CPU Auslastung 100% Firefox- und anschließender Systemabsturz. Vermutung: sychost.exe-Virus

cosinus · 21.02.2012, 18:55

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2011.03.28 13:10:17 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012.02.14 18:38:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.23 16:01:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.31 14:49:50 | 000,000,931 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lheuqom4.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
:Files
C:\Users\Verena\AppData\Roaming\50??
C:\Users\Verena\AppData\Roaming\xmldm
C:\Users\Verena\AppData\Roaming\kock
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

vivastern · 21.02.2012, 21:30

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\modules folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\META-INF folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\defaults\preferences folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\defaults folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\chrome folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lheuqom4.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
========== FILES ==========
C:\Users\Verena\AppData\Roaming\5043\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5043 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5044\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5044 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5045\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5045 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5047\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5047 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5048\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5048 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5049\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5049 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5050\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5050 folder moved successfully.
C:\Users\Verena\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Verena\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Verena
->Temp folder emptied: 17747200100 bytes
->Temporary Internet Files folder emptied: 87600151 bytes
->Java cache emptied: 11388679 bytes
->FireFox cache emptied: 58849563 bytes
->Google Chrome cache emptied: 110837984 bytes
->Flash cache emptied: 4990 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 866188903 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84962 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 232695720 bytes

Total Files Cleaned = 18.229,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.1 log created on 02212012_211728

Files\Folders moved on Reboot...
C:\Users\Verena\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Sind wir nun wieder komplett gesund ?

cosinus · 21.02.2012, 21:40

Zitat:

(Kaspersky Lab ZAO) -- C:\Users\Verena\Desktop\tdsskiller.exe

Was bitte hast du schon mit dem TDSS-Killer angestellt?! Log dazu?!

vivastern · 21.02.2012, 21:45

Oh ja... das war ein erster Versuch nach Selbstrecherche....

Code:

ATTFilter

21:44:10.0985 3996	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
21:44:30.0844 3996	============================================================
21:44:30.0844 3996	Current date / time: 2012/02/21 21:44:30.0844
21:44:30.0844 3996	SystemInfo:
21:44:30.0844 3996	
21:44:30.0844 3996	OS Version: 6.1.7601 ServicePack: 1.0
21:44:30.0844 3996	Product type: Workstation
21:44:30.0844 3996	ComputerName: VERENAS-PC
21:44:30.0844 3996	UserName: Verena
21:44:30.0844 3996	Windows directory: C:\Windows
21:44:30.0844 3996	System windows directory: C:\Windows
21:44:30.0844 3996	Running under WOW64
21:44:30.0844 3996	Processor architecture: Intel x64
21:44:30.0844 3996	Number of processors: 4
21:44:30.0844 3996	Page size: 0x1000
21:44:30.0844 3996	Boot type: Normal boot
21:44:30.0844 3996	============================================================
21:44:31.0499 3996	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:44:31.0499 3996	\Device\Harddisk0\DR0:
21:44:31.0499 3996	MBR used
21:44:31.0499 3996	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:44:31.0499 3996	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3891F800
21:44:31.0499 3996	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38983800, BlocksNum 0x19CE800
21:44:31.0499 3996	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:44:31.0577 3996	Initialize success
21:44:31.0577 3996	============================================================

cosinus · 21.02.2012, 21:54

Das war wohl ein Satz mit X!

Bitte richtig machen: Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

vivastern · 21.02.2012, 22:14

Code:

ATTFilter

22:03:35.0423 4368	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
22:03:35.0633 4368	============================================================
22:03:35.0633 4368	Current date / time: 2012/02/21 22:03:35.0633
22:03:35.0633 4368	SystemInfo:
22:03:35.0633 4368	
22:03:35.0633 4368	OS Version: 6.1.7601 ServicePack: 1.0
22:03:35.0633 4368	Product type: Workstation
22:03:35.0633 4368	ComputerName: VERENAS-PC
22:03:35.0633 4368	UserName: Verena
22:03:35.0633 4368	Windows directory: C:\Windows
22:03:35.0633 4368	System windows directory: C:\Windows
22:03:35.0633 4368	Running under WOW64
22:03:35.0633 4368	Processor architecture: Intel x64
22:03:35.0633 4368	Number of processors: 4
22:03:35.0633 4368	Page size: 0x1000
22:03:35.0633 4368	Boot type: Normal boot
22:03:35.0633 4368	============================================================
22:03:36.0383 4368	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:36.0383 4368	\Device\Harddisk0\DR0:
22:03:36.0393 4368	MBR used
22:03:36.0393 4368	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:03:36.0393 4368	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3891F800
22:03:36.0393 4368	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38983800, BlocksNum 0x19CE800
22:03:36.0393 4368	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
22:03:36.0473 4368	Initialize success
22:03:36.0473 4368	============================================================
22:10:00.0503 3668	============================================================
22:10:00.0503 3668	Scan started
22:10:00.0503 3668	Mode: Manual; SigCheck; TDLFS; 
22:10:00.0503 3668	============================================================
22:10:00.0768 3668	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:10:00.0924 3668	1394ohci - ok
22:10:00.0955 3668	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:10:01.0018 3668	ACPI - ok
22:10:01.0033 3668	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:10:01.0111 3668	AcpiPmi - ok
22:10:01.0158 3668	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:10:01.0205 3668	adp94xx - ok
22:10:01.0298 3668	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:10:01.0345 3668	adpahci - ok
22:10:01.0376 3668	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:10:01.0423 3668	adpu320 - ok
22:10:01.0470 3668	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:10:01.0548 3668	AFD - ok
22:10:01.0626 3668	AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
22:10:01.0735 3668	AgereSoftModem - ok
22:10:01.0782 3668	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:10:01.0813 3668	agp440 - ok
22:10:01.0844 3668	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:10:01.0876 3668	aliide - ok
22:10:01.0938 3668	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:10:01.0985 3668	amdide - ok
22:10:02.0016 3668	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:10:02.0063 3668	AmdK8 - ok
22:10:02.0094 3668	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:10:02.0156 3668	AmdPPM - ok
22:10:02.0188 3668	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:10:02.0234 3668	amdsata - ok
22:10:02.0266 3668	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:10:02.0312 3668	amdsbs - ok
22:10:02.0359 3668	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:10:02.0390 3668	amdxata - ok
22:10:02.0437 3668	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:10:02.0562 3668	AppID - ok
22:10:02.0609 3668	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:10:02.0640 3668	arc - ok
22:10:02.0656 3668	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:10:02.0702 3668	arcsas - ok
22:10:02.0734 3668	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:10:02.0843 3668	AsyncMac - ok
22:10:02.0905 3668	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:10:02.0936 3668	atapi - ok
22:10:02.0999 3668	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
22:10:03.0108 3668	athr - ok
22:10:03.0186 3668	AtiHdmiService  (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
22:10:03.0280 3668	AtiHdmiService - ok
22:10:03.0436 3668	atikmdag        (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
22:10:03.0685 3668	atikmdag - ok
22:10:03.0779 3668	AVGIDSDriver    (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:10:03.0810 3668	AVGIDSDriver - ok
22:10:03.0841 3668	AVGIDSEH        (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:10:03.0872 3668	AVGIDSEH - ok
22:10:03.0888 3668	AVGIDSFilter    (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:10:03.0919 3668	AVGIDSFilter - ok
22:10:03.0950 3668	Avgldx64        (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:10:03.0997 3668	Avgldx64 - ok
22:10:04.0013 3668	Avgmfx64        (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:10:04.0044 3668	Avgmfx64 - ok
22:10:04.0075 3668	Avgrkx64        (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:10:04.0106 3668	Avgrkx64 - ok
22:10:04.0184 3668	Avgtdia         (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:10:04.0216 3668	Avgtdia - ok
22:10:04.0247 3668	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:10:04.0325 3668	b06bdrv - ok
22:10:04.0403 3668	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:10:04.0465 3668	b57nd60a - ok
22:10:04.0481 3668	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:10:04.0590 3668	Beep - ok
22:10:04.0621 3668	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:10:04.0668 3668	blbdrive - ok
22:10:04.0699 3668	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:10:04.0746 3668	bowser - ok
22:10:04.0777 3668	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:10:04.0824 3668	BrFiltLo - ok
22:10:04.0886 3668	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:10:04.0918 3668	BrFiltUp - ok
22:10:04.0949 3668	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:10:05.0011 3668	Brserid - ok
22:10:05.0042 3668	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:10:05.0089 3668	BrSerWdm - ok
22:10:05.0120 3668	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:10:05.0167 3668	BrUsbMdm - ok
22:10:05.0198 3668	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:10:05.0230 3668	BrUsbSer - ok
22:10:05.0292 3668	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:10:05.0339 3668	BTHMODEM - ok
22:10:05.0386 3668	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:10:05.0479 3668	cdfs - ok
22:10:05.0526 3668	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:10:05.0573 3668	cdrom - ok
22:10:05.0620 3668	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:10:05.0682 3668	circlass - ok
22:10:05.0744 3668	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:10:05.0776 3668	CLFS - ok
22:10:05.0822 3668	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:10:05.0869 3668	CmBatt - ok
22:10:05.0885 3668	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:10:05.0900 3668	cmdide - ok
22:10:05.0963 3668	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:10:06.0010 3668	CNG - ok
22:10:06.0072 3668	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:10:06.0103 3668	Compbatt - ok
22:10:06.0166 3668	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:10:06.0228 3668	CompositeBus - ok
22:10:06.0259 3668	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:10:06.0290 3668	crcdisk - ok
22:10:06.0337 3668	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:10:06.0446 3668	DfsC - ok
22:10:06.0462 3668	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:10:06.0556 3668	discache - ok
22:10:06.0602 3668	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:10:06.0618 3668	Disk - ok
22:10:06.0665 3668	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:10:06.0712 3668	drmkaud - ok
22:10:06.0758 3668	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:10:06.0821 3668	DXGKrnl - ok
22:10:06.0930 3668	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:10:07.0055 3668	ebdrv - ok
22:10:07.0133 3668	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:10:07.0164 3668	elxstor - ok
22:10:07.0195 3668	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:10:07.0242 3668	ErrDev - ok
22:10:07.0289 3668	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:10:07.0398 3668	exfat - ok
22:10:07.0445 3668	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:10:07.0554 3668	fastfat - ok
22:10:07.0585 3668	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:10:07.0632 3668	fdc - ok
22:10:07.0679 3668	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:10:07.0710 3668	FileInfo - ok
22:10:07.0726 3668	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:10:07.0835 3668	Filetrace - ok
22:10:07.0882 3668	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:10:07.0913 3668	flpydisk - ok
22:10:07.0960 3668	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:10:07.0991 3668	FltMgr - ok
22:10:08.0038 3668	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:10:08.0069 3668	FsDepends - ok
22:10:08.0084 3668	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:10:08.0116 3668	Fs_Rec - ok
22:10:08.0147 3668	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:10:08.0178 3668	fvevol - ok
22:10:08.0209 3668	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:10:08.0240 3668	gagp30kx - ok
22:10:08.0272 3668	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:10:08.0287 3668	GEARAspiWDM - ok
22:10:08.0318 3668	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:10:08.0381 3668	hcw85cir - ok
22:10:08.0443 3668	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:10:08.0490 3668	HdAudAddService - ok
22:10:08.0506 3668	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:10:08.0552 3668	HDAudBus - ok
22:10:08.0615 3668	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:10:08.0630 3668	HECIx64 - ok
22:10:08.0646 3668	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:10:08.0693 3668	HidBatt - ok
22:10:08.0724 3668	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:10:08.0771 3668	HidBth - ok
22:10:08.0802 3668	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:10:08.0849 3668	HidIr - ok
22:10:08.0880 3668	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:10:08.0927 3668	HidUsb - ok
22:10:08.0989 3668	HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:10:09.0020 3668	HpqKbFiltr - ok
22:10:09.0083 3668	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:10:09.0098 3668	HpSAMD - ok
22:10:09.0161 3668	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:10:09.0286 3668	HTTP - ok
22:10:09.0364 3668	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:10:09.0379 3668	hwpolicy - ok
22:10:09.0410 3668	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:10:09.0442 3668	i8042prt - ok
22:10:09.0488 3668	iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
22:10:09.0520 3668	iaStor - ok
22:10:09.0566 3668	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:10:09.0598 3668	iaStorV - ok
22:10:09.0754 3668	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:10:09.0972 3668	igfx - ok
22:10:10.0050 3668	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:10:10.0066 3668	iirsp - ok
22:10:10.0128 3668	IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
22:10:10.0237 3668	IntcAzAudAddService - ok
22:10:10.0284 3668	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:10:10.0300 3668	intelide - ok
22:10:10.0315 3668	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:10:10.0362 3668	intelppm - ok
22:10:10.0440 3668	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:10:10.0549 3668	IpFilterDriver - ok
22:10:10.0580 3668	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:10:10.0612 3668	IPMIDRV - ok
22:10:10.0643 3668	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:10:10.0752 3668	IPNAT - ok
22:10:10.0768 3668	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:10:10.0814 3668	IRENUM - ok
22:10:10.0877 3668	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:10:10.0892 3668	isapnp - ok
22:10:10.0939 3668	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:10:10.0970 3668	iScsiPrt - ok
22:10:10.0986 3668	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:10:11.0002 3668	kbdclass - ok
22:10:11.0033 3668	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:10:11.0048 3668	kbdhid - ok
22:10:11.0095 3668	kl1             (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
22:10:11.0126 3668	kl1 - ok
22:10:11.0158 3668	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:10:11.0189 3668	KSecDD - ok
22:10:11.0204 3668	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:10:11.0220 3668	KSecPkg - ok
22:10:11.0298 3668	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:10:11.0392 3668	ksthunk - ok
22:10:11.0423 3668	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:10:11.0516 3668	lltdio - ok
22:10:11.0563 3668	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:10:11.0594 3668	LSI_FC - ok
22:10:11.0641 3668	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:10:11.0657 3668	LSI_SAS - ok
22:10:11.0688 3668	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:10:11.0719 3668	LSI_SAS2 - ok
22:10:11.0750 3668	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:10:11.0766 3668	LSI_SCSI - ok
22:10:11.0828 3668	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:10:11.0938 3668	luafv - ok
22:10:11.0984 3668	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:10:12.0000 3668	megasas - ok
22:10:12.0031 3668	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:10:12.0062 3668	MegaSR - ok
22:10:12.0094 3668	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:10:12.0203 3668	Modem - ok
22:10:12.0234 3668	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:10:12.0281 3668	monitor - ok
22:10:12.0343 3668	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:10:12.0359 3668	mouclass - ok
22:10:12.0374 3668	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:10:12.0421 3668	mouhid - ok
22:10:12.0452 3668	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:10:12.0484 3668	mountmgr - ok
22:10:12.0530 3668	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:10:12.0562 3668	mpio - ok
22:10:12.0593 3668	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:10:12.0702 3668	mpsdrv - ok
22:10:12.0780 3668	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:10:12.0874 3668	MRxDAV - ok
22:10:12.0920 3668	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:10:12.0967 3668	mrxsmb - ok
22:10:13.0045 3668	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:10:13.0092 3668	mrxsmb10 - ok
22:10:13.0123 3668	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:10:13.0154 3668	mrxsmb20 - ok
22:10:13.0186 3668	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:10:13.0201 3668	msahci - ok
22:10:13.0248 3668	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:10:13.0279 3668	msdsm - ok
22:10:13.0326 3668	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:10:13.0420 3668	Msfs - ok
22:10:13.0435 3668	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:10:13.0529 3668	mshidkmdf - ok
22:10:13.0607 3668	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:10:13.0622 3668	msisadrv - ok
22:10:13.0654 3668	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:10:13.0747 3668	MSKSSRV - ok
22:10:13.0778 3668	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:10:13.0888 3668	MSPCLOCK - ok
22:10:13.0934 3668	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:10:14.0044 3668	MSPQM - ok
22:10:14.0075 3668	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:10:14.0122 3668	MsRPC - ok
22:10:14.0184 3668	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:10:14.0215 3668	mssmbios - ok
22:10:14.0231 3668	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:10:14.0324 3668	MSTEE - ok
22:10:14.0356 3668	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:10:14.0402 3668	MTConfig - ok
22:10:14.0449 3668	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:10:14.0465 3668	Mup - ok
22:10:14.0496 3668	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:10:14.0558 3668	NativeWifiP - ok
22:10:14.0652 3668	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:10:14.0714 3668	NDIS - ok
22:10:14.0730 3668	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:10:14.0824 3668	NdisCap - ok
22:10:14.0870 3668	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:10:14.0964 3668	NdisTapi - ok
22:10:14.0995 3668	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:10:15.0104 3668	Ndisuio - ok
22:10:15.0167 3668	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:10:15.0260 3668	NdisWan - ok
22:10:15.0323 3668	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:10:15.0416 3668	NDProxy - ok
22:10:15.0463 3668	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:10:15.0572 3668	NetBIOS - ok
22:10:15.0604 3668	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:10:15.0713 3668	NetBT - ok
22:10:15.0900 3668	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:10:16.0103 3668	netw5v64 - ok
22:10:16.0181 3668	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:10:16.0196 3668	nfrd960 - ok
22:10:16.0228 3668	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:10:16.0337 3668	Npfs - ok
22:10:16.0368 3668	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:10:16.0462 3668	nsiproxy - ok
22:10:16.0524 3668	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:10:16.0618 3668	Ntfs - ok
22:10:16.0680 3668	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:10:16.0789 3668	Null - ok
22:10:16.0836 3668	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:10:16.0867 3668	nvraid - ok
22:10:16.0883 3668	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:10:16.0898 3668	nvstor - ok
22:10:16.0930 3668	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:10:16.0945 3668	nv_agp - ok
22:10:16.0976 3668	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:10:17.0023 3668	ohci1394 - ok
22:10:17.0054 3668	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:10:17.0086 3668	Parport - ok
22:10:17.0148 3668	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:10:17.0179 3668	partmgr - ok
22:10:17.0226 3668	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:10:17.0257 3668	pci - ok
22:10:17.0273 3668	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:10:17.0288 3668	pciide - ok
22:10:17.0320 3668	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:10:17.0351 3668	pcmcia - ok
22:10:17.0382 3668	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:10:17.0398 3668	pcw - ok
22:10:17.0429 3668	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:10:17.0554 3668	PEAUTH - ok
22:10:17.0725 3668	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:10:17.0819 3668	PptpMiniport - ok
22:10:17.0866 3668	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:10:17.0897 3668	Processor - ok
22:10:17.0944 3668	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:10:18.0053 3668	Psched - ok
22:10:18.0146 3668	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:10:18.0224 3668	ql2300 - ok
22:10:18.0271 3668	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:10:18.0287 3668	ql40xx - ok
22:10:18.0334 3668	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:10:18.0380 3668	QWAVEdrv - ok
22:10:18.0427 3668	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:10:18.0521 3668	RasAcd - ok
22:10:18.0552 3668	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:10:18.0646 3668	RasAgileVpn - ok
22:10:18.0677 3668	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:10:18.0786 3668	Rasl2tp - ok
22:10:18.0833 3668	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:10:18.0926 3668	RasPppoe - ok
22:10:18.0942 3668	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:10:19.0036 3668	RasSstp - ok
22:10:19.0067 3668	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:10:19.0160 3668	rdbss - ok
22:10:19.0223 3668	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:10:19.0254 3668	rdpbus - ok
22:10:19.0285 3668	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:10:19.0394 3668	RDPCDD - ok
22:10:19.0426 3668	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:10:19.0519 3668	RDPENCDD - ok
22:10:19.0566 3668	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:10:19.0660 3668	RDPREFMP - ok
22:10:19.0691 3668	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:10:19.0800 3668	RDPWD - ok
22:10:19.0862 3668	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:10:19.0894 3668	rdyboost - ok
22:10:19.0972 3668	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:10:20.0065 3668	rspndr - ok
22:10:20.0096 3668	RSUSBSTOR       (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
22:10:20.0143 3668	RSUSBSTOR - ok
22:10:20.0190 3668	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:10:20.0221 3668	RTL8167 - ok
22:10:20.0284 3668	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:10:20.0299 3668	sbp2port - ok
22:10:20.0362 3668	SBRE            (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys
22:10:20.0377 3668	SBRE - ok
22:10:20.0408 3668	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:10:20.0518 3668	scfilter - ok
22:10:20.0549 3668	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:10:20.0596 3668	sdbus - ok
22:10:20.0642 3668	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:10:20.0736 3668	secdrv - ok
22:10:20.0798 3668	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:10:20.0814 3668	Serenum - ok
22:10:20.0861 3668	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:10:20.0892 3668	Serial - ok
22:10:20.0939 3668	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:10:20.0970 3668	sermouse - ok
22:10:21.0017 3668	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:10:21.0064 3668	sffdisk - ok
22:10:21.0095 3668	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:10:21.0126 3668	sffp_mmc - ok
22:10:21.0157 3668	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:10:21.0220 3668	sffp_sd - ok
22:10:21.0266 3668	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:10:21.0298 3668	sfloppy - ok
22:10:21.0360 3668	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:10:21.0376 3668	SiSRaid2 - ok
22:10:21.0391 3668	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:10:21.0407 3668	SiSRaid4 - ok
22:10:21.0438 3668	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:10:21.0547 3668	Smb - ok
22:10:21.0610 3668	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:10:21.0625 3668	spldr - ok
22:10:21.0688 3668	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:10:21.0750 3668	srv - ok
22:10:21.0797 3668	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:10:21.0844 3668	srv2 - ok
22:10:21.0906 3668	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:10:21.0968 3668	SrvHsfHDA - ok
22:10:22.0015 3668	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:10:22.0093 3668	SrvHsfV92 - ok
22:10:22.0187 3668	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:10:22.0234 3668	SrvHsfWinac - ok
22:10:22.0265 3668	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:10:22.0312 3668	srvnet - ok
22:10:22.0358 3668	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:10:22.0374 3668	stexstor - ok
22:10:22.0421 3668	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:10:22.0436 3668	swenum - ok
22:10:22.0514 3668	SynTP           (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:10:22.0546 3668	SynTP - ok
22:10:22.0639 3668	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:10:22.0733 3668	Tcpip - ok
22:10:22.0780 3668	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:10:22.0858 3668	TCPIP6 - ok
22:10:22.0889 3668	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:10:22.0982 3668	tcpipreg - ok
22:10:23.0060 3668	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:10:23.0154 3668	TDPIPE - ok
22:10:23.0170 3668	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:10:23.0279 3668	TDTCP - ok
22:10:23.0310 3668	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:10:23.0404 3668	tdx - ok
22:10:23.0435 3668	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:10:23.0466 3668	TermDD - ok
22:10:23.0528 3668	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:10:23.0606 3668	tssecsrv - ok
22:10:23.0653 3668	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:10:23.0700 3668	TsUsbFlt - ok
22:10:23.0778 3668	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:10:23.0872 3668	tunnel - ok
22:10:23.0903 3668	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:10:23.0934 3668	uagp35 - ok
22:10:23.0981 3668	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:10:24.0090 3668	udfs - ok
22:10:24.0137 3668	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:10:24.0152 3668	uliagpkx - ok
22:10:24.0199 3668	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:10:24.0246 3668	umbus - ok
22:10:24.0324 3668	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:10:24.0371 3668	UmPass - ok
22:10:24.0402 3668	USBAAPL64       (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
22:10:24.0402 3668	USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
22:10:24.0402 3668	USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
22:10:24.0433 3668	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:10:24.0480 3668	usbccgp - ok
22:10:24.0527 3668	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:10:24.0574 3668	usbcir - ok
22:10:24.0636 3668	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:10:24.0683 3668	usbehci - ok
22:10:24.0714 3668	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:10:24.0761 3668	usbhub - ok
22:10:24.0792 3668	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:10:24.0839 3668	usbohci - ok
22:10:24.0870 3668	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:10:24.0901 3668	usbprint - ok
22:10:24.0917 3668	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:10:24.0979 3668	USBSTOR - ok
22:10:25.0010 3668	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:10:25.0042 3668	usbuhci - ok
22:10:25.0120 3668	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:10:25.0151 3668	usbvideo - ok
22:10:25.0182 3668	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:10:25.0198 3668	vdrvroot - ok
22:10:25.0244 3668	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:10:25.0276 3668	vga - ok
22:10:25.0307 3668	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:10:25.0400 3668	VgaSave - ok
22:10:25.0432 3668	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:10:25.0463 3668	vhdmp - ok
22:10:25.0494 3668	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:10:25.0510 3668	viaide - ok
22:10:25.0525 3668	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:10:25.0541 3668	volmgr - ok
22:10:25.0588 3668	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:10:25.0619 3668	volmgrx - ok
22:10:25.0697 3668	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:10:25.0728 3668	volsnap - ok
22:10:25.0759 3668	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:10:25.0790 3668	vsmraid - ok
22:10:25.0837 3668	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:10:25.0884 3668	vwifibus - ok
22:10:25.0915 3668	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:10:25.0978 3668	vwififlt - ok
22:10:26.0009 3668	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:10:26.0040 3668	vwifimp - ok
22:10:26.0118 3668	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:10:26.0149 3668	WacomPen - ok
22:10:26.0196 3668	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:10:26.0290 3668	WANARP - ok
22:10:26.0305 3668	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:10:26.0383 3668	Wanarpv6 - ok
22:10:26.0414 3668	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:10:26.0446 3668	Wd - ok
22:10:26.0477 3668	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:10:26.0524 3668	Wdf01000 - ok
22:10:26.0586 3668	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:10:26.0680 3668	WfpLwf - ok
22:10:26.0695 3668	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:10:26.0711 3668	WIMMount - ok
22:10:26.0773 3668	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:10:26.0820 3668	WinUsb - ok
22:10:26.0867 3668	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:10:26.0914 3668	WmiAcpi - ok
22:10:26.0945 3668	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:10:27.0038 3668	ws2ifsl - ok
22:10:27.0148 3668	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:10:27.0226 3668	WudfPf - ok
22:10:27.0257 3668	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:10:27.0366 3668	WUDFRd - ok
22:10:27.0397 3668	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:10:27.0460 3668	yukonw7 - ok
22:10:27.0491 3668	MBR (0x1B8)     (8f84284b2c573e8e1ee0154eacdd9701) \Device\Harddisk0\DR0
22:10:27.0569 3668	\Device\Harddisk0\DR0 - ok
22:10:27.0600 3668	Boot (0x1200)   (f190c2bfc5ca3e250c672d8bfbe22fe4) \Device\Harddisk0\DR0\Partition0
22:10:27.0600 3668	\Device\Harddisk0\DR0\Partition0 - ok
22:10:27.0616 3668	Boot (0x1200)   (410374bc44f434db1c134a8f959aaea6) \Device\Harddisk0\DR0\Partition1
22:10:27.0616 3668	\Device\Harddisk0\DR0\Partition1 - ok
22:10:27.0631 3668	Boot (0x1200)   (8c8b5b4d378d61089f55fad0b8e74c91) \Device\Harddisk0\DR0\Partition2
22:10:27.0631 3668	\Device\Harddisk0\DR0\Partition2 - ok
22:10:27.0662 3668	Boot (0x1200)   (0ddba10283d57d84270920fcde989bd6) \Device\Harddisk0\DR0\Partition3
22:10:27.0662 3668	\Device\Harddisk0\DR0\Partition3 - ok
22:10:27.0662 3668	============================================================
22:10:27.0662 3668	Scan finished
22:10:27.0662 3668	============================================================
22:10:27.0678 4284	Detected object count: 1
22:10:27.0678 4284	Actual detected object count: 1
22:11:57.0659 4284	USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:57.0659 4284	USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 22.02.2012, 11:34

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

vivastern · 22.02.2012, 13:30

Zitat:

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter

Lieber Arne, wie schon zweimal von mir gefragt:

?Wie deaktiviere ich den AVG richtig? Denn ich scheine es nur zu schaffen, die Benutzeroberfläche zu beenden und ComboFix hat nochmal extra gewarnt, dass AVG aktiv ist. Bitte gib mir doch nen Tipp. Danke!

cosinus · 22.02.2012, 15:12

Das Nutzen einer Suchmaschine ist nicht verboten! => AVG - Temporäres Deaktivieren von AVG | Häufig gestellte Fragen

vivastern · 22.02.2012, 16:40

Er scheint durch zu sein. Nur zeigt er seit mind. 30 Minuten an:

Zitat:

Fast fertig..dieses Fenster wird sich in Kürze schließen. Bitte warte ein paar Sekunden, damit das log geöffnet werden kann.

Das mit den Anwendungen und der Fehlermeldung ist eingetroffen. Soll ich also nun lieber warten oder neu starten?

vivastern · 22.02.2012, 17:57

Danke!
Habs geschafft...

Code:

ATTFilter

ComboFix 12-02-22.01 - Verena 22.02.2012  15:19:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3958.2596 [GMT 1:00]
ausgeführt von:: C:\Users\Verena\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Install.exe
C:\Users\Verena\AppData\Roaming\AcroIEHelpe.txt
C:\Users\Verena\AppData\Roaming\srvblck2.tmp


(((((((((((((((((((((((   Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))


2012-02-22 14:31:13 . 2012-02-22 14:31:13	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2012-02-21 20:17:28 . 2012-02-21 20:17:28	--------	d-----w-	C:\_OTL
2012-02-20 14:00:37 . 2012-02-20 14:00:37	--------	d-----w-	C:\Program Files (x86)\ESET
2012-02-18 13:15:30 . 2012-02-18 13:15:30	--------	d-----w-	C:\$AVG
2012-02-17 17:37:25 . 2012-02-17 17:37:25	--------	d-----w-	C:\Users\Verena\AppData\Roaming\AVG2012
2012-02-17 17:36:30 . 2012-02-17 17:36:36	--------	d-----w-	C:\ProgramData\AVG Secure Search
2012-02-17 17:36:30 . 2012-02-17 17:36:30	--------	d-----w-	C:\Program Files (x86)\Common Files\AVG Secure Search
2012-02-17 17:36:29 . 2012-02-17 17:36:35	--------	d-----w-	C:\Program Files (x86)\AVG Secure Search
2012-02-17 17:35:56 . 2012-02-22 09:58:49	--------	d-----w-	C:\Windows\system32\drivers\AVG
2012-02-17 17:35:56 . 2012-02-17 17:38:00	--------	d-----w-	C:\ProgramData\AVG2012
2012-02-17 17:34:08 . 2012-02-22 09:58:54	--------	d-----w-	C:\ProgramData\MFAData
2012-02-17 17:13:47 . 2012-01-17 03:39:42	8602168	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD8C83BD-DC18-48B5-843B-C42DBBAFD1E7}\mpengine.dll
2012-02-17 11:45:15 . 2012-02-17 11:45:15	--------	d-----w-	C:\Users\Verena\AppData\Roaming\Malwarebytes
2012-02-17 11:44:57 . 2012-02-17 11:44:57	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-02-17 11:44:56 . 2012-02-17 11:45:00	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-17 11:44:56 . 2011-12-10 14:24:08	23152	----a-w-	C:\Windows\system32\drivers\mbam.sys
2012-02-16 09:16:54 . 2011-12-28 03:59:24	498688	----a-w-	C:\Windows\system32\drivers\afd.sys
2012-02-16 09:16:54 . 2011-12-16 08:46:06	634880	----a-w-	C:\Windows\system32\msvcrt.dll
2012-02-16 09:16:53 . 2011-12-16 07:52:58	690688	----a-w-	C:\Windows\SysWow64\msvcrt.dll
2012-02-16 09:15:02 . 2012-01-14 04:06:27	3145728	----a-w-	C:\Windows\system32\win32k.sys
2012-02-01 12:24:39 . 2012-02-01 12:24:39	--------	d-----w-	C:\Program Files (x86)\Audiograbber
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-29 04:10:42 . 2010-07-01 12:03:58	279656	------w-	C:\Windows\system32\MpSigStub.exe
2012-01-10 22:21:10 . 2011-05-13 07:53:17	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 . 2012-01-04 00:48:42	354176	----a-w-	C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-11-30 12:50:41 . 2009-07-14 02:36:51	175616	----a-w-	C:\Windows\system32\msclmd.dll
2011-11-30 12:50:41 . 2009-07-14 02:36:51	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-17 17:36:29	1811296	----a-w-	C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-17 17:36:29 1811296]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 10:45:28 2741616]
"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 14:26:44 1685048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 19:24:38 98304]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 10:00:00 60464]
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 13:19:48 323640]
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 07:04:24 500792]
"PCMAgent"="C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 09:34:02 148776]
"CLMLServer"="C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 09:34:20 202024]
"PlayMovie"="C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 16:07:24 177384]
"TVEService"="C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 15:56:04 226536]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 01:41:12 49208]
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 16:24:26 2416480]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2012-02-17 17:36:30 939872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0AMwA1ADgAOQA1ADgAMAAzADkALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBYAE8AOQArADEALQBGADkATQAzACsAMQAtAEQARABUACsAMgA4ADEANgA1AC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGAFUASQArADIA&prod=90&ver=9.0.894" [?]

C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 13:21:32 227896]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2009-09-23 01:39:00 225280]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 02:14:26 98208]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 05:25:22 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 05:09:08 192776]
S2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2009-07-14 01:39:46 27136]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 15:56:26 464224]
S2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 15:56:26 189792]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 04:01:32 2320920]
S2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-17 17:36:30 909152]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29:54	451872	----a-w-	C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Inhalt des "geplante Tasks" Ordners

2012-02-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604564059-764910878-3552578447-1001Core.job
- C:\Users\Verena\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 09:28:35 . 2010-09-09 09:28:32]

2012-02-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604564059-764910878-3552578447-1001UA.job
- C:\Users\Verena\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 09:28:35 . 2010-09-09 09:28:32]

2012-02-17 C:\Windows\Tasks\HPCeeScheduleForVerena.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22:28 . 2009-10-07 03:22:28]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	97792	----a-w-	C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	97792	----a-w-	C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	97792	----a-w-	C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 19:32:18 5977600]
"RtkOSD"="C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 18:33:00 995840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Zusätzlicher Suchlauf -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lheuqom4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9403eeb4-0520-49ea-b0c1-62b1eb9e3793%7D&mid=5b0d75e38c0da276cb56abf84b374079-831f635ca31915cbf27df9f3e079de75575703db&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-02-17%2018%3A36%3A31&sap=ku&q=

- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - C:\Windows\system32\ezMDUninstall.exe

cosinus · 22.02.2012, 19:51

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

vivastern · 23.02.2012, 09:55

Sorry, hab beim ersten Scan nicht auf die success-Nachricht gewartet....also hier dann beide logs:

Code:

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 09:22:46
-----------------------------
09:22:46.312    OS Version: Windows x64 6.1.7601 Service Pack 1
09:22:46.312    Number of processors: 4 586 0x2502
09:22:46.312    ComputerName: VERENAS-PC  UserName: Verena
09:22:47.794    Initialize success
09:23:42.733    AVAST engine defs: 12022201
09:24:47.333    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:24:47.349    Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
09:24:47.364    Disk 0 MBR read successfully
09:24:47.364    Disk 0 MBR scan
09:24:47.364    Disk 0 unknown MBR code
09:24:47.380    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
09:24:47.396    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       463423 MB offset 409600
09:24:47.427    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13213 MB offset 949499904
09:24:47.458    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
09:24:47.505    Disk 0 scanning C:\Windows\system32\drivers
09:24:58.628    Service scanning
09:25:38.704    Modules scanning
09:25:38.720    Disk 0 trace - called modules:
09:25:39.234    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:25:39.250    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c02060]
09:25:39.250    3 CLASSPNP.SYS[fffff8800110b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494c050]
09:25:40.451    AVAST engine scan C:\Windows
09:25:44.226    AVAST engine scan C:\Windows\system32
09:29:26.995    AVAST engine scan C:\Windows\system32\drivers
09:29:45.450    AVAST engine scan C:\Users\Verena
09:33:31.447    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\MBR.dat"
09:33:31.463    The log file has been saved successfully to "C:\Users\Verena\Desktop\aswMBR.txt"

Code:

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 09:36:17
-----------------------------
09:36:17.373    OS Version: Windows x64 6.1.7601 Service Pack 1
09:36:17.373    Number of processors: 4 586 0x2502
09:36:17.373    ComputerName: VERENAS-PC  UserName: Verena
09:36:18.917    Initialize success
09:36:26.608    AVAST engine defs: 12022201
09:36:33.971    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:36:33.971    Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
09:36:34.002    Disk 0 MBR read successfully
09:36:34.002    Disk 0 MBR scan
09:36:34.018    Disk 0 unknown MBR code
09:36:34.018    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
09:36:34.049    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       463423 MB offset 409600
09:36:34.080    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13213 MB offset 949499904
09:36:34.096    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
09:36:34.143    Disk 0 scanning C:\Windows\system32\drivers
09:36:49.056    Service scanning
09:37:16.185    Modules scanning
09:37:16.200    Disk 0 trace - called modules:
09:37:16.731    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:37:16.731    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c02060]
09:37:16.746    3 CLASSPNP.SYS[fffff8800110b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494c050]
09:37:18.197    AVAST engine scan C:\Windows
09:37:23.111    AVAST engine scan C:\Windows\system32
09:40:41.840    AVAST engine scan C:\Windows\system32\drivers
09:40:56.972    AVAST engine scan C:\Users\Verena
09:46:29.238    AVAST engine scan C:\ProgramData
09:47:16.521    Scan finished successfully
09:48:17.580    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\MBR.dat"
09:48:17.595    The log file has been saved successfully to "C:\Users\Verena\Desktop\aswMBR2.txt"

cosinus · 23.02.2012, 12:54

MBR ist immer noch unbekannt. Bitte wiederholen

vivastern · 23.02.2012, 19:42

Soweit ich das sehen kann, hat sich leider nichts verändert....außer, dass es einen Absturz gab, als ich das Programm hab laufen lassen...

Code:

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 18:50:40
-----------------------------
18:50:40.400    OS Version: Windows x64 6.1.7601 Service Pack 1
18:50:40.400    Number of processors: 4 586 0x2502
18:50:40.400    ComputerName: VERENAS-PC  UserName: Verena
18:50:41.663    Initialize success
18:50:53.082    AVAST engine defs: 12022201
18:51:01.850    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:51:01.850    Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
18:51:01.865    Disk 0 MBR read successfully
18:51:01.881    Disk 0 MBR scan
18:51:01.881    Disk 0 unknown MBR code
18:51:01.896    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
18:51:01.943    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       463423 MB offset 409600
18:51:01.990    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13213 MB offset 949499904
18:51:02.006    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
18:51:02.052    Disk 0 scanning C:\Windows\system32\drivers
18:51:13.924    Service scanning
18:51:47.620    Modules scanning
18:51:47.636    Disk 0 trace - called modules:
18:51:48.166    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:51:48.166    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bf9060]
18:51:48.182    3 CLASSPNP.SYS[fffff8800115243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004978050]
18:51:49.289    AVAST engine scan C:\Windows
18:51:52.612    AVAST engine scan C:\Windows\system32
19:07:13.419    AVAST engine scan C:\Windows\system32\drivers
19:08:42.948    AVAST engine scan C:\Users\Verena
19:18:11.569    AVAST engine scan C:\ProgramData
19:19:33.126    Scan finished successfully
19:39:16.341    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\MBR.dat"
19:39:16.341    The log file has been saved successfully to "C:\Users\Verena\Desktop\aswMBR3.txt"

22.02.2012, 15:12	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	CPU Auslastung 100% Firefox- und anschließender Systemabsturz. Vermutung: sychost.exe-Virus Das Nutzen einer Suchmaschine ist nicht verboten! => AVG - Temporäres Deaktivieren von AVG \| Häufig gestellte Fragen __________________ Logfiles bitte immer in CODE-Tags posten

23.02.2012, 12:54	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	CPU Auslastung 100% Firefox- und anschließender Systemabsturz. Vermutung: sychost.exe-Virus MBR ist immer noch unbekannt. Bitte wiederholen __________________ Logfiles bitte immer in CODE-Tags posten

CPU Auslastung 100% Firefox- und anschließender Systemabsturz. Vermutung: sychost.exe-Virus

Log-Analyse und Auswertung: CPU Auslastung 100% Firefox- und anschließender Systemabsturz. Vermutung: sychost.exe-Virus