb8d03c5f51) \Device\Harddisk0\DR0\Partition2
15:39:01.0516 3808 \Device\Harddisk0\DR0\Partition2 - ok
15:39:01.0516 3808 ============================================================
15:39:01.0516 3808 Scan finished
15:39:01.0516 3808 ============================================================
15:39:01.0531 3424 Detected object count: 2
15:39:01.0531 3424 Actual detected object count: 2
15:39:14.0089 3424 Installer Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:39:14.0089 3424 Installer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:39:14.0089 3424 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:39:14.0089 3424 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.04.2012, 15:21
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ordner sind nur noch Verknüpfungen Dann bitte nochmal CF ausführen aber richtig! ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2012, 17:04
| #27 |
| | Ordner sind nur noch Verknüpfungen Auch das wurde von mir - jetzt hoffentlich richtig - erledigt: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-11.03 - 1 11.04.2012 17:46:28.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2935.2008 [GMT 2:00]
ausgeführt von:: c:\users\1\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-11 bis 2012-04-11 ))))))))))))))))))))))))))))))
.
.
2012-04-11 15:59 . 2012-04-11 15:59 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2012-04-11 15:59 . 2012-04-11 15:59 -------- d-----w- c:\users\Raphael\AppData\Local\temp
2012-04-11 15:59 . 2012-04-11 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 15:42 . 2012-04-11 15:42 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\MpKslf01ea3ac.sys
2012-04-11 07:56 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\mpengine.dll
2012-04-10 19:25 . 2012-04-10 19:25 -------- d-----w- C:\_OTL
2012-04-07 13:53 . 2012-04-07 13:53 -------- d-----w- c:\program files\ESET
2012-04-07 02:22 . 2012-04-07 02:22 -------- d-----w- c:\program files\CCleaner
2012-04-06 14:40 . 2012-04-11 15:59 -------- d-----w- c:\users\1\AppData\Local\temp
2012-04-06 13:53 . 2012-04-06 13:53 -------- d-----w- c:\users\1\AppData\Roaming\Malwarebytes
2012-04-06 13:52 . 2012-04-06 13:52 -------- d-----w- c:\programdata\Malwarebytes
2012-04-06 13:52 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 13:52 . 2012-04-06 13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-06 13:47 . 2012-04-06 13:47 -------- d-----w- c:\program files\GPLGS
2012-04-06 13:47 . 2011-10-04 20:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-06 13:47 . 2012-04-06 13:47 -------- d-----w- C:\Program1
2012-04-06 13:47 . 2012-04-06 13:47 -------- d-----w- c:\program files\FoxTabPDFCreator
2012-04-05 20:09 . 2012-04-05 20:09 -------- d-----w- c:\users\1\AppData\Roaming\Iminent
2012-04-05 20:08 . 2012-04-05 20:08 -------- d-----w- c:\programdata\Iminent
2012-04-05 20:08 . 2012-04-10 19:25 -------- d-----w- c:\program files\Iminent
2012-04-05 18:25 . 2012-04-05 18:25 -------- d-----w- c:\users\1\AppData\Roaming\AOL
2012-04-05 18:24 . 2012-04-05 18:24 -------- d-----w- c:\programdata\Viewpoint
2012-04-05 18:24 . 2012-04-05 18:24 -------- d-----w- c:\program files\Viewpoint
2012-04-05 18:24 . 2012-04-05 18:24 -------- d-----w- c:\users\1\AppData\Local\AOL
2012-04-05 18:23 . 2006-11-29 22:24 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2012-04-05 18:23 . 2012-04-05 18:25 -------- d-----w- c:\program files\AOL 9.0 VR
2012-04-05 18:23 . 2012-04-05 18:25 -------- d-----w- c:\programdata\AOL
2012-04-05 18:12 . 2012-04-10 19:25 -------- d-----w- c:\program files\BabylonToolbar
2012-04-05 18:12 . 2012-04-06 13:47 1743 ----a-w- C:\user.js
2012-04-05 18:12 . 2012-04-05 18:20 -------- d-----w- c:\programdata\AOL Downloads
2012-04-05 18:04 . 2012-04-05 18:09 -------- d-----w- C:\Medion
2012-04-05 17:57 . 2012-04-05 17:57 -------- d-----w- c:\program files\T-Online
2012-04-05 08:29 . 2012-04-05 08:29 -------- d-----w- c:\program files\Avira
2012-04-05 07:41 . 2012-04-05 07:42 -------- d-----w- c:\users\Sanne
2012-04-04 11:49 . 2012-04-04 11:49 -------- d-----w- c:\users\1\AppData\Local\Microsoft Corporation
2012-04-03 16:45 . 2012-04-03 16:45 -------- d-----w- c:\users\Susanne\AppData\Local\Microsoft Corporation
2012-04-03 16:18 . 2012-04-03 16:18 -------- d-----w- C:\Intel
2012-04-03 13:52 . 2012-04-07 02:22 -------- dc----w- c:\users\1\AppData\Local\MigWiz
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 18:29 . 2011-12-23 09:48 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-14 02:15 . 2011-12-20 05:27 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-13 05:31 . 2012-02-13 05:32 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C69D7EE-EFBD-4822-BA06-0B093B1E9B65}\gapaengine.dll
2012-01-31 12:44 . 2010-06-28 23:04 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:38 . 2012-04-05 20:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2009-02-26 15:04 2376992 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
.
R2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe [2011-06-15 119296]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
S1 MpKslf01ea3ac;MpKslf01ea3ac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\MpKslf01ea3ac.sys [2012-04-11 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLF01EA3AC
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 947725b800000000000074f06d0acfa9
FF - user.js: extensions.BabylonToolbar_i.hardId - 947725b800000000000074f06d0acfa9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15436
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-11 18:01:32
ComboFix-quarantined-files.txt 2012-04-11 16:01
ComboFix2.txt 2012-04-06 14:40
.
Vor Suchlauf: 10 Verzeichnis(se), 424.581.365.760 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 424.288.468.992 Bytes frei
.
- - End Of File - - 680139E4521DB3B7887F99233CBFB006
|
|
11.04.2012, 18:27
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ordner sind nur noch Verknüpfungen Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2012, 07:57
| #29 |
| | Ordner sind nur noch Verknüpfungen Hallo, also GMER ging wirklich nicht. Hier die Log-Datei von OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 08:31:58 on 12.04.2012 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\1\AppData\Local\Temp\catchme.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - ? - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (File not found) -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl (File not found) {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll (File not found) {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll (File not found) {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll (File not found) {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll (File not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll (File not found) {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll (File not found) {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll (File not found) {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll (File not found) {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll (File not found) {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI8079~1\shellext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - ? - C:\Program Files\Java\jre6\bin\jp2iexp.dll (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - ? - C:\Program Files\Java\jre6\bin\jp2iexp.dll (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - ? - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - ? - (File not found | COM-object registry key not found) "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "CUSTPDF Writer Monitor x86" - ? - C:\Windows\system32\custmon32i.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe "AAV UpdateService" (AAV UpdateService) - ? - "C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe" (File not found) "AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\CyberLink\Shared files\RichVideo.exe" (File not found) "Google Software Updater" (gusvc) - ? - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (File not found) "Google Update Service (gupdate)" (gupdate) - ? - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (File not found) "Google Update-Dienst (gupdatem)" (gupdatem) - ? - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (File not found) "Installer Service" (Installer Service) - ? - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe (File found, but it contains no detailed information) "Intel(R) Management & Security Application User Notification Service" (UNS) - ? - "C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" (File not found) "Intel(R) Management and Security Application Local Management Service" (LMS) - ? - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (File not found) "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - ? - "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" (File not found) "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe "Protexis Licensing V2" (PSI_SVC_2) - ? - "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" (File not found) "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe "WisLMSvc" (WisLMSvc) - ? - "C:\Program Files\Launch Manager\WisLMSvc.exe" (File not found) [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "ALDI SÜD" - C:\Windows\system32\MAHJON~1.SCR [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] So und dann das nächste: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-12 08:40:17
-----------------------------
08:40:17.674 OS Version: Windows 6.1.7600
08:40:17.674 Number of processors: 4 586 0x2502
08:40:17.675 ComputerName: RAPHAEL-PC UserName: 1
08:40:35.890 Initialize success
08:48:27.126 AVAST engine defs: 12041101
08:48:46.695 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:48:46.697 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
08:48:46.725 Disk 0 MBR read successfully
08:48:46.728 Disk 0 MBR scan
08:48:46.739 Disk 0 unknown MBR code
08:48:46.746 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:48:46.763 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 434852 MB offset 206848
08:48:46.805 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 890783744
08:48:46.829 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 974669824
08:48:46.836 Disk 0 scanning sectors +976771072
08:48:46.959 Disk 0 scanning C:\Windows\system32\drivers
08:48:57.271 Service scanning
08:49:10.163 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:49:28.341 Modules scanning
08:49:37.275 Disk 0 trace - called modules:
08:49:37.288 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
08:49:37.293 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d607c8]
08:49:37.298 3 CLASSPNP.SYS[8b3a959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861b5028]
08:49:38.204 AVAST engine scan C:\Windows
08:49:40.599 AVAST engine scan C:\Windows\system32
08:52:03.564 AVAST engine scan C:\Windows\system32\drivers
08:52:20.886 AVAST engine scan C:\Users\1
08:53:19.607 AVAST engine scan C:\ProgramData
08:54:22.346 Scan finished successfully
08:55:15.499 Disk 0 MBR has been saved successfully to "C:\Users\1\Documents\MBR.dat"
08:55:15.505 The log file has been saved successfully to "C:\Users\1\Documents\aswMBR.txt"
|
|
12.04.2012, 09:33
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ordner sind nur noch Verknüpfungen Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ordner sind nur noch Verknüpfungen |
| einfach, fehlermeldung, folge, folgendes, forum, gen, herunterfahren, hänge, inter, interne, internet-explorer, laptops, logdatei, malwarebytes, normalem, nur verknüpfungen, ordner, problem, programme, tagen, verknüpfungen, verschiedene, verschoben, verändert |
Linear-Darstellung
