Ich habe eigentlich die Viren/Trojaner entfernt mit der Rescuedisk von Kaspersky v10, aber...

MaxMoritz6 · 23.01.2012, 21:23

Nachdem ich ausversehen mt deaktivierten Virenscanner im Internet war, habe ich mir wohl Viren/Trojaner eingefangen.

Mit der Kaspersky Rescue-CD (mit Update der Virenliste) habe ich dann einige Viren gefunden und entfernt. Mit Malwarebytes' Anti-Malware konnte ich anschließend nichts mehr finden.

Leider sind nach einem Neustart wieder die folgenden Programme zum Autostart eingetragen:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe \"C:\\Users\\Berti\\AppData\\Roaming\\lsass.exe\""

HKLM..\Run: [MSWUpdate] "C:\Users\Fritz\AppData\Roaming\lsass.exe"
HKCU..\Run: [MSWUpdate] "C:\Users\Fritz\AppData\Roaming\lsass.exe"
HKCU..\Run: [winlogon] C:\Users\Fritz\AppData\Local\winlogon.exe
HKLM Winlogon: Shell - ("C:\Users\Fritz\AppData\Roaming\lsass.exe")

Wenn ich sie erfolgreich lösche, sind sie nach einem Neustart wieder da. Irgendwelche Viren/Trojaner kann ich nicht mehr finden.

Was kann ich noch machen?

MfG
MaxMoritz6

cosinus · 24.01.2012, 21:31

Zitat:

Nachdem ich ausversehen mt deaktivierten Virenscanner im Internet war, habe ich mir wohl Viren/Trojaner eingefangen.

Hm ja, kaum ist der Virenscanner deaktiviert schon fliegen die Viren auf den Rechner, herrlich diese Legende

Der Virenscanner ist niemals ein maßgeblicher Faktor, bestenfalls eine Art Sicherheitsgurt, auch wenn du ohne aktivem Virenscanner ins Netz gehst, kommt es ohne andere gravierende Fehler nicht zu einem Befall.

Zitat:

Mit der Kaspersky Rescue-CD (mit Update der Virenliste) habe ich dann einige Viren gefunden und entfernt. Mit Malwarebytes' Anti-Malware konnte ich anschließend nichts mehr finden.

Ohne Logs wird das hier nichts.

Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

MaxMoritz6 · 26.01.2012, 19:32

Ich habe nun mit Malewarebytes den Quick-scan durchgeführt:

Code:

ATTFilter

 
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.26.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Berti :: BERTI-LAPTOP [Administrator]

26.01.2012 19:15:50
mbam-log-2012-01-26 (19-24-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 182835
Laufzeit: 6 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winlogon (Trojan.Agent) -> Daten: C:\Users\Berti\AppData\Local\winlogon.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSWUpdate (Trojan.Agent) -> Daten: "C:\Users\Berti\AppData\Roaming\lsass.exe" -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSWUpdate (Trojan.Agent) -> Daten: "C:\Users\Berti\AppData\Roaming\lsass.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen.A) -> Bösartig: (Explorer.exe "C:\Users\Berti\AppData\Roaming\lsass.exe") Gut: (Explorer.exe) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alle vier Einträge kann ich eindeutig löschen. Nach einem Neustart sind alle wieder da.
Die Dateien habe ich schon mit Kaspersky entfernt.
Sonst läuft Windows (nachdem ich den Explorer als Shell gestartet habe) scheinbar einwandfrei...
Ich glaube, dass da noch irgendwo ein Rootkit steckt ...

Wie kann ich das Teil finden?

MfG
MaxMoritz

cosinus · 26.01.2012, 20:03

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

MaxMoritz6 · 26.01.2012, 21:16

Ich habe in der Zwischenzeit den Vollscan durchgeführt, und außerdem habe ich es aktualisiert.

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.26.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Berti :: BERTI-LAPTOP [Administrator]

26.01.2012 19:37:03
mbam-log-2012-01-26 (21-10-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 331322
Laufzeit: 1 Stunde(n), 32 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winlogon (Trojan.Agent) -> Daten: C:\Users\Berti\AppData\Local\winlogon.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSWUpdate (Trojan.Agent) -> Daten: "C:\Users\Berti\AppData\Roaming\lsass.exe" -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSWUpdate (Trojan.Agent) -> Daten: "C:\Users\Berti\AppData\Roaming\lsass.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen.A) -> Bösartig: (Explorer.exe "C:\Users\Berti\AppData\Roaming\lsass.exe") Gut: (Explorer.exe) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich habe während des Scans die Verbindung zum Internet gekappt und den normalen Virenscanner deaktiviert.

Ich führe jetzt den ESET Onlinescanner-Scan durch und melde mich dann wieder.

Vielen Dank schon mal!

MaxMoritz

cosinus · 26.01.2012, 21:17

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

MaxMoritz6 · 27.01.2012, 00:37

Hallo!

Nun habe ich ESET durchlaufen lassen:

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fea5d42b522245468d593d4d1f6ef4b5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-26 11:26:27
# local_time=2012-01-27 12:26:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776638 66 85 25036986 79242934 0 0
# compatibility_mode=8192 67108863 100 0 6163 6163 0 0
# scanned=158513
# found=1
# cleaned=1
# scan_time=8644
C:\Temp\W7\Users\Berti\AppData\Local\DRMnetTray\HpMainSnap.dll	a variant of Win32/Sefnit.BN trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

cosinus · 27.01.2012, 10:40

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

MaxMoritz6 · 29.01.2012, 19:26

Jetzt habe ich den "OTL"-Scan durchgeführt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.01.2012 18:56:36 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Berti\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 58,62% Memory free
3,75 Gb Paging File | 2,91 Gb Available in Paging File | 77,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 16,10 Gb Free Space | 21,63% Space Free | Partition Type: NTFS
Drive D: | 210,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BERTI-LAPTOP | User Name: Berti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.23 20:25:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Berti\Desktop\OTL.exe
PRC - [2012.01.13 20:13:23 | 000,066,560 | ---- | M] () -- C:\Windows\System32\dokan.exe
PRC - [2012.01.03 14:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.13 18:23:13 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.10.30 20:39:29 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.10.24 01:52:42 | 003,221,328 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DiskImage\oodiag.exe
PRC - [2011.09.29 20:43:40 | 001,851,224 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011.09.29 20:39:56 | 001,906,200 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011.09.29 20:38:16 | 001,471,904 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Programme\TightVNC\tvnserver.exe
PRC - [2011.06.24 05:44:06 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2011.06.24 05:43:46 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.19 15:05:22 | 000,081,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.22 17:09:24 | 000,462,848 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Programme\s3graphics\chrome3\S3Funkey.svc
PRC - [2010.07.22 17:09:22 | 000,418,304 | ---- | M] (S3 Graphics Co., Inc.) -- C:\Programme\s3graphics\chrome3\s3loadsv.svc
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.07.14 02:14:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
PRC - [2007.10.09 07:23:32 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 14:10:54 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (installerSrv)
SRV - [2012.01.13 20:13:23 | 000,066,560 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dokan.exe -- (Microsoft .NET Framework NGEN v2.0.50728_X86)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.30 21:46:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.24 01:52:42 | 003,221,328 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DiskImage\oodiag.exe -- (OO DiskImage)
SRV - [2011.09.29 20:43:40 | 001,851,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011.09.29 20:39:56 | 001,906,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011.09.29 20:15:56 | 000,357,808 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011.06.24 05:43:46 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011.06.24 05:43:46 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.19 15:05:22 | 000,081,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Box-Kindersicherung\avmident.exe -- (avmident)
SRV - [2011.01.19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010.07.22 17:09:24 | 000,462,848 | ---- | M] (S3 Graphics Co., Ltd.) [Auto | Running] -- C:\Programme\s3graphics\chrome3\S3Funkey.svc -- (S3Funkey)
SRV - [2010.07.22 17:09:22 | 000,418,304 | ---- | M] (S3 Graphics Co., Inc.) [Auto | Running] -- C:\Programme\s3graphics\chrome3\s3loadsv.svc -- (S3LoadSv)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.13 20:13:23 | 000,034,232 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\dokan.sys -- (dokanDrv)
DRV - [2011.12.14 11:35:34 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120126.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.12.14 11:35:34 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120126.033\NAVENG.SYS -- (NAVENG)
DRV - [2011.11.17 10:38:32 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.11.17 10:38:28 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011.11.17 10:38:28 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011.11.08 10:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.11.08 10:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.10.30 22:05:30 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.10.24 01:56:20 | 000,032,496 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\oodivdh.sys -- (oodivdh)
DRV - [2011.10.24 01:56:18 | 000,209,136 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\oodivd.sys -- (oodivd)
DRV - [2011.10.24 01:56:16 | 000,029,424 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\oodisrh.sys -- (oodisrh)
DRV - [2011.10.24 01:56:14 | 000,097,520 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\oodisr.sys -- (oodisr)
DRV - [2011.09.29 20:39:58 | 000,099,744 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2011.09.29 20:38:56 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011.09.08 00:35:56 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011.09.08 00:35:56 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011.09.08 00:35:56 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011.09.07 10:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2011.06.21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011.01.13 10:34:14 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer3.sys -- (Teefer3)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 16:18:50 | 001,101,312 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP)
DRV - [2010.09.02 09:05:38 | 001,247,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.12.18 15:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009.09.03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.09.03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.04.29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 EB CD 88 34 97 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61212
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.11 00:15:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.24 00:00:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.30 19:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Berti\AppData\Roaming\mozilla\Extensions
[2012.01.10 23:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions
[2011.12.25 14:21:06 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.11.25 19:00:01 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\fb_add_on@avm.de
[2012.01.04 23:41:36 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\m3ffxtbr@mywebsearch.com
[2012.01.10 23:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.10 23:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.12.24 00:00:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.24 00:00:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.24 00:00:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.24 00:00:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.24 00:00:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.24 00:00:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.24 00:00:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.10 23:52:39 | 000,000,922 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MSWUpdate] "C:\Users\Berti\AppData\Roaming\lsass.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [MSWUpdate] "C:\Users\Berti\AppData\Roaming\lsass.exe" File not found
O4 - HKCU..\Run: [winlogon] C:\Users\Berti\AppData\Local\winlogon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91163C8B-C0FD-4A35-B4FB-CE5922C5AD06}: DhcpNameServer = 192.168.2.19
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\Shell - "" = AutoRun
O33 - MountPoints2\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\Shell\AutoRun\command - "" = E:\preinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 23:10:29 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Local\Diagnostics
[2012.01.26 21:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.25 20:00:19 | 000,000,000 | ---D | C] -- C:\Users\Berti\Documents\******************************
[2012.01.24 00:27:57 | 000,000,000 | -H-D | C] -- C:\Windows\MP0X5ecb2e66
[2012.01.23 23:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.01.23 23:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.01.23 20:25:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Berti\Desktop\OTL.exe
[2012.01.23 19:57:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Berti\Desktop\HiJackThis204.exe
[2012.01.19 22:55:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.01.15 12:25:52 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Roaming\Malwarebytes
[2012.01.15 12:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.15 12:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.15 12:25:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.15 12:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.15 11:40:42 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.01.10 23:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.01.10 23:34:38 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2012.01.10 23:34:37 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012.01.10 23:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.10 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.05 21:15:35 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Roaming\ImgBurn
[2012.01.05 21:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.01.05 21:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012.01.05 19:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2012.01.05 19:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[2012.01.05 17:31:51 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Roaming\B2E66
[2012.01.04 23:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\B2E66
[2012.01.04 23:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012.01.04 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Roaming\5ECB2
[2012.01.04 23:32:30 | 000,034,232 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\dokan.sys
[2012.01.02 21:49:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.01.02 18:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.12.13 18:26:13 | 005,715,232 | ---- | C] (TeamViewer) -- C:\Program Files\TeamViewer_Host_Setup.exe
[2011.12.13 18:25:05 | 003,433,816 | ---- | C] (TeamViewer) -- C:\Program Files\TeamViewerQS_de.exe
[2011.10.30 19:56:58 | 002,666,304 | ---- | C] (TeamViewer GmbH) -- C:\Program Files\TeamViewerQS_de6.0.10722.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.29 18:25:04 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.29 18:25:04 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.29 18:16:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.29 18:16:07 | 1508,466,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.27 14:42:09 | 000,134,958 | ---- | M] () -- C:\Users\Berti\Desktop\Memoformat (1).pdf
[2012.01.27 14:26:06 | 000,093,542 | ---- | M] () -- C:\Users\Berti\Desktop\Memoformat.pdf
[2012.01.24 19:16:50 | 000,000,470 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.01.24 00:41:24 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.24 00:41:24 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.24 00:41:24 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.24 00:41:24 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.23 21:19:23 | 000,019,266 | ---- | M] () -- C:\Users\Berti\Desktop\Log.zip
[2012.01.23 20:25:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Berti\Desktop\OTL.exe
[2012.01.23 20:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Berti\defogger_reenable
[2012.01.23 20:23:19 | 000,050,477 | ---- | M] () -- C:\Users\Berti\Desktop\Defogger.exe
[2012.01.23 19:57:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Berti\Desktop\HiJackThis204.exe
[2012.01.22 22:49:07 | 000,302,592 | ---- | M] () -- C:\Users\Berti\Desktop\d6vpmv07.exe
[2012.01.13 20:13:23 | 000,066,560 | ---- | M] () -- C:\Windows\System32\dokan.exe
[2012.01.13 20:13:23 | 000,034,232 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\dokan.sys
[2012.01.13 20:13:22 | 000,104,960 | ---- | M] () -- C:\Windows\System32\dokan.dll
[2012.01.11 00:10:06 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.01.05 21:11:57 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.01.05 19:11:13 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5 (32-bit).lnk
[2012.01.02 18:03:30 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.27 14:42:07 | 000,134,958 | ---- | C] () -- C:\Users\Berti\Desktop\Memoformat (1).pdf
[2012.01.27 14:26:06 | 000,093,542 | ---- | C] () -- C:\Users\Berti\Desktop\Memoformat.pdf
[2012.01.24 19:16:50 | 000,000,470 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.23 21:19:22 | 000,019,266 | ---- | C] () -- C:\Users\Berti\Desktop\Log.zip
[2012.01.23 20:23:58 | 000,000,000 | ---- | C] () -- C:\Users\Berti\defogger_reenable
[2012.01.23 20:23:18 | 000,050,477 | ---- | C] () -- C:\Users\Berti\Desktop\Defogger.exe
[2012.01.23 20:05:23 | 000,286,208 | ---- | C] () -- C:\Users\Berti\Desktop\gmer.exe
[2012.01.22 22:49:06 | 000,302,592 | ---- | C] () -- C:\Users\Berti\Desktop\d6vpmv07.exe
[2012.01.11 00:10:06 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.10 23:34:38 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2012.01.10 23:34:37 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.01.10 23:34:37 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.01.10 23:34:36 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.01.10 21:15:57 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.01.05 21:11:57 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.01.05 21:11:57 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.01.04 23:32:31 | 000,104,960 | ---- | C] () -- C:\Windows\System32\dokan.dll
[2012.01.04 23:32:31 | 000,066,560 | ---- | C] () -- C:\Windows\System32\dokan.exe
[2011.12.13 18:25:36 | 021,359,696 | ---- | C] () -- C:\Program Files\TeamViewerPortable.zip
[2011.11.22 21:21:16 | 000,000,296 | ---- | C] () -- C:\Windows\{EF79E2B2-35E7-431B-A51F-8B507F9C647D}_WiseFW.ini
[2011.10.31 16:33:05 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.10.30 20:05:53 | 000,154,424 | ---- | C] () -- C:\Windows\System32\LoadOrd.exe
[2011.10.30 20:05:53 | 000,154,424 | ---- | C] () -- C:\Windows\System32\ldmdump.exe
[2011.10.30 20:05:53 | 000,150,328 | ---- | C] () -- C:\Windows\System32\pipelist.exe
[2011.10.30 20:05:53 | 000,150,328 | ---- | C] () -- C:\Windows\System32\hex2dec.exe
[2011.10.30 20:05:53 | 000,146,232 | ---- | C] () -- C:\Windows\System32\movefile.exe
[2011.10.30 20:05:53 | 000,146,232 | ---- | C] () -- C:\Windows\System32\efsdump.exe
[2011.10.30 20:05:53 | 000,122,680 | ---- | C] () -- C:\Windows\System32\ntfsinfo.exe
[2011.10.30 20:05:53 | 000,011,728 | ---- | C] () -- C:\Windows\System32\DMON.SYS
[2011.10.30 20:05:52 | 000,260,976 | ---- | C] () -- C:\Windows\System32\ShareEnum.exe
[2011.10.30 20:05:52 | 000,154,424 | ---- | C] () -- C:\Windows\System32\Volumeid.exe
[2011.10.30 20:05:52 | 000,154,424 | ---- | C] () -- C:\Windows\System32\Cacheset.exe
[2011.10.30 20:05:52 | 000,150,328 | ---- | C] () -- C:\Windows\System32\ctrl2cap.exe
[2011.10.30 20:05:52 | 000,150,328 | ---- | C] () -- C:\Windows\System32\adrestore.exe
[2011.10.30 20:00:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.30 20:00:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.10.30 19:57:47 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.04.12 03:19:24 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:19:24 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:19:24 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:19:24 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 003,763,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.09.08 05:22:30 | 000,243,200 | ---- | C] () -- C:\Windows\System32\JkDefragScreenSaver.exe
[2008.09.08 05:22:26 | 000,228,352 | ---- | C] () -- C:\Windows\System32\JkDefragCmd.exe
[2008.09.08 05:22:24 | 000,226,816 | ---- | C] () -- C:\Windows\System32\JkDefrag.exe
[2007.05.22 16:54:46 | 001,769,472 | ---- | C] () -- C:\Windows\System32\VTROM.bin
[2006.03.09 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2012.01.04 23:41:02 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\5ECB2
[2012.01.19 23:15:27 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\ALFBanCo3
[2011.12.28 10:30:33 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\avidemux
[2012.01.19 23:51:01 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Azureus
[2012.01.05 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\B2E66
[2012.01.10 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.30 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\FreePDF
[2011.12.28 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\FRITZ!
[2011.11.25 18:51:17 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.12.14 01:35:30 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\GetFoldersize
[2012.01.05 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\ImgBurn
[2011.11.26 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\TeamViewer
[2011.11.06 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\TightVNC
[2012.01.27 14:12:47 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.04 23:41:02 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\5ECB2
[2011.11.01 00:36:50 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Adobe
[2012.01.19 23:15:27 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\ALFBanCo3
[2011.12.28 10:30:33 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\avidemux
[2012.01.19 23:51:01 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Azureus
[2012.01.05 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\B2E66
[2012.01.10 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.12.22 00:29:53 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Download Manager
[2011.10.30 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\FreePDF
[2011.12.28 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\FRITZ!
[2011.11.25 18:51:17 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.12.14 01:35:30 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\GetFoldersize
[2011.10.30 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Identities
[2012.01.05 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\ImgBurn
[2011.10.30 21:34:29 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Macromedia
[2012.01.15 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Malwarebytes
[2011.04.12 03:24:38 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Media Center Programs
[2012.01.19 23:51:03 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Media Player Classic
[2012.01.05 17:31:38 | 000,000,000 | --SD | M] -- C:\Users\Berti\AppData\Roaming\Microsoft
[2011.10.30 19:58:34 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\Mozilla
[2011.11.26 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\TeamViewer
[2011.11.06 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Berti\AppData\Roaming\TightVNC
 
< %APPDATA%\*.exe /s >
[2011.11.04 16:03:33 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Berti\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.01.10 21:14:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Berti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.09.29 20:39:58 | 000,099,744 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\SysPlant.sys
[2011.09.29 20:38:56 | 000,043,936 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\WPSDRVnt.sys
[2011.06.21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\wpshelper.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.10.30 20:39:28 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.10.30 20:39:28 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.09.29 20:38:24 | 000,087,456 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\FwsVpn.dll
[2011.09.29 20:38:48 | 000,107,936 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\SymVPN.dll
[2011.09.29 12:38:48 | 000,357,792 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\system32\Sysfer.dll

< End of report >

--- --- ---
[/code]

Die fünf oben genannten Einträge sind nach dem Löschen(z.B. Malewarebayte oder per "Hand" in der Registry, nach einen Neustart wieder da !!!).

Wie kann ich bitte weiter verfahren???

MfG
MaxMoritz

cosinus · 29.01.2012, 19:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61212
[2011.12.25 14:21:06 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012.01.04 23:41:36 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\m3ffxtbr@mywebsearch.com
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [MSWUpdate] "C:\Users\Berti\AppData\Roaming\lsass.exe" File not found
O4 - HKCU..\Run: [winlogon] C:\Users\Berti\AppData\Local\winlogon.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\Shell - "" = AutoRun
O33 - MountPoints2\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\Shell\AutoRun\command - "" = E:\preinst.exe
[2012.01.24 00:27:57 | 000,000,000 | -H-D | C] -- C:\Windows\MP0X5ecb2e66
[2012.01.05 17:31:51 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Roaming\B2E66
[2012.01.04 23:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\B2E66
[2012.01.04 23:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012.01.04 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Berti\AppData\Roaming\5ECB2


:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

MaxMoritz6 · 29.01.2012, 22:21

Ich habe das Folgende durchgeführt:
Das Script im OTL-Fenster kopiert
Vierenscanner deaktiviert
Verbindung zum Internet abgebaut
Internet-Explorer, Outlook und alles Andere beendet
Dann Button Fix betätigt
Neustart bestätigt
Nach der Anmeldung kam das Explorer-Fenster als Oberfläche
den Explorer als Oberfläche mit Hilfe des Taskmanager gestartet
Den Inhalt des dann angezeigten Logfiles hier markiert
und diese Antwort geschrieben

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Programme\Vuze_Remote\prxtbVuz0.dll moved successfully.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 61212 removed from network.proxy.http_port
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\m3ffxtbr@mywebsearch.com\chrome folder moved successfully.
C:\Users\Berti\AppData\Roaming\mozilla\Firefox\Profiles\h8gh0qfs.default\extensions\m3ffxtbr@mywebsearch.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Programme\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSWUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26f4fd33-3172-11e1-b1c9-0040d0b778c6}\ not found.
File E:\preinst.exe not found.
C:\Windows\MP0X5ecb2e66 folder moved successfully.
C:\Users\Berti\AppData\Roaming\B2E66 folder moved successfully.
C:\Program Files\B2E66 folder moved successfully.
C:\Program Files\LP\8C65 folder moved successfully.
C:\Program Files\LP folder moved successfully.
C:\Users\Berti\AppData\Roaming\5ECB2 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Berti
->Temp folder emptied: 26119321 bytes
->Temporary Internet Files folder emptied: 24182734 bytes
->Java cache emptied: 359525 bytes
->FireFox cache emptied: 48536441 bytes
->Flash cache emptied: 57142 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Silke
->Temp folder emptied: 646425 bytes
->Temporary Internet Files folder emptied: 3049761 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46448899 bytes
->Flash cache emptied: 42425 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 534164 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 143,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01292012_220351

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Jetzt sind nur noch die folgenden Einträge vorhanden:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe \"C:\\Users\\Berti\\AppData\\Roaming\\lsass.exe\""

HKLM..\Run: [MSWUpdate] "C:\Users\Fritz\AppData\Roaming\lsass.exe"

Nun lösche ich die Einträge und werde nach einem Neustart weiter berichten!

MfG
MaxMoritz

MaxMoritz6 · 29.01.2012, 22:44

So, jetz habe ich den PC(Laptop) zweimal neu gestartet, und es sind keine Effekte wieder aufgetreten:
kein Explorer-Fenster als Shell
und
keine Autostart-Registry-Einträge !!!

Super !!!
Ich hatte es nicht mehr erhofft. ABer Ihr seit super!!

Danke cosinus !!!

MfG
Max Moritz

P.S.: Kann ich Euch/Dir einen Gefallen tun?
Darf ich Dich darum bitten, mit mir Kontakt aufzunehmen?
Ich habe da noch einige Fragen !!!

cosinus · 30.01.2012, 10:24

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

MaxMoritz6 · 31.01.2012, 19:04

Hallo!

Ich komme erst jetz dazu, das gestern angefertigte Logfile mit TDDS zu posten:

Code:

ATTFilter

 20:27:41.0378 3384	TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
20:27:41.0612 3384	============================================================
20:27:41.0612 3384	Current date / time: 2012/01/30 20:27:41.0612
20:27:41.0612 3384	SystemInfo:
20:27:41.0612 3384	
20:27:41.0612 3384	OS Version: 6.1.7601 ServicePack: 1.0
20:27:41.0612 3384	Product type: Workstation
20:27:41.0612 3384	ComputerName: BERTI-LAPTOP
20:27:41.0612 3384	UserName: Berti
20:27:41.0612 3384	Windows directory: C:\Windows
20:27:41.0612 3384	System windows directory: C:\Windows
20:27:41.0612 3384	Processor architecture: Intel x86
20:27:41.0612 3384	Number of processors: 2
20:27:41.0612 3384	Page size: 0x1000
20:27:41.0612 3384	Boot type: Normal boot
20:27:41.0612 3384	============================================================
20:27:43.0749 3384	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:27:43.0781 3384	\Device\Harddisk0\DR0:
20:27:43.0781 3384	MBR used
20:27:43.0781 3384	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:27:43.0781 3384	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
20:27:43.0827 3384	Initialize success
20:27:43.0827 3384	============================================================
20:27:50.0364 2724	============================================================
20:27:50.0364 2724	Scan started
20:27:50.0364 2724	Mode: Manual; 
20:27:50.0364 2724	============================================================
20:27:51.0331 2724	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:27:51.0362 2724	1394ohci - ok
20:27:51.0581 2724	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:27:51.0596 2724	ACPI - ok
20:27:51.0690 2724	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:27:51.0705 2724	AcpiPmi - ok
20:27:51.0986 2724	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
20:27:52.0033 2724	adp94xx - ok
20:27:52.0314 2724	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
20:27:52.0329 2724	adpahci - ok
20:27:52.0563 2724	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
20:27:52.0626 2724	adpu320 - ok
20:27:52.0907 2724	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:27:52.0907 2724	AFD - ok
20:27:53.0016 2724	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
20:27:53.0047 2724	aic78xx - ok
20:27:53.0375 2724	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:27:53.0406 2724	aliide - ok
20:27:53.0640 2724	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:27:53.0671 2724	amdagp - ok
20:27:53.0905 2724	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:27:53.0921 2724	amdide - ok
20:27:53.0983 2724	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
20:27:54.0014 2724	AmdK8 - ok
20:27:54.0155 2724	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
20:27:54.0186 2724	AmdPPM - ok
20:27:54.0311 2724	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:27:54.0326 2724	amdsata - ok
20:27:54.0623 2724	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
20:27:54.0623 2724	amdsbs - ok
20:27:54.0716 2724	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:27:54.0716 2724	amdxata - ok
20:27:54.0966 2724	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:27:55.0028 2724	AppID - ok
20:27:55.0247 2724	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
20:27:55.0293 2724	arc - ok
20:27:55.0340 2724	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
20:27:55.0356 2724	arcsas - ok
20:27:55.0777 2724	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:55.0777 2724	AsyncMac - ok
20:27:55.0871 2724	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:27:55.0871 2724	atapi - ok
20:27:56.0136 2724	athr            (7d0a662d7b116169854b4ec941a7822d) C:\Windows\system32\DRIVERS\athr.sys
20:27:56.0183 2724	athr - ok
20:27:56.0744 2724	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
20:27:56.0822 2724	b06bdrv - ok
20:27:57.0087 2724	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:27:57.0119 2724	b57nd60x - ok
20:27:57.0321 2724	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:27:57.0337 2724	Beep - ok
20:27:57.0399 2724	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:27:57.0399 2724	blbdrive - ok
20:27:57.0462 2724	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:27:57.0477 2724	bowser - ok
20:27:57.0665 2724	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
20:27:57.0696 2724	BrFiltLo - ok
20:27:57.0727 2724	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
20:27:57.0758 2724	BrFiltUp - ok
20:27:57.0899 2724	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:27:57.0930 2724	Brserid - ok
20:27:58.0023 2724	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:27:58.0055 2724	BrSerWdm - ok
20:27:58.0289 2724	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:27:58.0320 2724	BrUsbMdm - ok
20:27:58.0507 2724	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:27:58.0538 2724	BrUsbSer - ok
20:27:58.0569 2724	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
20:27:58.0601 2724	BTHMODEM - ok
20:27:58.0850 2724	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:27:58.0866 2724	cdfs - ok
20:27:58.0975 2724	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:27:59.0022 2724	cdrom - ok
20:27:59.0193 2724	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
20:27:59.0209 2724	circlass - ok
20:27:59.0287 2724	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:27:59.0287 2724	CLFS - ok
20:27:59.0568 2724	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:27:59.0568 2724	CmBatt - ok
20:27:59.0615 2724	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:27:59.0646 2724	cmdide - ok
20:27:59.0895 2724	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:27:59.0911 2724	CNG - ok
20:28:00.0176 2724	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:28:00.0192 2724	Compbatt - ok
20:28:00.0301 2724	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:28:00.0301 2724	CompositeBus - ok
20:28:00.0551 2724	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
20:28:00.0597 2724	crcdisk - ok
20:28:00.0800 2724	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:28:00.0847 2724	CSC - ok
20:28:00.0941 2724	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:28:00.0941 2724	DfsC - ok
20:28:01.0268 2724	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:28:01.0284 2724	discache - ok
20:28:01.0518 2724	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
20:28:01.0518 2724	Disk - ok
20:28:01.0549 2724	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
20:28:01.0580 2724	dmvsc - ok
20:28:01.0767 2724	dokanDrv        (4afb34bc24614e1db4ad2365efdcbbee) C:\Windows\dokan.sys
20:28:01.0767 2724	dokanDrv - ok
20:28:02.0048 2724	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:28:02.0064 2724	drmkaud - ok
20:28:02.0220 2724	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:28:02.0267 2724	DXGKrnl - ok
20:28:02.0750 2724	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
20:28:03.0047 2724	ebdrv - ok
20:28:03.0281 2724	eeCtrl          (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:28:03.0312 2724	eeCtrl - ok
20:28:03.0655 2724	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
20:28:03.0702 2724	elxstor - ok
20:28:03.0920 2724	EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:28:03.0936 2724	EraserUtilRebootDrv - ok
20:28:04.0107 2724	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:28:04.0154 2724	ErrDev - ok
20:28:04.0497 2724	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:28:04.0497 2724	exfat - ok
20:28:04.0700 2724	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:28:04.0763 2724	fastfat - ok
20:28:04.0825 2724	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
20:28:04.0856 2724	fdc - ok
20:28:05.0090 2724	FETNDIS         (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
20:28:05.0090 2724	FETNDIS - ok
20:28:05.0153 2724	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:28:05.0168 2724	FileInfo - ok
20:28:05.0387 2724	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:28:05.0387 2724	Filetrace - ok
20:28:05.0433 2724	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
20:28:05.0480 2724	flpydisk - ok
20:28:05.0589 2724	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:28:05.0605 2724	FltMgr - ok
20:28:05.0714 2724	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:28:05.0745 2724	FsDepends - ok
20:28:05.0761 2724	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:28:05.0761 2724	Fs_Rec - ok
20:28:05.0886 2724	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:28:05.0886 2724	fvevol - ok
20:28:06.0198 2724	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
20:28:06.0229 2724	gagp30kx - ok
20:28:06.0447 2724	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:28:06.0463 2724	hcw85cir - ok
20:28:06.0572 2724	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:28:06.0588 2724	HdAudAddService - ok
20:28:06.0791 2724	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:28:06.0806 2724	HDAudBus - ok
20:28:06.0837 2724	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
20:28:06.0869 2724	HidBatt - ok
20:28:06.0915 2724	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
20:28:06.0947 2724	HidBth - ok
20:28:07.0196 2724	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
20:28:07.0243 2724	HidIr - ok
20:28:07.0586 2724	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
20:28:07.0617 2724	HidUsb - ok
20:28:07.0742 2724	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:28:07.0773 2724	HpSAMD - ok
20:28:07.0898 2724	HSF_DPV         (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:28:07.0929 2724	HSF_DPV - ok
20:28:08.0023 2724	HSXHWAZL        (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:28:08.0023 2724	HSXHWAZL - ok
20:28:08.0101 2724	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:28:08.0117 2724	HTTP - ok
20:28:08.0148 2724	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:28:08.0148 2724	hwpolicy - ok
20:28:08.0397 2724	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:28:08.0397 2724	i8042prt - ok
20:28:08.0507 2724	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:28:08.0553 2724	iaStorV - ok
20:28:08.0756 2724	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
20:28:08.0756 2724	iirsp - ok
20:28:09.0006 2724	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:28:09.0037 2724	intelide - ok
20:28:09.0146 2724	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:28:09.0162 2724	intelppm - ok
20:28:09.0443 2724	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:28:09.0474 2724	IpFilterDriver - ok
20:28:09.0536 2724	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:28:09.0536 2724	IPMIDRV - ok
20:28:09.0739 2724	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:28:09.0739 2724	IPNAT - ok
20:28:09.0864 2724	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:28:09.0864 2724	IRENUM - ok
20:28:10.0020 2724	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:28:10.0051 2724	isapnp - ok
20:28:10.0113 2724	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:28:10.0145 2724	iScsiPrt - ok
20:28:10.0207 2724	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:28:10.0207 2724	kbdclass - ok
20:28:10.0519 2724	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:28:10.0550 2724	kbdhid - ok
20:28:10.0847 2724	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:28:10.0862 2724	KSecDD - ok
20:28:10.0940 2724	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:28:10.0956 2724	KSecPkg - ok
20:28:11.0330 2724	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:28:11.0330 2724	lltdio - ok
20:28:11.0611 2724	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
20:28:11.0658 2724	LSI_FC - ok
20:28:11.0736 2724	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
20:28:11.0767 2724	LSI_SAS - ok
20:28:11.0939 2724	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
20:28:11.0985 2724	LSI_SAS2 - ok
20:28:12.0048 2724	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
20:28:12.0063 2724	LSI_SCSI - ok
20:28:12.0344 2724	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:28:12.0360 2724	luafv - ok
20:28:12.0656 2724	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:28:12.0656 2724	mdmxsdk - ok
20:28:12.0703 2724	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
20:28:12.0734 2724	megasas - ok
20:28:12.0999 2724	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
20:28:13.0062 2724	MegaSR - ok
20:28:13.0280 2724	MEMSWEEP2 - ok
20:28:13.0436 2724	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:28:13.0436 2724	Modem - ok
20:28:13.0608 2724	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:28:13.0639 2724	monitor - ok
20:28:13.0795 2724	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:28:13.0795 2724	mouclass - ok
20:28:13.0967 2724	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:28:13.0967 2724	mouhid - ok
20:28:13.0998 2724	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:28:13.0998 2724	mountmgr - ok
20:28:14.0154 2724	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:28:14.0185 2724	mpio - ok
20:28:14.0435 2724	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:28:14.0466 2724	mpsdrv - ok
20:28:14.0715 2724	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:28:14.0747 2724	MRxDAV - ok
20:28:14.0840 2724	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:14.0840 2724	mrxsmb - ok
20:28:15.0137 2724	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:15.0152 2724	mrxsmb10 - ok
20:28:15.0261 2724	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:15.0277 2724	mrxsmb20 - ok
20:28:15.0417 2724	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:28:15.0433 2724	msahci - ok
20:28:15.0495 2724	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:28:15.0527 2724	msdsm - ok
20:28:15.0651 2724	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:28:15.0651 2724	Msfs - ok
20:28:15.0683 2724	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:28:15.0683 2724	mshidkmdf - ok
20:28:15.0714 2724	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:28:15.0729 2724	msisadrv - ok
20:28:15.0839 2724	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:28:15.0854 2724	MSKSSRV - ok
20:28:15.0932 2724	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:28:15.0948 2724	MSPCLOCK - ok
20:28:16.0010 2724	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:28:16.0010 2724	MSPQM - ok
20:28:16.0057 2724	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:28:16.0073 2724	MsRPC - ok
20:28:16.0151 2724	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:28:16.0151 2724	mssmbios - ok
20:28:16.0213 2724	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:28:16.0229 2724	MSTEE - ok
20:28:16.0291 2724	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
20:28:16.0291 2724	MTConfig - ok
20:28:16.0322 2724	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:28:16.0322 2724	Mup - ok
20:28:16.0416 2724	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:28:16.0416 2724	NativeWifiP - ok
20:28:16.0587 2724	NAVENG          (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120130.002\NAVENG.SYS
20:28:16.0587 2724	NAVENG - ok
20:28:16.0728 2724	NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120130.002\NAVEX15.SYS
20:28:16.0775 2724	NAVEX15 - ok
20:28:16.0946 2724	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:28:16.0962 2724	NDIS - ok
20:28:17.0024 2724	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:28:17.0024 2724	NdisCap - ok
20:28:17.0133 2724	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:28:17.0133 2724	NdisTapi - ok
20:28:17.0180 2724	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:28:17.0180 2724	Ndisuio - ok
20:28:17.0227 2724	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:17.0243 2724	NdisWan - ok
20:28:17.0289 2724	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:28:17.0289 2724	NDProxy - ok
20:28:17.0492 2724	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:28:17.0508 2724	NetBIOS - ok
20:28:17.0570 2724	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:28:17.0586 2724	NetBT - ok
20:28:17.0851 2724	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
20:28:17.0882 2724	nfrd960 - ok
20:28:17.0929 2724	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:28:17.0945 2724	Npfs - ok
20:28:18.0038 2724	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:28:18.0038 2724	nsiproxy - ok
20:28:18.0381 2724	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:28:18.0413 2724	Ntfs - ok
20:28:18.0631 2724	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:28:18.0662 2724	Null - ok
20:28:18.0771 2724	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:28:18.0803 2724	nvraid - ok
20:28:18.0974 2724	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:28:18.0974 2724	nvstor - ok
20:28:19.0052 2724	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:28:19.0099 2724	nv_agp - ok
20:28:19.0255 2724	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:28:19.0255 2724	ohci1394 - ok
20:28:19.0551 2724	oodisr          (0b7e71ecafb471a645b8892bedade9ca) C:\Windows\system32\DRIVERS\oodisr.sys
20:28:19.0551 2724	oodisr - ok
20:28:19.0614 2724	oodisrh         (fb18baa9bec9be662b26e2a95ec0238b) C:\Windows\system32\DRIVERS\oodisrh.sys
20:28:19.0629 2724	oodisrh - ok
20:28:19.0817 2724	oodivd          (b7d5a0e1aec8c03073d7d9a4ec2dd3ec) C:\Windows\system32\DRIVERS\oodivd.sys
20:28:19.0817 2724	oodivd - ok
20:28:19.0926 2724	oodivdh         (51d816c09b9468a6b35526bb3d6a0676) C:\Windows\system32\DRIVERS\oodivdh.sys
20:28:19.0926 2724	oodivdh - ok
20:28:20.0238 2724	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
20:28:20.0269 2724	Parport - ok
20:28:20.0331 2724	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:28:20.0331 2724	partmgr - ok
20:28:20.0581 2724	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
20:28:20.0581 2724	Parvdm - ok
20:28:20.0659 2724	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:28:20.0675 2724	pci - ok
20:28:20.0815 2724	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:28:20.0815 2724	pciide - ok
20:28:20.0909 2724	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
20:28:20.0955 2724	pcmcia - ok
20:28:21.0158 2724	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:28:21.0158 2724	pcw - ok
20:28:21.0236 2724	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:28:21.0267 2724	PEAUTH - ok
20:28:21.0642 2724	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:28:21.0642 2724	PptpMiniport - ok
20:28:21.0735 2724	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
20:28:21.0767 2724	Processor - ok
20:28:22.0016 2724	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:28:22.0016 2724	Psched - ok
20:28:22.0157 2724	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
20:28:22.0250 2724	ql2300 - ok
20:28:22.0484 2724	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
20:28:22.0484 2724	ql40xx - ok
20:28:22.0593 2724	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:28:22.0609 2724	QWAVEdrv - ok
20:28:22.0843 2724	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:28:22.0874 2724	RasAcd - ok
20:28:23.0030 2724	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:28:23.0030 2724	RasAgileVpn - ok
20:28:23.0093 2724	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:28:23.0108 2724	Rasl2tp - ok
20:28:23.0264 2724	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:28:23.0280 2724	RasPppoe - ok
20:28:23.0373 2724	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:28:23.0373 2724	RasSstp - ok
20:28:23.0420 2724	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:28:23.0420 2724	rdbss - ok
20:28:23.0451 2724	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:28:23.0451 2724	rdpbus - ok
20:28:23.0529 2724	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:28:23.0545 2724	RDPCDD - ok
20:28:23.0748 2724	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:28:23.0779 2724	RDPDR - ok
20:28:24.0091 2724	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:28:24.0107 2724	RDPENCDD - ok
20:28:24.0309 2724	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:28:24.0325 2724	RDPREFMP - ok
20:28:24.0419 2724	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:28:24.0419 2724	RDPWD - ok
20:28:24.0699 2724	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:28:24.0699 2724	rdyboost - ok
20:28:25.0089 2724	RRNetCap        (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
20:28:25.0089 2724	RRNetCap - ok
20:28:25.0136 2724	RRNetCapMP      (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
20:28:25.0136 2724	RRNetCapMP - ok
20:28:25.0401 2724	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:28:25.0401 2724	rspndr - ok
20:28:25.0448 2724	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:28:25.0479 2724	s3cap - ok
20:28:25.0885 2724	S3GIGP          (50d474d87e97e17557d311240e4bc233) C:\Windows\system32\DRIVERS\VTGKModeDX32.sys
20:28:25.0932 2724	S3GIGP - ok
20:28:26.0244 2724	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:28:26.0291 2724	sbp2port - ok
20:28:26.0337 2724	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:28:26.0369 2724	scfilter - ok
20:28:26.0571 2724	SCR3XX2K        (624795df1993b955b0c0a03a4612f2ec) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
20:28:26.0618 2724	SCR3XX2K - ok
20:28:26.0743 2724	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:28:26.0743 2724	secdrv - ok
20:28:26.0993 2724	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
20:28:27.0008 2724	Serenum - ok
20:28:27.0149 2724	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
20:28:27.0180 2724	Serial - ok
20:28:27.0336 2724	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
20:28:27.0336 2724	sermouse - ok
20:28:27.0492 2724	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:28:27.0492 2724	sffdisk - ok
20:28:27.0663 2724	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:28:27.0695 2724	sffp_mmc - ok
20:28:27.0757 2724	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:28:27.0757 2724	sffp_sd - ok
20:28:28.0022 2724	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
20:28:28.0038 2724	sfloppy - ok
20:28:28.0319 2724	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
20:28:28.0350 2724	SiSRaid2 - ok
20:28:28.0381 2724	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
20:28:28.0381 2724	SiSRaid4 - ok
20:28:28.0677 2724	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:28:28.0709 2724	Smb - ok
20:28:28.0943 2724	SPBBCDrv        (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:28:28.0958 2724	SPBBCDrv - ok
20:28:29.0145 2724	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:28:29.0145 2724	spldr - ok
20:28:29.0348 2724	SRTSP           (620bbcc5c4c4407447866793c36e1215) C:\Windows\system32\Drivers\SRTSP.SYS
20:28:29.0411 2724	SRTSP - ok
20:28:29.0629 2724	SRTSPL          (995e15de499ca58445e39a2fba7d170e) C:\Windows\system32\Drivers\SRTSPL.SYS
20:28:29.0645 2724	SRTSPL - ok
20:28:29.0847 2724	SRTSPX          (1b63f794f283b974a79084514df206a0) C:\Windows\system32\Drivers\SRTSPX.SYS
20:28:29.0879 2724	SRTSPX - ok
20:28:30.0144 2724	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:28:30.0144 2724	srv - ok
20:28:30.0206 2724	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:28:30.0222 2724	srv2 - ok
20:28:30.0393 2724	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:28:30.0425 2724	SrvHsfHDA - ok
20:28:30.0783 2724	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:28:30.0815 2724	SrvHsfV92 - ok
20:28:31.0111 2724	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:28:31.0189 2724	SrvHsfWinac - ok
20:28:31.0454 2724	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:28:31.0454 2724	srvnet - ok
20:28:31.0719 2724	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
20:28:31.0766 2724	stexstor - ok
20:28:31.0985 2724	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:28:32.0000 2724	storflt - ok
20:28:32.0109 2724	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:28:32.0125 2724	storvsc - ok
20:28:32.0328 2724	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:28:32.0328 2724	swenum - ok
20:28:32.0765 2724	SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:28:32.0780 2724	SymEvent - ok
20:28:33.0061 2724	SYMREDRV        (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
20:28:33.0061 2724	SYMREDRV - ok
20:28:33.0124 2724	SYMTDI          (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
20:28:33.0139 2724	SYMTDI - ok
20:28:33.0248 2724	SynTP           (03b76b4c38c6a0fce763ff272e94490d) C:\Windows\system32\DRIVERS\SynTP.sys
20:28:33.0264 2724	SynTP - ok
20:28:33.0358 2724	SysPlant        (c8f9eb4ac42740d036b0b9f0809b335b) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
20:28:33.0358 2724	SysPlant - ok
20:28:33.0716 2724	tbhsd           (d7f411c5af992bb44e86083a6aa7b045) C:\Windows\system32\drivers\tbhsd.sys
20:28:33.0716 2724	tbhsd - ok
20:28:33.0904 2724	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:28:33.0935 2724	Tcpip - ok
20:28:34.0512 2724	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:28:34.0543 2724	TCPIP6 - ok
20:28:34.0824 2724	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:28:34.0824 2724	tcpipreg - ok
20:28:34.0871 2724	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:28:34.0886 2724	TDPIPE - ok
20:28:34.0949 2724	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:28:34.0964 2724	TDTCP - ok
20:28:35.0167 2724	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:28:35.0183 2724	tdx - ok
20:28:35.0370 2724	Teefer3         (8f9bf086fed2c7c076a7a4b8e8a24fe9) C:\Windows\system32\DRIVERS\Teefer3.sys
20:28:35.0370 2724	Teefer3 - ok
20:28:35.0432 2724	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
20:28:35.0448 2724	TermDD - ok
20:28:35.0682 2724	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:28:35.0713 2724	tssecsrv - ok
20:28:35.0791 2724	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:28:35.0791 2724	TsUsbFlt - ok
20:28:35.0838 2724	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
20:28:35.0854 2724	TsUsbGD - ok
20:28:36.0103 2724	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:28:36.0134 2724	tunnel - ok
20:28:36.0212 2724	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:28:36.0212 2724	uagp35 - ok
20:28:36.0400 2724	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:28:36.0478 2724	udfs - ok
20:28:36.0680 2724	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:28:36.0712 2724	uliagpkx - ok
20:28:36.0774 2724	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
20:28:36.0774 2724	umbus - ok
20:28:36.0961 2724	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
20:28:36.0977 2724	UmPass - ok
20:28:37.0055 2724	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
20:28:37.0070 2724	usbccgp - ok
20:28:37.0117 2724	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:28:37.0164 2724	usbcir - ok
20:28:37.0351 2724	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:28:37.0367 2724	usbehci - ok
20:28:37.0460 2724	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:28:37.0492 2724	usbhub - ok
20:28:37.0679 2724	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:28:37.0710 2724	usbohci - ok
20:28:37.0804 2724	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
20:28:37.0835 2724	usbprint - ok
20:28:38.0116 2724	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:28:38.0131 2724	USBSTOR - ok
20:28:38.0209 2724	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:28:38.0225 2724	usbuhci - ok
20:28:38.0459 2724	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:28:38.0459 2724	vdrvroot - ok
20:28:38.0646 2724	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:28:38.0693 2724	vga - ok
20:28:38.0958 2724	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:28:38.0974 2724	VgaSave - ok
20:28:39.0114 2724	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:28:39.0145 2724	vhdmp - ok
20:28:39.0254 2724	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:28:39.0286 2724	viaagp - ok
20:28:39.0379 2724	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
20:28:39.0395 2724	ViaC7 - ok
20:28:39.0442 2724	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:28:39.0442 2724	viaide - ok
20:28:39.0535 2724	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:28:39.0566 2724	vmbus - ok
20:28:39.0878 2724	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:28:39.0910 2724	VMBusHID - ok
20:28:40.0081 2724	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:28:40.0081 2724	volmgr - ok
20:28:40.0128 2724	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:28:40.0128 2724	volmgrx - ok
20:28:40.0190 2724	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:28:40.0190 2724	volsnap - ok
20:28:40.0378 2724	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
20:28:40.0424 2724	vsmraid - ok
20:28:40.0502 2724	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:28:40.0502 2724	vwifibus - ok
20:28:40.0643 2724	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:28:40.0658 2724	vwififlt - ok
20:28:40.0705 2724	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:28:40.0721 2724	vwifimp - ok
20:28:40.0830 2724	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
20:28:40.0861 2724	WacomPen - ok
20:28:41.0111 2724	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:28:41.0111 2724	WANARP - ok
20:28:41.0126 2724	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:28:41.0142 2724	Wanarpv6 - ok
20:28:41.0423 2724	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
20:28:41.0423 2724	Wd - ok
20:28:41.0548 2724	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:28:41.0579 2724	Wdf01000 - ok
20:28:41.0782 2724	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:28:41.0782 2724	WfpLwf - ok
20:28:41.0953 2724	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:28:41.0953 2724	WIMMount - ok
20:28:42.0156 2724	winachsf        (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:28:42.0172 2724	winachsf - ok
20:28:42.0468 2724	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:28:42.0499 2724	WmiAcpi - ok
20:28:42.0796 2724	WPS             (d81ef0d8716500a573cd82185ef3e42d) C:\Windows\system32\drivers\wpsdrvnt.sys
20:28:42.0796 2724	WPS - ok
20:28:42.0967 2724	WpsHelper       (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
20:28:42.0983 2724	WpsHelper - ok
20:28:43.0154 2724	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:28:43.0186 2724	ws2ifsl - ok
20:28:43.0264 2724	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:28:43.0264 2724	WudfPf - ok
20:28:43.0451 2724	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:43.0498 2724	WUDFRd - ok
20:28:43.0747 2724	XAudio          (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
20:28:43.0747 2724	XAudio - ok
20:28:43.0825 2724	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:28:43.0903 2724	\Device\Harddisk0\DR0 - ok
20:28:43.0919 2724	Boot (0x1200)   (7707412298f1037fa6ab5d0f062019db) \Device\Harddisk0\DR0\Partition0
20:28:43.0919 2724	\Device\Harddisk0\DR0\Partition0 - ok
20:28:43.0950 2724	Boot (0x1200)   (da1a1ca608acadf675a636119c2df81a) \Device\Harddisk0\DR0\Partition1
20:28:43.0950 2724	\Device\Harddisk0\DR0\Partition1 - ok
20:28:43.0966 2724	============================================================
20:28:43.0966 2724	Scan finished
20:28:43.0966 2724	============================================================
20:28:44.0012 2144	Detected object count: 0
20:28:44.0012 2144	Actual detected object count: 0
20:31:14.0475 2240	============================================================
20:31:14.0475 2240	Scan started
20:31:14.0475 2240	Mode: Manual; SigCheck; TDLFS; 
20:31:14.0475 2240	============================================================
20:31:15.0379 2240	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:31:15.0691 2240	1394ohci - ok
20:31:15.0972 2240	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:31:16.0035 2240	ACPI - ok
20:31:16.0300 2240	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:31:16.0503 2240	AcpiPmi - ok
20:31:16.0799 2240	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
20:31:16.0861 2240	adp94xx - ok
20:31:17.0142 2240	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
20:31:17.0205 2240	adpahci - ok
20:31:17.0423 2240	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
20:31:17.0454 2240	adpu320 - ok
20:31:17.0641 2240	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:31:17.0797 2240	AFD - ok
20:31:18.0094 2240	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
20:31:18.0125 2240	aic78xx - ok
20:31:18.0343 2240	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:31:18.0375 2240	aliide - ok
20:31:18.0406 2240	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:31:18.0453 2240	amdagp - ok
20:31:18.0718 2240	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:31:18.0749 2240	amdide - ok
20:31:18.0858 2240	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
20:31:18.0921 2240	AmdK8 - ok
20:31:19.0139 2240	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
20:31:19.0217 2240	AmdPPM - ok
20:31:19.0467 2240	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:31:19.0498 2240	amdsata - ok
20:31:19.0669 2240	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
20:31:19.0716 2240	amdsbs - ok
20:31:19.0810 2240	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:31:19.0841 2240	amdxata - ok
20:31:19.0997 2240	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:31:20.0278 2240	AppID - ok
20:31:20.0590 2240	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
20:31:20.0637 2240	arc - ok
20:31:20.0746 2240	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
20:31:20.0793 2240	arcsas - ok
20:31:20.0902 2240	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:21.0198 2240	AsyncMac - ok
20:31:21.0479 2240	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:31:21.0510 2240	atapi - ok
20:31:21.0760 2240	athr            (7d0a662d7b116169854b4ec941a7822d) C:\Windows\system32\DRIVERS\athr.sys
20:31:21.0869 2240	athr - ok
20:31:22.0150 2240	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
20:31:22.0243 2240	b06bdrv - ok
20:31:22.0446 2240	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:31:22.0509 2240	b57nd60x - ok
20:31:22.0680 2240	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:31:22.0805 2240	Beep - ok
20:31:23.0008 2240	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:23.0070 2240	blbdrive - ok
20:31:23.0289 2240	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:31:23.0351 2240	bowser - ok
20:31:23.0647 2240	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
20:31:23.0725 2240	BrFiltLo - ok
20:31:23.0944 2240	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
20:31:24.0022 2240	BrFiltUp - ok
20:31:24.0240 2240	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:31:24.0334 2240	Brserid - ok
20:31:24.0521 2240	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:24.0599 2240	BrSerWdm - ok
20:31:24.0833 2240	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:24.0911 2240	BrUsbMdm - ok
20:31:25.0083 2240	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:25.0145 2240	BrUsbSer - ok
20:31:25.0410 2240	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
20:31:25.0473 2240	BTHMODEM - ok
20:31:25.0785 2240	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:31:25.0894 2240	cdfs - ok
20:31:26.0065 2240	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:31:26.0143 2240	cdrom - ok
20:31:26.0253 2240	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
20:31:26.0331 2240	circlass - ok
20:31:26.0549 2240	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:31:26.0596 2240	CLFS - ok
20:31:26.0767 2240	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:26.0830 2240	CmBatt - ok
20:31:27.0001 2240	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:31:27.0033 2240	cmdide - ok
20:31:27.0111 2240	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:31:27.0251 2240	CNG - ok
20:31:27.0423 2240	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:31:27.0454 2240	Compbatt - ok
20:31:27.0501 2240	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:31:27.0579 2240	CompositeBus - ok
20:31:27.0875 2240	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
20:31:27.0922 2240	crcdisk - ok
20:31:28.0171 2240	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:31:28.0234 2240	CSC - ok
20:31:28.0530 2240	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:31:28.0639 2240	DfsC - ok
20:31:28.0905 2240	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:31:28.0998 2240	discache - ok
20:31:29.0185 2240	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
20:31:29.0217 2240	Disk - ok
20:31:29.0326 2240	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
20:31:29.0388 2240	dmvsc - ok
20:31:29.0451 2240	dokanDrv        (4afb34bc24614e1db4ad2365efdcbbee) C:\Windows\dokan.sys
20:31:29.0482 2240	dokanDrv - ok
20:31:29.0747 2240	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:31:29.0825 2240	drmkaud - ok
20:31:30.0199 2240	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:31:30.0262 2240	DXGKrnl - ok
20:31:30.0933 2240	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
20:31:31.0104 2240	ebdrv - ok
20:31:31.0245 2240	eeCtrl          (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:31:31.0307 2240	eeCtrl - ok
20:31:31.0557 2240	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
20:31:31.0603 2240	elxstor - ok
20:31:31.0791 2240	EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:31:31.0822 2240	EraserUtilRebootDrv - ok
20:31:32.0071 2240	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:31:32.0134 2240	ErrDev - ok
20:31:32.0337 2240	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:31:32.0446 2240	exfat - ok
20:31:32.0742 2240	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:31:32.0851 2240	fastfat - ok
20:31:33.0117 2240	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
20:31:33.0163 2240	fdc - ok
20:31:33.0413 2240	FETNDIS         (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
20:31:33.0460 2240	FETNDIS - ok
20:31:33.0522 2240	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:31:33.0569 2240	FileInfo - ok
20:31:33.0834 2240	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:31:33.0943 2240	Filetrace - ok
20:31:34.0162 2240	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
20:31:34.0224 2240	flpydisk - ok
20:31:34.0505 2240	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:31:34.0552 2240	FltMgr - ok
20:31:34.0833 2240	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:31:34.0864 2240	FsDepends - ok
20:31:34.0942 2240	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:31:34.0973 2240	Fs_Rec - ok
20:31:35.0223 2240	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:31:35.0285 2240	fvevol - ok
20:31:35.0519 2240	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
20:31:35.0550 2240	gagp30kx - ok
20:31:35.0722 2240	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:31:35.0831 2240	hcw85cir - ok
20:31:36.0065 2240	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:31:36.0127 2240	HdAudAddService - ok
20:31:36.0330 2240	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:36.0408 2240	HDAudBus - ok
20:31:36.0595 2240	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
20:31:36.0658 2240	HidBatt - ok
20:31:36.0907 2240	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
20:31:36.0970 2240	HidBth - ok
20:31:37.0173 2240	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
20:31:37.0235 2240	HidIr - ok
20:31:37.0375 2240	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
20:31:37.0438 2240	HidUsb - ok
20:31:37.0531 2240	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:31:37.0578 2240	HpSAMD - ok
20:31:37.0953 2240	HSF_DPV         (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:31:38.0046 2240	HSF_DPV - ok
20:31:38.0218 2240	HSXHWAZL        (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:31:38.0280 2240	HSXHWAZL - ok
20:31:38.0452 2240	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:31:38.0577 2240	HTTP - ok
20:31:38.0686 2240	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:31:38.0717 2240	hwpolicy - ok
20:31:38.0764 2240	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:38.0811 2240	i8042prt - ok
20:31:38.0967 2240	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:31:38.0998 2240	iaStorV - ok
20:31:39.0201 2240	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
20:31:39.0216 2240	iirsp - ok
20:31:39.0341 2240	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:31:39.0388 2240	intelide - ok
20:31:39.0606 2240	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:31:39.0653 2240	intelppm - ok
20:31:39.0793 2240	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:39.0903 2240	IpFilterDriver - ok
20:31:40.0027 2240	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:31:40.0090 2240	IPMIDRV - ok
20:31:40.0277 2240	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:31:40.0402 2240	IPNAT - ok
20:31:40.0605 2240	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:31:40.0683 2240	IRENUM - ok
20:31:40.0776 2240	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:31:40.0807 2240	isapnp - ok
20:31:40.0995 2240	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:31:41.0041 2240	iScsiPrt - ok
20:31:41.0260 2240	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:41.0307 2240	kbdclass - ok
20:31:41.0447 2240	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:31:41.0494 2240	kbdhid - ok
20:31:41.0650 2240	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:31:41.0681 2240	KSecDD - ok
20:31:41.0931 2240	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:31:41.0977 2240	KSecPkg - ok
20:31:42.0211 2240	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:31:42.0336 2240	lltdio - ok
20:31:42.0617 2240	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
20:31:42.0648 2240	LSI_FC - ok
20:31:42.0820 2240	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
20:31:42.0867 2240	LSI_SAS - ok
20:31:42.0960 2240	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
20:31:43.0007 2240	LSI_SAS2 - ok
20:31:43.0194 2240	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
20:31:43.0241 2240	LSI_SCSI - ok
20:31:43.0319 2240	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:31:43.0428 2240	luafv - ok
20:31:43.0678 2240	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:31:43.0709 2240	mdmxsdk - ok
20:31:43.0818 2240	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
20:31:43.0865 2240	megasas - ok
20:31:43.0959 2240	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
20:31:44.0005 2240	MegaSR - ok
20:31:44.0115 2240	MEMSWEEP2 - ok
20:31:44.0224 2240	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:31:44.0349 2240	Modem - ok
20:31:44.0614 2240	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:31:44.0692 2240	monitor - ok
20:31:44.0848 2240	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:31:44.0895 2240	mouclass - ok
20:31:44.0941 2240	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:31:45.0019 2240	mouhid - ok
20:31:45.0253 2240	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:31:45.0285 2240	mountmgr - ok
20:31:45.0534 2240	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:31:45.0581 2240	mpio - ok
20:31:45.0768 2240	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:31:45.0862 2240	mpsdrv - ok
20:31:46.0002 2240	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:31:46.0096 2240	MRxDAV - ok
20:31:46.0205 2240	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:46.0314 2240	mrxsmb - ok
20:31:46.0517 2240	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:46.0611 2240	mrxsmb10 - ok
20:31:46.0891 2240	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:46.0954 2240	mrxsmb20 - ok
20:31:47.0235 2240	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:31:47.0266 2240	msahci - ok
20:31:47.0515 2240	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:31:47.0562 2240	msdsm - ok
20:31:47.0827 2240	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:31:47.0952 2240	Msfs - ok
20:31:48.0171 2240	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:31:48.0280 2240	mshidkmdf - ok
20:31:48.0436 2240	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:31:48.0467 2240	msisadrv - ok
20:31:48.0670 2240	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:31:48.0763 2240	MSKSSRV - ok
20:31:48.0982 2240	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:49.0091 2240	MSPCLOCK - ok
20:31:49.0309 2240	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:31:49.0403 2240	MSPQM - ok
20:31:49.0621 2240	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:31:49.0668 2240	MsRPC - ok
20:31:49.0933 2240	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:49.0965 2240	mssmbios - ok
20:31:50.0089 2240	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:31:50.0199 2240	MSTEE - ok
20:31:50.0323 2240	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
20:31:50.0386 2240	MTConfig - ok
20:31:50.0557 2240	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:31:50.0589 2240	Mup - ok
20:31:50.0682 2240	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:31:50.0760 2240	NativeWifiP - ok
20:31:51.0010 2240	NAVENG          (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120130.002\NAVENG.SYS
20:31:51.0025 2240	NAVENG - ok
20:31:51.0166 2240	NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120130.002\NAVEX15.SYS
20:31:51.0275 2240	NAVEX15 - ok
20:31:51.0509 2240	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:31:51.0571 2240	NDIS - ok
20:31:51.0774 2240	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:51.0915 2240	NdisCap - ok
20:31:52.0149 2240	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:52.0242 2240	NdisTapi - ok
20:31:52.0414 2240	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:52.0507 2240	Ndisuio - ok
20:31:52.0741 2240	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:52.0835 2240	NdisWan - ok
20:31:53.0038 2240	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:31:53.0131 2240	NDProxy - ok
20:31:53.0365 2240	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:31:53.0459 2240	NetBIOS - ok
20:31:53.0677 2240	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:31:53.0802 2240	NetBT - ok
20:31:53.0974 2240	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
20:31:54.0021 2240	nfrd960 - ok
20:31:54.0145 2240	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:31:54.0286 2240	Npfs - ok
20:31:54.0504 2240	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:31:54.0660 2240	nsiproxy - ok
20:31:55.0019 2240	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:31:55.0128 2240	Ntfs - ok
20:31:55.0300 2240	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:31:55.0409 2240	Null - ok
20:31:55.0596 2240	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:31:55.0643 2240	nvraid - ok
20:31:55.0705 2240	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:31:55.0752 2240	nvstor - ok
20:31:55.0986 2240	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:31:56.0033 2240	nv_agp - ok
20:31:56.0220 2240	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:31:56.0283 2240	ohci1394 - ok
20:31:56.0501 2240	oodisr          (0b7e71ecafb471a645b8892bedade9ca) C:\Windows\system32\DRIVERS\oodisr.sys
20:31:56.0548 2240	oodisr - ok
20:31:56.0719 2240	oodisrh         (fb18baa9bec9be662b26e2a95ec0238b) C:\Windows\system32\DRIVERS\oodisrh.sys
20:31:56.0751 2240	oodisrh - ok
20:31:56.0891 2240	oodivd          (b7d5a0e1aec8c03073d7d9a4ec2dd3ec) C:\Windows\system32\DRIVERS\oodivd.sys
20:31:56.0938 2240	oodivd - ok
20:31:57.0234 2240	oodivdh         (51d816c09b9468a6b35526bb3d6a0676) C:\Windows\system32\DRIVERS\oodivdh.sys
20:31:57.0265 2240	oodivdh - ok
20:31:57.0453 2240	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
20:31:57.0499 2240	Parport - ok
20:31:57.0624 2240	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:31:57.0655 2240	partmgr - ok
20:31:57.0843 2240	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
20:31:57.0905 2240	Parvdm - ok
20:31:58.0123 2240	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:31:58.0170 2240	pci - ok
20:31:58.0217 2240	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:31:58.0248 2240	pciide - ok
20:31:58.0529 2240	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
20:31:58.0576 2240	pcmcia - ok
20:31:58.0794 2240	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:31:58.0825 2240	pcw - ok
20:31:58.0981 2240	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:31:59.0137 2240	PEAUTH - ok
20:31:59.0465 2240	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:31:59.0590 2240	PptpMiniport - ok
20:31:59.0839 2240	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
20:31:59.0902 2240	Processor - ok
20:32:00.0120 2240	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:32:00.0229 2240	Psched - ok
20:32:00.0510 2240	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
20:32:00.0619 2240	ql2300 - ok
20:32:00.0853 2240	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
20:32:00.0900 2240	ql40xx - ok
20:32:00.0963 2240	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:32:01.0009 2240	QWAVEdrv - ok
20:32:01.0165 2240	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:32:01.0275 2240	RasAcd - ok
20:32:01.0555 2240	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:32:01.0649 2240	RasAgileVpn - ok
20:32:01.0852 2240	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:32:01.0977 2240	Rasl2tp - ok
20:32:02.0211 2240	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:32:02.0320 2240	RasPppoe - ok
20:32:02.0632 2240	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:32:02.0741 2240	RasSstp - ok
20:32:03.0115 2240	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:32:03.0209 2240	rdbss - ok
20:32:03.0537 2240	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:32:03.0583 2240	rdpbus - ok
20:32:03.0771 2240	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:32:03.0880 2240	RDPCDD - ok
20:32:04.0129 2240	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:32:04.0176 2240	RDPDR - ok
20:32:04.0363 2240	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:32:04.0488 2240	RDPENCDD - ok
20:32:04.0675 2240	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:32:04.0769 2240	RDPREFMP - ok
20:32:05.0050 2240	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:32:05.0175 2240	RDPWD - ok
20:32:05.0393 2240	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:32:05.0440 2240	rdyboost - ok
20:32:05.0752 2240	RRNetCap        (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
20:32:05.0767 2240	RRNetCap - ok
20:32:05.0814 2240	RRNetCapMP      (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
20:32:05.0830 2240	RRNetCapMP - ok
20:32:05.0939 2240	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:32:06.0033 2240	rspndr - ok
20:32:06.0220 2240	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:32:06.0267 2240	s3cap - ok
20:32:06.0516 2240	S3GIGP          (50d474d87e97e17557d311240e4bc233) C:\Windows\system32\DRIVERS\VTGKModeDX32.sys
20:32:06.0657 2240	S3GIGP - ok
20:32:07.0015 2240	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:32:07.0047 2240	sbp2port - ok
20:32:07.0265 2240	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:32:07.0359 2240	scfilter - ok
20:32:07.0530 2240	SCR3XX2K        (624795df1993b955b0c0a03a4612f2ec) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
20:32:07.0577 2240	SCR3XX2K - ok
20:32:07.0717 2240	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:32:07.0842 2240	secdrv - ok
20:32:08.0107 2240	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
20:32:08.0154 2240	Serenum - ok
20:32:08.0310 2240	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
20:32:08.0373 2240	Serial - ok
20:32:08.0435 2240	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
20:32:08.0513 2240	sermouse - ok
20:32:08.0731 2240	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:32:08.0809 2240	sffdisk - ok
20:32:09.0075 2240	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:32:09.0137 2240	sffp_mmc - ok
20:32:09.0371 2240	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:32:09.0433 2240	sffp_sd - ok
20:32:09.0574 2240	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
20:32:09.0636 2240	sfloppy - ok
20:32:09.0855 2240	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
20:32:09.0901 2240	SiSRaid2 - ok
20:32:10.0026 2240	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
20:32:10.0057 2240	SiSRaid4 - ok
20:32:10.0167 2240	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:32:10.0260 2240	Smb - ok
20:32:10.0572 2240	SPBBCDrv        (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:32:10.0619 2240	SPBBCDrv - ok
20:32:10.0822 2240	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:32:10.0853 2240	spldr - ok
20:32:11.0165 2240	SRTSP           (620bbcc5c4c4407447866793c36e1215) C:\Windows\system32\Drivers\SRTSP.SYS
20:32:11.0196 2240	SRTSP - ok
20:32:11.0430 2240	SRTSPL          (995e15de499ca58445e39a2fba7d170e) C:\Windows\system32\Drivers\SRTSPL.SYS
20:32:11.0477 2240	SRTSPL - ok
20:32:11.0524 2240	SRTSPX          (1b63f794f283b974a79084514df206a0) C:\Windows\system32\Drivers\SRTSPX.SYS
20:32:11.0555 2240	SRTSPX - ok
20:32:11.0773 2240	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:32:11.0836 2240	srv - ok
20:32:12.0023 2240	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:32:12.0085 2240	srv2 - ok
20:32:12.0382 2240	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:32:12.0444 2240	SrvHsfHDA - ok
20:32:12.0834 2240	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:32:12.0928 2240	SrvHsfV92 - ok
20:32:13.0193 2240	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:32:13.0271 2240	SrvHsfWinac - ok
20:32:13.0536 2240	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:32:13.0599 2240	srvnet - ok
20:32:13.0801 2240	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
20:32:13.0848 2240	stexstor - ok
20:32:13.0973 2240	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:32:14.0004 2240	storflt - ok
20:32:14.0238 2240	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:32:14.0269 2240	storvsc - ok
20:32:14.0347 2240	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:32:14.0379 2240	swenum - ok
20:32:14.0644 2240	SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:32:14.0675 2240	SymEvent - ok
20:32:14.0769 2240	SYMREDRV        (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
20:32:14.0800 2240	SYMREDRV - ok
20:32:14.0940 2240	SYMTDI          (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
20:32:14.0971 2240	SYMTDI - ok
20:32:15.0159 2240	SynTP           (03b76b4c38c6a0fce763ff272e94490d) C:\Windows\system32\DRIVERS\SynTP.sys
20:32:15.0205 2240	SynTP - ok
20:32:15.0439 2240	SysPlant        (c8f9eb4ac42740d036b0b9f0809b335b) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
20:32:15.0471 2240	SysPlant - ok
20:32:15.0580 2240	tbhsd           (d7f411c5af992bb44e86083a6aa7b045) C:\Windows\system32\drivers\tbhsd.sys
20:32:15.0595 2240	tbhsd - ok
20:32:15.0861 2240	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:32:15.0954 2240	Tcpip - ok
20:32:16.0407 2240	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:32:16.0500 2240	TCPIP6 - ok
20:32:16.0812 2240	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:32:16.0921 2240	tcpipreg - ok
20:32:17.0077 2240	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:32:17.0187 2240	TDPIPE - ok
20:32:17.0343 2240	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:32:17.0452 2240	TDTCP - ok
20:32:17.0748 2240	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:32:17.0842 2240	tdx - ok
20:32:18.0060 2240	Teefer3         (8f9bf086fed2c7c076a7a4b8e8a24fe9) C:\Windows\system32\DRIVERS\Teefer3.sys
20:32:18.0091 2240	Teefer3 - ok
20:32:18.0216 2240	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
20:32:18.0247 2240	TermDD - ok
20:32:18.0591 2240	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:32:18.0700 2240	tssecsrv - ok
20:32:18.0918 2240	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:32:18.0981 2240	TsUsbFlt - ok
20:32:19.0152 2240	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
20:32:19.0230 2240	TsUsbGD - ok
20:32:19.0417 2240	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:32:19.0511 2240	tunnel - ok
20:32:19.0761 2240	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:32:19.0807 2240	uagp35 - ok
20:32:19.0839 2240	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:32:19.0963 2240	udfs - ok
20:32:20.0291 2240	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:32:20.0322 2240	uliagpkx - ok
20:32:20.0510 2240	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
20:32:20.0572 2240	umbus - ok
20:32:20.0775 2240	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
20:32:20.0822 2240	UmPass - ok
20:32:21.0118 2240	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
20:32:21.0165 2240	usbccgp - ok
20:32:21.0446 2240	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:32:21.0492 2240	usbcir - ok
20:32:21.0680 2240	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:32:21.0742 2240	usbehci - ok
20:32:21.0836 2240	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:32:21.0898 2240	usbhub - ok
20:32:22.0054 2240	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:32:22.0101 2240	usbohci - ok
20:32:22.0210 2240	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
20:32:22.0272 2240	usbprint - ok
20:32:22.0506 2240	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:32:22.0553 2240	USBSTOR - ok
20:32:22.0662 2240	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:32:22.0709 2240	usbuhci - ok
20:32:22.0850 2240	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:32:22.0896 2240	vdrvroot - ok
20:32:23.0099 2240	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:32:23.0177 2240	vga - ok
20:32:23.0224 2240	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:32:23.0349 2240	VgaSave - ok
20:32:23.0536 2240	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:32:23.0583 2240	vhdmp - ok
20:32:23.0692 2240	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:32:23.0723 2240	viaagp - ok
20:32:23.0848 2240	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
20:32:23.0910 2240	ViaC7 - ok
20:32:24.0020 2240	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:32:24.0051 2240	viaide - ok
20:32:24.0176 2240	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:32:24.0238 2240	vmbus - ok
20:32:24.0363 2240	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:32:24.0410 2240	VMBusHID - ok
20:32:24.0737 2240	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:32:24.0784 2240	volmgr - ok
20:32:25.0018 2240	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:32:25.0065 2240	volmgrx - ok
20:32:25.0190 2240	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:32:25.0236 2240	volsnap - ok
20:32:25.0439 2240	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
20:32:25.0486 2240	vsmraid - ok
20:32:25.0580 2240	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:32:25.0658 2240	vwifibus - ok
20:32:25.0938 2240	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:32:26.0016 2240	vwififlt - ok
20:32:26.0204 2240	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:32:26.0266 2240	vwifimp - ok
20:32:26.0516 2240	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
20:32:26.0594 2240	WacomPen - ok
20:32:26.0796 2240	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:26.0906 2240	WANARP - ok
20:32:26.0952 2240	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:27.0030 2240	Wanarpv6 - ok
20:32:27.0233 2240	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
20:32:27.0264 2240	Wd - ok
20:32:27.0389 2240	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:32:27.0452 2240	Wdf01000 - ok
20:32:27.0779 2240	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:32:27.0873 2240	WfpLwf - ok
20:32:28.0107 2240	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:32:28.0138 2240	WIMMount - ok
20:32:28.0434 2240	winachsf        (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:32:28.0528 2240	winachsf - ok
20:32:28.0809 2240	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:32:28.0871 2240	WmiAcpi - ok
20:32:29.0090 2240	WPS             (d81ef0d8716500a573cd82185ef3e42d) C:\Windows\system32\drivers\wpsdrvnt.sys
20:32:29.0121 2240	WPS - ok
20:32:29.0246 2240	WpsHelper       (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
20:32:29.0277 2240	WpsHelper - ok
20:32:29.0511 2240	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:32:29.0636 2240	ws2ifsl - ok
20:32:29.0901 2240	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:32:30.0010 2240	WudfPf - ok
20:32:30.0275 2240	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:32:30.0369 2240	WUDFRd - ok
20:32:30.0603 2240	XAudio          (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
20:32:30.0650 2240	XAudio - ok
20:32:30.0743 2240	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:32:31.0024 2240	\Device\Harddisk0\DR0 - ok
20:32:31.0055 2240	Boot (0x1200)   (7707412298f1037fa6ab5d0f062019db) \Device\Harddisk0\DR0\Partition0
20:32:31.0055 2240	\Device\Harddisk0\DR0\Partition0 - ok
20:32:31.0071 2240	Boot (0x1200)   (da1a1ca608acadf675a636119c2df81a) \Device\Harddisk0\DR0\Partition1
20:32:31.0071 2240	\Device\Harddisk0\DR0\Partition1 - ok
20:32:31.0071 2240	============================================================
20:32:31.0071 2240	Scan finished
20:32:31.0071 2240	============================================================
20:32:31.0118 3496	Detected object count: 0
20:32:31.0118 3496	Actual detected object count: 0

Sieht wohl gut aus?

MfG
MaxMoritz

MaxMoritz6 · 31.01.2012, 19:20

Kommando zurück!

Ich habe gerade einen Neustart durchgeführt:

Alle Einträge in den Autostart-Positionen wieder da. Auch der Explorer als Shell wird wieder geöffnet.

Das ist ja wieder ein Tiefschlag!

MaxMoritz

Ich habe eigentlich die Viren/Trojaner entfernt mit der Rescuedisk von Kaspersky v10, aber...

Log-Analyse und Auswertung: Ich habe eigentlich die Viren/Trojaner entfernt mit der Rescuedisk von Kaspersky v10, aber...