Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus? Fenster mit Fehlermeldung: Failed to save all the components for the file \\System32\\0000xx (https://www.trojaner-board.de/108512-virus-fenster-fehlermeldung-failed-to-save-all-the-components-for-the-file-system32-0000xx.html)

nu3nn 23.01.2012 22:21
Virus? Fenster mit Fehlermeldung: Failed to save all the components for the file \\System32\\0000xx
 
Hallo liebe Community Mitglieder,

ich habe seit heute Mittag höchstwahrscheinlich einen Virus/Trojaner auf meinem Notebook. Ich schreibe diese Nachricht von einem anderen Rechner, da sich Windows auf dem Notebook zwar noch hochfahren lässt, ich allerdings keinen Zugriff auf mein Laufwerk (C:\) mehr habe. Es wird angezeigt, beim anklicken ist es aber leer. Es begann damit, dass die Antivirussoftware Avira "verseuchte" Dateien meldete. Ich bin auf Entfernen gegangen und dann ging es auch schon los. Mein Desktophintergrund ist Schwarz und alle Icons bis auf "Computer" und "Papierkorb" sind weg.

Es öffneten sich innerhalb von Sekunden mehrere (ca. 20, können auch mehr sein) Fenster mit folgender Fehlermeldung:

"Windows- delayed write failed: Failed to save all the components for the file \\System32\\0000xxxx. The file is corrupted and unreadable. This error may be caused by a PC hardware problem" - xxxx steht hierbei für unterschiedliche Zahlen in jedem der Fenster.

Avira meldete auch eine Datei Namens "BOO.TDss.O", ich habe mich im Internet informiert. Ist angeblich ein bekannter Trojaner.
Außerdem, dass Malware im Bootsektor gefunden wurde.

Weitere Meldungen, die auftauchten, waren:

"Harddrive Clusters are partlydamaged. Segment load failure."
"Critical Error: Windows OS can't detect a free hard drive space - hard drive error"

Zudem soll die ganze Zeit ein "System Check" durchgeführt werden. Das Fenster System Control Panel öffnet sich und man kann "Computer Status" (4 critical errors), "RAM Memory Status" (1 critival error), "System Drive Status" (1 critical error) und "System Registry Status" (2 critical errors) prüfen lassen. Dies habe ich gemacht. Dazu noch ein extra Fenster mit der Meldung "Files Indexation Process failed" und einem zugehörigen Button "resolve this issue", und einige Informationen mit falscher englischer Grammatik.

Das ist alles an Info, die ich bis jetzt geben kann. Ich habe außer Avira kein Antivirusprogramm auf dem Notebook. Ich hoffe, es lässt sich etwas mit folgenden Logs anfangen. Ich kenne mich leider kein bisschen aus. Vielen Dank schonmal für die Hilfe.


Hier die OTL.txt



OTL logfile created on: 23.01.2012 21:02:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,90 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 60,64% Memory free
7,80 Gb Paging File | 6,13 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 339,55 Gb Free Space | 75,71% Space Free | Partition Type: NTFS
Drive D: | 1,90 Gb Total Space | 1,89 Gb Free Space | 99,82% Space Free | Partition Type: FAT32
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,77% Space Free | Partition Type: FAT32

Computer Name: ***-HP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.23 20:51:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.01.23 14:30:35 | 000,363,370 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\CiVNguEPUt45H8.exe
PRC - [2012.01.23 14:13:27 | 000,456,554 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\RobIKtbrUE.exe
PRC - [2011.09.07 11:55:40 | 000,221,256 | -H-- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.09.01 17:06:50 | 000,227,896 | -H-- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | -H-- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.08.03 21:43:45 | 000,645,048 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.06.28 22:49:27 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.05 09:55:27 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011.03.21 22:10:00 | 001,230,704 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.01 13:44:58 | 000,280,120 | -H-- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010.04.10 01:54:38 | 001,441,544 | -H-- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.01.12 21:27:38 | 000,635,416 | -H-- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009.03.30 14:00:54 | 000,221,184 | -H-- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2007.07.24 20:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.09 01:40:50 | 000,771,584 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:42:15 | 000,452,608 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\cf95add46bfba066f035bd78f6e21d86\IAStorUtil.ni.dll
MOD - [2011.10.13 23:53:39 | 012,431,360 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.13 23:53:30 | 001,586,688 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.13 23:53:13 | 003,325,952 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011.10.13 23:53:06 | 005,452,800 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.13 23:53:02 | 000,971,264 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.13 23:53:00 | 007,949,312 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.13 23:52:50 | 011,490,304 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.03.21 22:10:36 | 000,096,112 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 22:10:00 | 001,230,704 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.12.10 04:40:53 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.12.10 04:40:49 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.01.22 19:30:00 | 007,745,536 | -H-- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.01.22 19:29:58 | 002,121,728 | -H-- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | RH-- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.12.24 12:03:54 | 000,271,360 | -H-- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011.12.24 12:03:53 | 000,089,600 | -H-- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011.03.10 07:16:08 | 001,028,096 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.06.29 20:52:12 | 004,181,256 | -H-- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010.05.20 22:28:14 | 000,677,128 | -H-- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010.05.20 22:28:12 | 001,096,968 | -H-- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2009.11.02 21:11:52 | 000,016,896 | -H-- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.09.09 17:10:28 | 000,086,072 | -H-- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.01 17:06:50 | 000,227,896 | -H-- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.08.03 21:43:45 | 000,645,048 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.06.28 22:49:27 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.05 09:55:27 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.03.10 07:16:07 | 000,647,680 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.01 13:44:58 | 000,280,120 | -H-- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010.05.03 22:48:04 | 002,782,552 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.01.12 21:27:38 | 000,635,416 | -H-- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.07.16 16:04:16 | 000,316,664 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 20:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.12.24 12:03:55 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.08.03 21:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.07.08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.06.28 22:49:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 22:49:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.11 14:37:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.07.09 00:45:22 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010.06.29 18:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.05.21 03:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010.05.03 23:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.10 01:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010.03.19 12:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.15 04:45:26 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.01.25 14:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.22 19:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.02 21:12:00 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.08.13 10:00:00 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS -- (NAVEX15)
DRV - [2010.08.13 10:00:00 | 000,475,696 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.08.13 10:00:00 | 000,132,656 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.08.13 10:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS -- (NAVENG)
DRV - [2010.08.09 04:11:49 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010.06.27 05:05:05 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys -- (IDSVia64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://imdb.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.12.10 05:07:24 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.12.10 05:07:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.10 05:07:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.27 21:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012.01.23 18:23:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 12:19:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 12:19:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.10 00:45:56 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.09.01 17:56:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.16 00:12:02 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011.09.01 17:56:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.09.01 17:56:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.01.21 16:41:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cq11od6.default\extensions
[2011.08.03 14:24:01 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cq11od6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.21 16:41:18 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6cq11od6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.01 17:56:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\uu34ba37.default\extensions
[2011.05.12 19:37:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.10 00:45:56 | 000,121,816 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.10 00:45:53 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.10 00:45:53 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.10 00:45:53 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.10 00:45:53 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.10 00:45:53 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.10 00:45:53 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RobIKtbrUE.exe] C:\ProgramData\RobIKtbrUE.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F767432-FF22-459B-91E6-2F711F55D714}: DhcpNameServer = 192.168.1.1 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E847F411-E2A1-4292-9DB5-3A16C25C6FE7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.01.23 20:56:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.23 18:48:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.01.23 18:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.01.23 14:30:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.01.23 14:30:35 | 000,363,370 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\CiVNguEPUt45H8.exe
[2012.01.23 14:13:33 | 000,456,554 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\RobIKtbrUE.exe
[2012.01.22 18:09:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012.01.10 14:11:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETS
[2012.01.10 14:11:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\ETS
[2012.01.10 14:10:57 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2012.01.05 17:07:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ZoomBrowser EX
[2012.01.05 17:06:48 | 000,000,000 | -H-D | C] -- C:\Users\***\Canon Fotos
[2012.01.05 17:03:04 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\CANON INC
[2012.01.05 16:54:52 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Canon MyCameraFiles
[2012.01.05 16:54:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\ZoomBrowser
[2012.01.05 16:54:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.01.05 16:54:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Canon
[2012.01.05 16:52:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Canon
[2011.05.12 19:36:12 | 012,362,480 | -H-- | C] (Mozilla) -- C:\Program Files (x86)\Firefox_Setup_4.0.1.exe

========== Files - Modified Within 30 Days ==========

[2012.01.23 20:57:50 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.23 20:57:46 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.01.23 20:57:46 | 000,654,188 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.01.23 20:57:46 | 000,616,030 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.01.23 20:57:46 | 000,130,028 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.01.23 20:57:46 | 000,106,410 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.01.23 20:51:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.23 20:48:30 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.23 20:40:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.01.23 18:35:56 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.23 18:35:56 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.23 18:23:18 | 4190,388,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 14:34:19 | 000,000,432 | -H-- | M] () -- C:\ProgramData\CiVNguEPUt45H8
[2012.01.23 14:30:58 | 000,000,653 | -H-- | M] () -- C:\Users\***\Desktop\System Check.lnk
[2012.01.23 11:02:04 | 000,000,336 | -H-- | M] () -- C:\windows\tasks\HPCeeScheduleFor***.job
[2012.01.21 13:27:00 | 000,092,716 | -H-- | M] () -- C:\Users\***\RalfMoeller.jpg
[2012.01.05 17:03:14 | 000,001,949 | -H-- | M] () -- C:\Users\***x\Desktop\CameraLauncher - Verknüpfung.lnk
[2012.01.05 17:02:10 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.29 12:51:44 | 000,001,001 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.29 12:51:43 | 000,001,021 | -H-- | M] () -- C:\Users\***\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2012.01.23 20:57:50 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.23 20:56:56 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.23 14:30:57 | 000,000,653 | -H-- | C] () -- C:\Users\***\Desktop\System Check.lnk
[2012.01.23 14:30:45 | 000,000,432 | -H-- | C] () -- C:\ProgramData\CiVNguEPUt45H8
[2012.01.21 13:26:59 | 000,092,716 | -H-- | C] () -- C:\Users\***\RalfMoeller.jpg
[2012.01.05 17:03:14 | 000,001,949 | -H-- | C] () -- C:\Users\***\Desktop\CameraLauncher - Verknüpfung.lnk
[2012.01.05 17:02:10 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.05.12 19:37:17 | 000,000,000 | -H-- | C] () -- C:\windows\nsreg.dat
[2011.04.10 17:38:35 | 000,031,864 | -H-- | C] () -- C:\windows\maxlink.ini
[2011.04.04 13:43:12 | 000,000,425 | -H-- | C] () -- C:\windows\BRWMARK.INI
[2011.03.10 07:20:35 | 000,014,051 | -H-- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2010.01.25 14:48:56 | 000,982,224 | -H-- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2010.01.25 14:48:56 | 000,439,336 | -H-- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2010.01.25 14:48:56 | 000,092,292 | -H-- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010.01.25 13:43:18 | 000,208,896 | -H-- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010.01.25 13:43:18 | 000,143,360 | -H-- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,139,824 | -H-- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011.08.16 17:59:22 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\BSW
[2011.05.13 13:02:43 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.01.23 14:29:51 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.08.03 14:24:07 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.10 13:47:05 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.20 15:00:32 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.03.31 23:06:07 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.08.24 17:58:51 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.19 23:15:59 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.12.04 23:26:10 | 000,032,640 | -H-- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.03.24 17:10:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.27 16:04:41 | 000,000,000 | -HSD | M] -- C:\boot
[2012.01.17 11:30:30 | 000,000,000 | -H-D | M] -- C:\bwinPoker
[2012.01.22 18:12:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.10 03:49:46 | 000,000,000 | -H-D | M] -- C:\EFI
[2010.12.10 05:18:23 | 000,000,000 | -H-D | M] -- C:\hp
[2011.03.24 17:10:31 | 000,000,000 | -H-D | M] -- C:\Intel
[2011.04.04 00:19:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.22 16:28:34 | 000,000,000 | -H-D | M] -- C:\Orkan
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs
[2011.11.10 16:56:29 | 000,000,000 | -H-D | M] -- C:\Picdump funny
[2011.12.24 12:04:06 | 000,000,000 | RH-D | M] -- C:\Program Files
[2012.01.10 14:11:44 | 000,000,000 | RH-D | M] -- C:\Program Files (x86)
[2012.01.23 18:48:51 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.22 18:07:56 | 000,000,000 | -H-D | M] -- C:\swsetup
[2012.01.23 21:05:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.24 17:03:19 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011.03.24 17:01:15 | 000,000,000 | RH-D | M] -- C:\Users
[2012.01.23 14:45:43 | 000,000,000 | -H-D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >
[2011.05.12 19:36:13 | 012,362,480 | -H-- | M] (Mozilla) -- C:\Program Files (x86)\Firefox_Setup_4.0.1.exe

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: AFD.SYS >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\windows\SysNative\drivers\afd.sys
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | -H-- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.12.10 05:06:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | -H-- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.12.10 04:57:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.12.10 05:06:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.12.10 04:57:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | -H-- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.12.10 05:06:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.12.10 04:57:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.12.10 05:06:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.12.10 04:57:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | -H-- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.12.10 05:06:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.12.10 05:06:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010.12.10 05:06:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >






Hier die Extras.txt:



OTL Extras logfile created on: 23.01.2012 21:02:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,90 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 60,64% Memory free
7,80 Gb Paging File | 6,13 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 339,55 Gb Free Space | 75,71% Space Free | Partition Type: NTFS
Drive D: | 1,90 Gb Total Space | 1,89 Gb Free Space | 99,82% Space Free | Partition Type: FAT32
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,77% Space Free | Partition Type: FAT32

Computer Name: ***-HP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1" = Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8E9FAEE-4AC2-4A38-99D9-55D1F26F8163}" = TOEFL Sample Questions
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}" = HP Setup
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F097D8DF-B207-4EA1-91A4-A21B8425F9B4}" = HP Documentation
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1410C34-CCC7-4443-B698-7E9FF42F4FA3}" = Corel Home Office
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"bwin Poker_is1" = bwin Poker
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NIS" = Norton Internet Security
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"PhotoStitch" = Canon Utilities PhotoStitch
"SopCast" = SopCast 3.3.2
"Steam App 10" = Counter-Strike
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22.01.2012 14:49:51 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:49:51.503]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:49:53 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:49:53.047]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:49:54 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:49:54.592]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:49:56 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:49:56.136]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:49:57 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:49:57.681]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:49:59 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:49:59.225]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:50:00 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:50:00.769]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:50:02 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:50:02.314]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:50:03 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:50:03.874]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 22.01.2012 14:50:05 | Computer Name = ***-HP | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/01/22 19:50:05.418]: [00004484]: lperrcode->api
= 1 , lperrcode->code = 2

[ Cisco AnyConnect VPN Client Events ]
Error - 21.01.2012 13:32:08 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 21.01.2012 13:32:08 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1019 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 21.01.2012 13:32:08 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 21.01.2012 13:32:08 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 22.01.2012 02:10:24 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 22.01.2012 09:06:44 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 23.01.2012 06:02:05 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 23.01.2012 09:17:12 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 23.01.2012 09:21:04 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 23.01.2012 13:23:26 | Computer Name = ***-HP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

[ Hewlett-Packard Events ]
Error - 27.05.2011 14:04:17 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051127080414.xml
File not created by asset agent

Error - 15.10.2011 06:42:15 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101115124212.xml
File not created by asset agent

[ HP Software Framework Events ]
Error - 21.01.2012 14:22:15 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.21 19:22:15.699|00001240|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 22.01.2012 02:13:52 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.22 07:13:52.321|00001050|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 22.01.2012 09:13:21 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.22 14:13:21.318|00000594|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 22.01.2012 13:12:24 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.22 18:12:24.147|000023B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23.01.2012 07:22:38 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.23 12:22:38.377|0000135C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23.01.2012 09:18:45 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.23 14:18:45.388|00000C1C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23.01.2012 09:29:45 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.23 14:29:45.326|0000102C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23.01.2012 13:24:57 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.23 18:24:57.488|00000EB0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23.01.2012 13:37:42 | Computer Name = ***-HP | Source = CaslWmi | ID = 5
Description = 2012.01.23 18:37:42.174|000011B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ OSession Events ]
Error - 08.05.2011 12:43:23 | Computer Name = ***-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4138
seconds with 840 seconds of active time. This session ended with a crash.

Error - 01.06.2011 06:14:29 | Computer Name = ***-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3701 seconds with 1920 seconds of active time. This session ended with a
crash.

Error - 05.09.2011 12:13:16 | Computer Name = ***-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22779
seconds with 13800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23.01.2012 09:46:10 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.01.2012 09:46:10 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.01.2012 09:46:10 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.01.2012 09:46:10 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.01.2012 09:46:10 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.01.2012 09:46:10 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.01.2012 09:46:10 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.01.2012 13:27:58 | Computer Name = ***-HP | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 23.01.2012 13:27:59 | Computer Name = ***-HP | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 23.01.2012 13:30:32 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.


< End of report >

markusg 24.01.2012 12:59
hi
ersetze im script *** durch nutzernamen damit es funktioniert.


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
PRC - [2012.01.23 14:30:35 | 000,363,370 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\CiVNguEPUt45H8.exe
PRC - [2012.01.23 14:13:27 | 000,456,554 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\RobIKtbrUE.exe
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [RobIKtbrUE.exe] C:\ProgramData\RobIKtbrUE.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.01.23 14:30:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.01.23 14:30:35 | 000,363,370 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\CiVNguEPUt45H8.exe
[2012.01.23 14:34:19 | 000,000,432 | -H-- | M] () -- C:\ProgramData\CiVNguEPUt45H8
[2012.01.23 14:30:58 | 000,000,653 | -H-- | M] () -- C:\Users\***\Desktop\System Check.lnk

 :Files
C:\ProgramData\CiVNguEPUt45H8.exe
C:\ProgramData\RobIKtbrUE.exe
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)



lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

nu3nn 24.01.2012 13:32
Hallo markusg,

vielen Dank. Fortschritt tut gut. Nach dem Fix und dem Neustart sehe ich jetzt wieder meine Desktopicons und es öffnen sich keine Fehlermeldungen bis auf die von Avira mit dem Virus im Masterbootsektor "BOO.TDss.O".

Du meintest, ich finde nach dem Neustart ein Textdokument. Ich habe keines gefunden. Wie ist denn der Name des Dokuments und wo soll es auftauchen?

Ansonsten kann ich nur bis zum 3. Unterpunkt folgen. Beim Rechtsklick auf Movedfiles und "Senden an" taucht kein "Zip-komprimitierter Ordner auf". Muss ich dieses Zip Programm evtl. noch downloaden?

WinZip ist auf dem Rechner installiert. Ich könnte nach dem Rechtsklick über den WinZip Reiter "Hinzufügen zu MovedFiles.zip"

Übersehe ich etwas? Wie soll ich weiter vorgehen?

markusg 24.01.2012 14:04
hi, über winzip direkt geht das auch :-)

nu3nn 24.01.2012 14:14
Tut mir leid, ich muss zurückrudern. Es war nur eine Testversion von Winzip, die abgelaufen ist. Verzeih mir, wenn ich mich etwas blöd anstelle, ich will nur nichts Falsches machen. Was tun?

nu3nn 24.01.2012 14:26
So, ich habs jetzt anders gemacht. Die movedfiles.zip ist hochgeladen. Hoffe das passt so!

markusg 24.01.2012 15:35
danke.
und kein problem, wenn fragen oder probleme auftauchen dann nenne sie, dafür sind wir ja hier.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

nu3nn 24.01.2012 18:04
Hier noch einige Anmerkungen, die evtl. von Bedeutung sein könnten, bevor ich die combofix.txt poste:

Ich habe die Unhide.exe laufen lassen (mit deaktiviertem Avira), habe aber im Startmenu immer noch fehlende Programme, bzw. der ursprüngliche Zustand ist noch nicht wieder vorhanden.

Der Scan hat ca. 1 Stunde gedauert. Währenddessen hatte ich die ganze Zeit die Internetverbindung deaktiviert. Zudem war während des ganzen Vorgangs eine Avira Meldung offen, die Malware angezeigt hat (BOO.TDss.O), obwohl ich die Software ausgeschaltet habe (geschlossener Regenschirm). Außerdem wurde kein einziges mal, wie in der Combofix Anleitung angedeutet, die Uhrzeit verändert.

Hier nun der combofix.txt


Combofix Logfile:
Code:
ComboFix 12-01-23.02 - *** 24.01.2012  16:24:51.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3996.2427 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\***\037.jpg
c:\users\***\avira_antivir_635personal_de.exe
c:\users\***\HoNClient-2.0.21.exe
c:\users\***\vlc-1.1.11-win32.exe
c:\users\***\vlc-1.1.8-win32.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-24 bis 2012-01-24  ))))))))))))))))))))))))))))))
.
.
2012-01-24 16:31 . 2012-01-24 16:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-24 12:32 . 2012-01-24 13:06        --------        d-----w-        c:\programdata\WinZip
2012-01-24 12:14 . 2012-01-24 12:14        --------        d-----w-        C:\_OTL
2012-01-23 17:48 . 2012-01-23 17:48        --------        d-----w-        c:\users\***\AppData\Roaming\Avira
2012-01-22 17:09 . 2012-01-22 17:09        --------        d-----w-        c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-20 12:08 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{04EE9583-4B0D-4E28-99E3-74FB4B1E3009}\mpengine.dll
2012-01-11 12:41 . 2011-10-26 05:22        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 12:41 . 2011-10-26 04:28        1328640        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-11 12:41 . 2011-10-26 05:22        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-11 12:41 . 2011-10-26 04:28        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-11 12:41 . 2011-11-17 07:14        1739160        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 12:41 . 2011-11-19 15:07        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 12:41 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2012-01-11 12:41 . 2011-11-17 05:41        1292592        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-10 13:11 . 2012-01-10 13:11        --------        d-----w-        c:\program files (x86)\ETS
2012-01-10 13:10 . 2012-01-10 13:10        --------        d-----w-        c:\users\***\AppData\Local\Downloaded Installations
2012-01-09 23:45 . 2012-01-09 23:45        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-09 23:45 . 2012-01-09 23:45        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-09 23:45 . 2012-01-09 23:45        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-09 23:45 . 2012-01-09 23:45        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-05 16:07 . 2012-01-05 16:08        --------        d-----w-        c:\users\***\AppData\Roaming\ZoomBrowser EX
2012-01-05 16:06 . 2012-01-05 16:06        --------        d-----w-        c:\users\***\Canon Fotos
2012-01-05 16:03 . 2012-01-05 16:03        --------        d-----w-        c:\users\***\AppData\Roaming\CANON INC
2012-01-05 15:54 . 2012-01-05 15:54        --------        d-----w-        c:\programdata\ZoomBrowser
2012-01-05 15:54 . 2012-01-05 15:55        --------        d-----w-        c:\program files (x86)\Canon
2012-01-05 15:52 . 2012-01-05 15:52        --------        d-----w-        c:\program files (x86)\Common Files\Canon
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-24 11:03 . 2011-12-24 11:04        515584        ----a-w-        c:\windows\system32\drivers\stwrt64.sys
2011-12-24 11:03 . 2011-03-10 06:18        489472        ----a-w-        c:\windows\sttray64.exe
2011-12-24 11:03 . 2011-12-24 11:04        651264        ------w-        c:\windows\system32\stapi64.dll
2011-12-24 11:03 . 2011-12-24 11:04        431616        ----a-w-        c:\windows\system32\stcplx64.dll
2011-12-24 11:03 . 2011-12-24 11:04        1484288        ----a-w-        c:\windows\system32\stapo64.dll
2011-12-24 11:03 . 2011-03-10 06:18        1952256        ----a-w-        c:\windows\system32\stlang64.dll
2011-12-24 11:03 . 2011-03-10 06:18        12861952        ----a-w-        c:\windows\system32\idtcpl64.cpl
2011-12-24 11:03 . 2011-03-10 06:17        219648        ----a-w-        c:\windows\system32\staco64.dll
2011-12-24 11:03 . 2011-03-10 06:18        90624        ----a-w-        c:\windows\system32\AESTCo64.dll
2011-12-24 11:03 . 2011-03-10 06:18        68608        ----a-w-        c:\windows\system32\AESTAR64.dll
2011-12-24 11:03 . 2011-03-10 06:18        442368        ----a-w-        c:\windows\system32\AESTEC64.dll
2011-12-24 11:03 . 2011-03-10 06:18        162816        ----a-w-        c:\windows\system32\AESTAC64.dll
2011-12-10 10:16 . 2011-10-20 10:14        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00 . 2011-12-14 09:24        3141632        ----a-w-        c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-03-25 21:16        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-05 05:26 . 2011-12-14 09:34        1197568        ----a-w-        c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 09:34        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 09:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 09:34        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 09:34        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 09:23        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 09:34        482816        ----a-w-        c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 09:34        386048        ----a-w-        c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 09:34        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 09:34        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-05-12 18:36 . 2011-05-12 18:36        12362480        ----a-w-        c:\program files (x86)\Firefox_Setup_4.0.1.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20        1515688        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-10-15 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-05-03 1110360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2011-04-11 149280]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-09-07 221256]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-08-09 945200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-06-27 463408]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-24 89600]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-05 136360]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-13 132656]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-10 1028096]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 19:06        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-23 c:\windows\Tasks\HPCeeScheduleFor***.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-24 489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://imdb.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6cq11od6.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-24  17:53:32
ComboFix-quarantined-files.txt  2012-01-24 16:53
.
Vor Suchlauf: 17 Verzeichnis(se), 363.754.012.672 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 364.054.855.680 Bytes frei
.
- - End Of File - - 75E4CA07384D0983C91766A5A8F7B04D
--- --- ---

markusg 24.01.2012 18:37
hi,
öffne mal avira, ereignisse, poste mir die meldung mit dem tdss fund bitte.

nu3nn 24.01.2012 18:59
Das wurde mehrere Male gemeldet. Die letzten Malware Meldungen von heute sahen folgendermaßen aus:

Im Bootsektor von Laufwerk "C:" wurde ein Virus oder unerwünschtes Programm "BOO/TDss.O" [virus] gefunden
Ausgeführte Aktion: Zugriff verweigern

Im Masterbootsektor von Laufwerk "Masterbootsektor HD0" wurde ein Virus oder unerwünschtes Programm "BOO/TDss.O" [virus] gefunden
Ausgeführte Aktion: Zugriff verweigern

Im Bootsektor von Laufwerk "F:" wurde ein Virus oder unerwünschtes Programm "BOO/TDss.O" [virus] gefunden
Ausgeführte Aktion: Zugriff verweigern

von gestern (23.01.2012)

Die Datei 'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\214ac886-37493fe5'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.CE' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51e8d92b.qua' verschoben!

In der Datei 'C:\Users\***\AppData\Local\Temp\jar_cache101786312620709849.tmp'
wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.CE' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\214ac886-37493fe5-temp'
wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.CE' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\214ac886-37493fe5'
wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.CE' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Users\***\AppData\Local\Temp\jar_cache4021950393491922491.tmp'
wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.CE' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Users\***\AppData\Local\Temp\jar_cache4720429363825033275.tmp'
wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.CE' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Users\***\AppData\Local\Temp\jar_cache3078093960062623873.tmp'
wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-4452.CE' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben

es gab gestern noch 6 weitere Malware Meldungen mit ähnlichem Pfad.

Ich habe seit Combofix gelaufen ist, nicht neu gestartet. Soll ich das machen?

markusg 24.01.2012 19:08
unschön.
1. machst du mit dem pc onlinebanking, einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches?
2.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
log posten bitte

nu3nn 24.01.2012 19:18
Du machst mir Angst. Onlinebanking ja, über die Homepage der Bank, auch Zahlungsabwicklung über Pay Pal. Berufliches eher selten, kommt aber vor. "unschön" hört sich bedenklich an...

Log kommt sofort..

markusg 24.01.2012 19:20
rufe die bank an, onlinebanking muss gesperrt werden.
notfall nummer:
116 116
begründung tdss rootkit.
wir machen den tdss killer noch, aber danach muss das system formatiert werden

nu3nn 24.01.2012 19:27
ok, nach change parameters sind die häkchen bei den oberen beiden (objects to scan) gesetzt, bei den unteren beiden (Additional options) nicht. Soll ich das so lassen?

markusg 24.01.2012 19:35
ja lass das so
und scanne :-)

nu3nn 24.01.2012 19:38
Habe die Notfallnummer angerufen, Sperrung sei über die Notfallnummer zur Zeit nicht möglich. Mir wurde empfohlen 3 mal den falschen Pin einzugeben, dann erfolgt eine automatische Sperrung. Das habe ich gemacht. Das Konto ist jetzt vorläufig gesperrt.

markusg 24.01.2012 19:45
ok dann den tdss killer ausführen, morgen bei der bank melden und dann erkläre ich dir auch noch wie man formatiert und die daten sichert etc

nu3nn 24.01.2012 19:47
Scan results:


Infected: \device\Harddisk0\DR0 (Rootkit.Boot.SST.a)
Processing error: \device\Harddisk0\DR0


Der Report:



19:24:48.0972 4616 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
19:24:49.0003 4616 ============================================================
19:24:49.0003 4616 Current date / time: 2012/01/24 19:24:49.0003
19:24:49.0003 4616 SystemInfo:
19:24:49.0003 4616
19:24:49.0003 4616 OS Version: 6.1.7600 ServicePack: 0.0
19:24:49.0003 4616 Product type: Workstation
19:24:49.0018 4616 ComputerName: ***-HP
19:24:49.0018 4616 UserName: ***
19:24:49.0018 4616 Windows directory: C:\windows
19:24:49.0018 4616 System windows directory: C:\windows
19:24:49.0018 4616 Running under WOW64
19:24:49.0018 4616 Processor architecture: Intel x64
19:24:49.0018 4616 Number of processors: 2
19:24:49.0018 4616 Page size: 0x1000
19:24:49.0018 4616 Boot type: Normal boot
19:24:49.0018 4616 ============================================================
19:24:49.0767 4616 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:49.0767 4616 Drive \Device\Harddisk1\DR5 - Size: 0x79B00000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:24:49.0845 4616 Initialize success
19:39:04.0056 2524 ============================================================
19:39:04.0056 2524 Scan started
19:39:04.0056 2524 Mode: Manual;
19:39:04.0056 2524 ============================================================
19:39:04.0586 2524 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
19:39:04.0602 2524 1394ohci - ok
19:39:04.0664 2524 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
19:39:04.0664 2524 ACPI - ok
19:39:04.0758 2524 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
19:39:04.0758 2524 AcpiPmi - ok
19:39:04.0820 2524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:39:04.0836 2524 adp94xx - ok
19:39:04.0945 2524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:39:04.0961 2524 adpahci - ok
19:39:05.0007 2524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:39:05.0007 2524 adpu320 - ok
19:39:05.0148 2524 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
19:39:05.0163 2524 AFD - ok
19:39:05.0288 2524 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
19:39:05.0304 2524 AgereSoftModem - ok
19:39:05.0397 2524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
19:39:05.0413 2524 agp440 - ok
19:39:05.0475 2524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:39:05.0491 2524 aliide - ok
19:39:05.0507 2524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:39:05.0507 2524 amdide - ok
19:39:05.0600 2524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:39:05.0616 2524 AmdK8 - ok
19:39:05.0647 2524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:39:05.0647 2524 AmdPPM - ok
19:39:05.0741 2524 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
19:39:05.0756 2524 amdsata - ok
19:39:05.0787 2524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:39:05.0787 2524 amdsbs - ok
19:39:05.0834 2524 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
19:39:05.0834 2524 amdxata - ok
19:39:05.0959 2524 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
19:39:05.0959 2524 AppID - ok
19:39:06.0021 2524 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:39:06.0037 2524 arc - ok
19:39:06.0115 2524 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:39:06.0115 2524 arcsas - ok
19:39:06.0162 2524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:39:06.0162 2524 AsyncMac - ok
19:39:06.0287 2524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:39:06.0302 2524 atapi - ok
19:39:06.0365 2524 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
19:39:06.0365 2524 avgntflt - ok
19:39:06.0443 2524 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
19:39:06.0458 2524 avipbb - ok
19:39:06.0521 2524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:39:06.0536 2524 b06bdrv - ok
19:39:06.0630 2524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:39:06.0645 2524 b57nd60a - ok
19:39:06.0692 2524 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:39:06.0692 2524 Beep - ok
19:39:06.0864 2524 BHDrvx64 (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
19:39:06.0879 2524 BHDrvx64 - ok
19:39:06.0989 2524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:39:06.0989 2524 blbdrive - ok
19:39:07.0051 2524 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
19:39:07.0051 2524 bowser - ok
19:39:07.0145 2524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:39:07.0160 2524 BrFiltLo - ok
19:39:07.0176 2524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:39:07.0176 2524 BrFiltUp - ok
19:39:07.0223 2524 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:39:07.0238 2524 BridgeMP - ok
19:39:07.0332 2524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:39:07.0347 2524 Brserid - ok
19:39:07.0363 2524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:39:07.0363 2524 BrSerWdm - ok
19:39:07.0410 2524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:39:07.0410 2524 BrUsbMdm - ok
19:39:07.0503 2524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:39:07.0503 2524 BrUsbSer - ok
19:39:07.0550 2524 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:39:07.0550 2524 BthEnum - ok
19:39:07.0659 2524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:39:07.0659 2524 BTHMODEM - ok
19:39:07.0706 2524 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:39:07.0706 2524 BthPan - ok
19:39:07.0815 2524 BTHPORT (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
19:39:07.0831 2524 BTHPORT - ok
19:39:07.0925 2524 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
19:39:07.0940 2524 BTHUSB - ok
19:39:07.0987 2524 BTMCOM (e588420b950dac5ac397f76660bce520) C:\windows\system32\Drivers\btmcom.sys
19:39:07.0987 2524 BTMCOM - ok
19:39:08.0174 2524 BTMUSB (d1bcd0e189378f81e3fe57783684b3da) C:\windows\system32\Drivers\btmusb.sys
19:39:08.0205 2524 BTMUSB - ok
19:39:08.0346 2524 catchme - ok
19:39:08.0439 2524 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:39:08.0439 2524 cdfs - ok
19:39:08.0502 2524 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
19:39:08.0517 2524 cdrom - ok
19:39:08.0627 2524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:39:08.0627 2524 circlass - ok
19:39:08.0673 2524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:39:08.0689 2524 CLFS - ok
19:39:08.0829 2524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:39:08.0829 2524 CmBatt - ok
19:39:08.0892 2524 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:39:08.0892 2524 cmdide - ok
19:39:08.0939 2524 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
19:39:08.0970 2524 CNG - ok
19:39:09.0063 2524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:39:09.0063 2524 Compbatt - ok
19:39:09.0079 2524 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
19:39:09.0095 2524 CompositeBus - ok
19:39:09.0110 2524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:39:09.0126 2524 crcdisk - ok
19:39:09.0235 2524 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
19:39:09.0235 2524 DfsC - ok
19:39:09.0282 2524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:39:09.0282 2524 discache - ok
19:39:09.0422 2524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:39:09.0422 2524 Disk - ok
19:39:09.0500 2524 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:39:09.0500 2524 drmkaud - ok
19:39:09.0625 2524 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
19:39:09.0641 2524 DXGKrnl - ok
19:39:09.0797 2524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:39:09.0843 2524 ebdrv - ok
19:39:09.0937 2524 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:39:09.0968 2524 eeCtrl - ok
19:39:10.0077 2524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:39:10.0093 2524 elxstor - ok
19:39:10.0202 2524 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:39:10.0202 2524 EraserUtilRebootDrv - ok
19:39:10.0296 2524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
19:39:10.0296 2524 ErrDev - ok
19:39:10.0358 2524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:39:10.0374 2524 exfat - ok
19:39:10.0452 2524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:39:10.0467 2524 fastfat - ok
19:39:10.0514 2524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:39:10.0514 2524 fdc - ok
19:39:10.0623 2524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:39:10.0639 2524 FileInfo - ok
19:39:10.0655 2524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:39:10.0670 2524 Filetrace - ok
19:39:10.0701 2524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:39:10.0701 2524 flpydisk - ok
19:39:10.0779 2524 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
19:39:10.0795 2524 FltMgr - ok
19:39:10.0826 2524 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:39:10.0826 2524 FsDepends - ok
19:39:10.0842 2524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:39:10.0857 2524 Fs_Rec - ok
19:39:10.0935 2524 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
19:39:10.0951 2524 fvevol - ok
19:39:11.0029 2524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:39:11.0029 2524 gagp30kx - ok
19:39:11.0060 2524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:39:11.0060 2524 hcw85cir - ok
19:39:11.0123 2524 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
19:39:11.0138 2524 HdAudAddService - ok
19:39:11.0216 2524 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:39:11.0232 2524 HDAudBus - ok
19:39:11.0263 2524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:39:11.0279 2524 HidBatt - ok
19:39:11.0310 2524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:39:11.0310 2524 HidBth - ok
19:39:11.0341 2524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:39:11.0341 2524 HidIr - ok
19:39:11.0435 2524 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
19:39:11.0450 2524 HidUsb - ok
19:39:11.0637 2524 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
19:39:11.0637 2524 HpqKbFiltr - ok
19:39:11.0778 2524 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
19:39:11.0778 2524 HpSAMD - ok
19:39:11.0825 2524 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
19:39:11.0840 2524 HTTP - ok
19:39:11.0918 2524 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
19:39:11.0934 2524 hwpolicy - ok
19:39:11.0981 2524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:39:11.0996 2524 i8042prt - ok
19:39:12.0105 2524 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
19:39:12.0105 2524 iaStor - ok
19:39:12.0246 2524 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
19:39:12.0261 2524 iaStorV - ok
19:39:12.0371 2524 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
19:39:12.0386 2524 IDSVia64 - ok
19:39:12.0651 2524 igfx (7467ae8f96ea983423148c62458669fa) C:\windows\system32\DRIVERS\igdkmd64.sys
19:39:12.0854 2524 igfx - ok
19:39:12.0948 2524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:39:12.0948 2524 iirsp - ok
19:39:13.0010 2524 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\windows\system32\drivers\IntcHdmi.sys
19:39:13.0010 2524 IntcHdmiAddService - ok
19:39:13.0119 2524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:39:13.0135 2524 intelide - ok
19:39:13.0182 2524 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:39:13.0197 2524 intelppm - ok
19:39:13.0229 2524 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:39:13.0244 2524 IpFilterDriver - ok
19:39:13.0338 2524 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
19:39:13.0353 2524 IPMIDRV - ok
19:39:13.0369 2524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:39:13.0385 2524 IPNAT - ok
19:39:13.0416 2524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:39:13.0416 2524 IRENUM - ok
19:39:13.0494 2524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
19:39:13.0509 2524 isapnp - ok
19:39:13.0541 2524 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
19:39:13.0556 2524 iScsiPrt - ok
19:39:13.0587 2524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:39:13.0587 2524 kbdclass - ok
19:39:13.0681 2524 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
19:39:13.0697 2524 kbdhid - ok
19:39:13.0728 2524 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
19:39:13.0743 2524 KSecDD - ok
19:39:13.0775 2524 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
19:39:13.0790 2524 KSecPkg - ok
19:39:13.0868 2524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:39:13.0868 2524 ksthunk - ok
19:39:14.0024 2524 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:39:14.0024 2524 lltdio - ok
19:39:14.0087 2524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:39:14.0087 2524 LSI_FC - ok
19:39:14.0165 2524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:39:14.0180 2524 LSI_SAS - ok
19:39:14.0211 2524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:39:14.0227 2524 LSI_SAS2 - ok
19:39:14.0243 2524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:39:14.0258 2524 LSI_SCSI - ok
19:39:14.0305 2524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:39:14.0321 2524 luafv - ok
19:39:14.0383 2524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:39:14.0383 2524 megasas - ok
19:39:14.0414 2524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:39:14.0430 2524 MegaSR - ok
19:39:14.0477 2524 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:39:14.0477 2524 Modem - ok
19:39:14.0555 2524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:39:14.0555 2524 monitor - ok
19:39:14.0601 2524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:39:14.0617 2524 mouclass - ok
19:39:14.0695 2524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:39:14.0711 2524 mouhid - ok
19:39:14.0757 2524 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
19:39:14.0773 2524 mountmgr - ok
19:39:14.0804 2524 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
19:39:14.0804 2524 mpio - ok
19:39:14.0867 2524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:39:14.0882 2524 mpsdrv - ok
19:39:14.0929 2524 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
19:39:14.0929 2524 MRxDAV - ok
19:39:14.0960 2524 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
19:39:14.0976 2524 mrxsmb - ok
19:39:15.0038 2524 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:39:15.0054 2524 mrxsmb10 - ok
19:39:15.0101 2524 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:39:15.0116 2524 mrxsmb20 - ok
19:39:15.0163 2524 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\drivers\msahci.sys
19:39:15.0179 2524 msahci - ok
19:39:15.0257 2524 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
19:39:15.0257 2524 msdsm - ok
19:39:15.0335 2524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:39:15.0335 2524 Msfs - ok
19:39:15.0397 2524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:39:15.0397 2524 mshidkmdf - ok
19:39:15.0444 2524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
19:39:15.0444 2524 msisadrv - ok
19:39:15.0522 2524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:39:15.0522 2524 MSKSSRV - ok
19:39:15.0584 2524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:39:15.0584 2524 MSPCLOCK - ok
19:39:15.0615 2524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:39:15.0615 2524 MSPQM - ok
19:39:15.0662 2524 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
19:39:15.0678 2524 MsRPC - ok
19:39:15.0756 2524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:39:15.0756 2524 mssmbios - ok
19:39:15.0803 2524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:39:15.0803 2524 MSTEE - ok
19:39:15.0818 2524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:39:15.0834 2524 MTConfig - ok
19:39:15.0865 2524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:39:15.0865 2524 Mup - ok
19:39:15.0943 2524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:39:15.0959 2524 NativeWifiP - ok
19:39:16.0083 2524 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
19:39:16.0099 2524 NAVENG - ok
19:39:16.0146 2524 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
19:39:16.0177 2524 NAVEX15 - ok
19:39:16.0302 2524 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
19:39:16.0333 2524 NDIS - ok
19:39:16.0427 2524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:39:16.0442 2524 NdisCap - ok
19:39:16.0473 2524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:39:16.0473 2524 NdisTapi - ok
19:39:16.0583 2524 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
19:39:16.0583 2524 Ndisuio - ok
19:39:16.0598 2524 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
19:39:16.0614 2524 NdisWan - ok
19:39:16.0629 2524 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
19:39:16.0629 2524 NDProxy - ok
19:39:16.0739 2524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:39:16.0739 2524 NetBIOS - ok
19:39:16.0770 2524 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
19:39:16.0770 2524 NetBT - ok
19:39:16.0926 2524 netr28x (b964d4c524a80aba22db16fc1eded0a9) C:\windows\system32\DRIVERS\netr28x.sys
19:39:16.0941 2524 netr28x - ok
19:39:17.0051 2524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:39:17.0066 2524 nfrd960 - ok
19:39:17.0207 2524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:39:17.0222 2524 Npfs - ok
19:39:17.0238 2524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:39:17.0253 2524 nsiproxy - ok
19:39:17.0331 2524 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
19:39:17.0363 2524 Ntfs - ok
19:39:17.0456 2524 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:39:17.0456 2524 Null - ok
19:39:17.0519 2524 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
19:39:17.0519 2524 nvraid - ok
19:39:17.0597 2524 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
19:39:17.0612 2524 nvstor - ok
19:39:17.0659 2524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
19:39:17.0659 2524 nv_agp - ok
19:39:17.0706 2524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
19:39:17.0706 2524 ohci1394 - ok
19:39:17.0815 2524 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:39:17.0831 2524 Parport - ok
19:39:17.0862 2524 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
19:39:17.0877 2524 partmgr - ok
19:39:17.0893 2524 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
19:39:17.0909 2524 pci - ok
19:39:18.0002 2524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:39:18.0018 2524 pciide - ok
19:39:18.0049 2524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:39:18.0065 2524 pcmcia - ok
19:39:18.0096 2524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:39:18.0111 2524 pcw - ok
19:39:18.0205 2524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:39:18.0236 2524 PEAUTH - ok
19:39:18.0377 2524 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
19:39:18.0377 2524 PptpMiniport - ok
19:39:18.0423 2524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:39:18.0423 2524 Processor - ok
19:39:18.0470 2524 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
19:39:18.0470 2524 Psched - ok
19:39:18.0564 2524 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
19:39:18.0564 2524 PxHlpa64 - ok
19:39:18.0642 2524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:39:18.0657 2524 ql2300 - ok
19:39:18.0751 2524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:39:18.0767 2524 ql40xx - ok
19:39:18.0798 2524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:39:18.0798 2524 QWAVEdrv - ok
19:39:18.0813 2524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:39:18.0829 2524 RasAcd - ok
19:39:18.0907 2524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:39:18.0923 2524 RasAgileVpn - ok
19:39:18.0954 2524 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
19:39:18.0969 2524 Rasl2tp - ok
19:39:19.0047 2524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:39:19.0063 2524 RasPppoe - ok
19:39:19.0079 2524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:39:19.0094 2524 RasSstp - ok
19:39:19.0125 2524 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
19:39:19.0141 2524 rdbss - ok
19:39:19.0172 2524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:39:19.0172 2524 rdpbus - ok
19:39:19.0250 2524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:39:19.0250 2524 RDPCDD - ok
19:39:19.0297 2524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:39:19.0297 2524 RDPENCDD - ok
19:39:19.0313 2524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:39:19.0328 2524 RDPREFMP - ok
19:39:19.0344 2524 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
19:39:19.0359 2524 RDPWD - ok
19:39:19.0453 2524 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
19:39:19.0469 2524 rdyboost - ok
19:39:19.0515 2524 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:39:19.0531 2524 RFCOMM - ok
19:39:19.0625 2524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:39:19.0640 2524 rspndr - ok
19:39:19.0687 2524 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
19:39:19.0703 2524 RTL8167 - ok
19:39:19.0812 2524 rtsuvc (73157d4a4f6da18c5148e47cb958af58) C:\windows\system32\DRIVERS\rtsuvc.sys
19:39:19.0812 2524 rtsuvc - ok
19:39:19.0843 2524 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
19:39:19.0843 2524 sbp2port - ok
19:39:19.0890 2524 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
19:39:19.0890 2524 scfilter - ok
19:39:19.0968 2524 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
19:39:19.0983 2524 sdbus - ok
19:39:20.0046 2524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:39:20.0061 2524 secdrv - ok
19:39:20.0108 2524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:39:20.0108 2524 Serenum - ok
19:39:20.0186 2524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:39:20.0186 2524 Serial - ok
19:39:20.0217 2524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:39:20.0233 2524 sermouse - ok
19:39:20.0280 2524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
19:39:20.0280 2524 sffdisk - ok
19:39:20.0358 2524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
19:39:20.0373 2524 sffp_mmc - ok
19:39:20.0389 2524 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
19:39:20.0389 2524 sffp_sd - ok
19:39:20.0405 2524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:39:20.0405 2524 sfloppy - ok
19:39:20.0467 2524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:39:20.0467 2524 SiSRaid2 - ok
19:39:20.0561 2524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:39:20.0561 2524 SiSRaid4 - ok
19:39:20.0607 2524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:39:20.0623 2524 Smb - ok
19:39:20.0717 2524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:39:20.0717 2524 spldr - ok
19:39:20.0795 2524 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
19:39:20.0826 2524 SRTSP - ok
19:39:20.0935 2524 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
19:39:20.0951 2524 SRTSPX - ok
19:39:20.0982 2524 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
19:39:20.0997 2524 srv - ok
19:39:21.0075 2524 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
19:39:21.0091 2524 srv2 - ok
19:39:21.0107 2524 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
19:39:21.0122 2524 srvnet - ok
19:39:21.0263 2524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:39:21.0278 2524 stexstor - ok
19:39:21.0325 2524 STHDA (96df19a03d37f8568141612d31f0d035) C:\windows\system32\DRIVERS\stwrt64.sys
19:39:21.0341 2524 STHDA - ok
19:39:21.0434 2524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:39:21.0450 2524 swenum - ok
19:39:21.0528 2524 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
19:39:21.0543 2524 SymDS - ok
19:39:21.0668 2524 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
19:39:21.0699 2524 SymEFA - ok
19:39:21.0793 2524 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:39:21.0809 2524 SymEvent - ok
19:39:21.0871 2524 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
19:39:21.0887 2524 SymIRON - ok
19:39:21.0996 2524 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
19:39:22.0011 2524 SymNetS - ok
19:39:22.0136 2524 SynTP (be2b928de9af2848289db7a54c7e2398) C:\windows\system32\DRIVERS\SynTP.sys
19:39:22.0152 2524 SynTP - ok
19:39:22.0230 2524 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
19:39:22.0261 2524 Tcpip - ok
19:39:22.0401 2524 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
19:39:22.0417 2524 TCPIP6 - ok
19:39:22.0495 2524 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
19:39:22.0511 2524 tcpipreg - ok
19:39:22.0526 2524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:39:22.0542 2524 TDPIPE - ok
19:39:22.0557 2524 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:39:22.0557 2524 TDTCP - ok
19:39:22.0589 2524 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
19:39:22.0589 2524 tdx - ok
19:39:22.0667 2524 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
19:39:22.0682 2524 TermDD - ok
19:39:22.0713 2524 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
19:39:22.0713 2524 TPM - ok
19:39:22.0807 2524 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
19:39:22.0807 2524 tssecsrv - ok
19:39:22.0854 2524 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
19:39:22.0869 2524 tunnel - ok
19:39:22.0963 2524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:39:22.0963 2524 uagp35 - ok
19:39:23.0025 2524 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\windows\system32\DRIVERS\udfs.sys
19:39:23.0041 2524 udfs - ok
19:39:23.0088 2524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
19:39:23.0088 2524 uliagpkx - ok
19:39:23.0166 2524 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
19:39:23.0181 2524 umbus - ok
19:39:23.0213 2524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:39:23.0213 2524 UmPass - ok
19:39:23.0259 2524 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
19:39:23.0259 2524 usbaudio - ok
19:39:23.0353 2524 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
19:39:23.0369 2524 usbccgp - ok
19:39:23.0415 2524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
19:39:23.0431 2524 usbcir - ok
19:39:23.0509 2524 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
19:39:23.0525 2524 usbehci - ok
19:39:23.0556 2524 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
19:39:23.0571 2524 usbhub - ok
19:39:23.0603 2524 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
19:39:23.0618 2524 usbohci - ok
19:39:23.0712 2524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:39:23.0712 2524 usbprint - ok
19:39:23.0759 2524 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:39:23.0759 2524 usbscan - ok
19:39:23.0790 2524 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:39:23.0790 2524 USBSTOR - ok
19:39:23.0883 2524 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
19:39:23.0899 2524 usbuhci - ok
19:39:23.0946 2524 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
19:39:23.0946 2524 usbvideo - ok
19:39:24.0039 2524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
19:39:24.0055 2524 vdrvroot - ok
19:39:24.0117 2524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:39:24.0117 2524 vga - ok
19:39:24.0195 2524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:39:24.0195 2524 VgaSave - ok
19:39:24.0242 2524 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
19:39:24.0258 2524 vhdmp - ok
19:39:24.0336 2524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:39:24.0336 2524 viaide - ok
19:39:24.0414 2524 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
19:39:24.0429 2524 volmgr - ok
19:39:24.0476 2524 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
19:39:24.0492 2524 volmgrx - ok
19:39:24.0539 2524 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
19:39:24.0539 2524 volsnap - ok
19:39:24.0648 2524 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\windows\system32\DRIVERS\vpnva64.sys
19:39:24.0663 2524 vpnva - ok
19:39:24.0726 2524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:39:24.0741 2524 vsmraid - ok
19:39:24.0819 2524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:39:24.0819 2524 vwifibus - ok
19:39:24.0866 2524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:39:24.0882 2524 vwififlt - ok
19:39:24.0960 2524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:39:24.0975 2524 WacomPen - ok
19:39:25.0022 2524 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:39:25.0038 2524 WANARP - ok
19:39:25.0038 2524 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:39:25.0053 2524 Wanarpv6 - ok
19:39:25.0131 2524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:39:25.0147 2524 Wd - ok
19:39:25.0178 2524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:39:25.0209 2524 Wdf01000 - ok
19:39:25.0319 2524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:39:25.0334 2524 WfpLwf - ok
19:39:25.0350 2524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:39:25.0365 2524 WIMMount - ok
19:39:25.0506 2524 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUsb.sys
19:39:25.0521 2524 WinUsb - ok
19:39:25.0568 2524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:39:25.0568 2524 WmiAcpi - ok
19:39:25.0677 2524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:39:25.0677 2524 ws2ifsl - ok
19:39:25.0724 2524 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
19:39:25.0724 2524 WudfPf - ok
19:39:25.0755 2524 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
19:39:25.0771 2524 WUDFRd - ok
19:39:25.0833 2524 MBR (0x1B8) (ab1119be9d817f19019e3b0913c8f91d) \Device\Harddisk0\DR0
19:39:25.0865 2524 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
19:39:25.0865 2524 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
19:39:25.0880 2524 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR5
19:39:25.0927 2524 \Device\Harddisk1\DR5 - ok
19:39:25.0958 2524 Boot (0x1200) (1ee21c7b77ed91c9058aeb55e9ecf476) \Device\Harddisk0\DR0\Partition0
19:39:25.0958 2524 \Device\Harddisk0\DR0\Partition0 - ok
19:39:25.0974 2524 Boot (0x1200) (8fe53148daf8727d76a884b26cd7fcc9) \Device\Harddisk0\DR0\Partition1
19:39:25.0974 2524 \Device\Harddisk0\DR0\Partition1 - ok
19:39:26.0005 2524 Boot (0x1200) (06d24fdd054d6596a2e2ce690049e3a2) \Device\Harddisk0\DR0\Partition2
19:39:26.0021 2524 \Device\Harddisk0\DR0\Partition2 - ok
19:39:26.0036 2524 Boot (0x1200) (2c3909372ade9ceed3dab637b90e161b) \Device\Harddisk0\DR0\Partition3
19:39:26.0036 2524 \Device\Harddisk0\DR0\Partition3 - ok
19:39:26.0036 2524 Boot (0x1200) (cef174383b2f3f951cce3374ec4f6547) \Device\Harddisk1\DR5\Partition0
19:39:26.0036 2524 \Device\Harddisk1\DR5\Partition0 - ok
19:39:26.0036 2524 ============================================================
19:39:26.0036 2524 Scan finished
19:39:26.0036 2524 ============================================================
19:39:26.0067 5108 Detected object count: 1
19:39:26.0067 5108 Actual detected object count: 1
19:40:56.0548 5108 \Device\Harddisk0\DR0 - processing error
19:41:27.0966 5108 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure

nu3nn 24.01.2012 19:48
Vielen Dank, find ich großartig, wie viel Zeit Ihr euch nehmt!

markusg 24.01.2012 21:46
kannst du mal neustarten und nen neuen bericht vom tdss killer reinstellen?

nu3nn 25.01.2012 00:28
Hier der neue Bericht, Scan Result ist das selbe, wie vor dem Restart:


00:22:48.0582 2368 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
00:22:48.0613 2368 ============================================================
00:22:48.0613 2368 Current date / time: 2012/01/25 00:22:48.0613
00:22:48.0613 2368 SystemInfo:
00:22:48.0613 2368
00:22:48.0613 2368 OS Version: 6.1.7600 ServicePack: 0.0
00:22:48.0613 2368 Product type: Workstation
00:22:48.0613 2368 ComputerName: ***-HP
00:22:48.0613 2368 UserName: ***
00:22:48.0613 2368 Windows directory: C:\windows
00:22:48.0613 2368 System windows directory: C:\windows
00:22:48.0613 2368 Running under WOW64
00:22:48.0613 2368 Processor architecture: Intel x64
00:22:48.0613 2368 Number of processors: 2
00:22:48.0613 2368 Page size: 0x1000
00:22:48.0613 2368 Boot type: Normal boot
00:22:48.0613 2368 ============================================================
00:22:50.0626 2368 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:22:50.0688 2368 Initialize success
00:22:53.0902 2920 ============================================================
00:22:53.0902 2920 Scan started
00:22:53.0902 2920 Mode: Manual;
00:22:53.0902 2920 ============================================================
00:22:54.0791 2920 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
00:22:54.0806 2920 1394ohci - ok
00:22:54.0869 2920 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
00:22:54.0900 2920 ACPI - ok
00:22:54.0994 2920 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
00:22:55.0009 2920 AcpiPmi - ok
00:22:55.0103 2920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
00:22:55.0118 2920 adp94xx - ok
00:22:55.0228 2920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
00:22:55.0243 2920 adpahci - ok
00:22:55.0274 2920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
00:22:55.0274 2920 adpu320 - ok
00:22:55.0415 2920 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
00:22:55.0446 2920 AFD - ok
00:22:55.0571 2920 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
00:22:55.0602 2920 AgereSoftModem - ok
00:22:55.0696 2920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
00:22:55.0711 2920 agp440 - ok
00:22:55.0774 2920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
00:22:55.0774 2920 aliide - ok
00:22:55.0789 2920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
00:22:55.0789 2920 amdide - ok
00:22:55.0898 2920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
00:22:55.0914 2920 AmdK8 - ok
00:22:55.0945 2920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
00:22:55.0945 2920 AmdPPM - ok
00:22:56.0039 2920 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
00:22:56.0054 2920 amdsata - ok
00:22:56.0086 2920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
00:22:56.0101 2920 amdsbs - ok
00:22:56.0132 2920 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
00:22:56.0132 2920 amdxata - ok
00:22:56.0257 2920 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
00:22:56.0257 2920 AppID - ok
00:22:56.0320 2920 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
00:22:56.0335 2920 arc - ok
00:22:56.0507 2920 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
00:22:56.0507 2920 arcsas - ok
00:22:56.0554 2920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
00:22:56.0569 2920 AsyncMac - ok
00:22:56.0694 2920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
00:22:56.0710 2920 atapi - ok
00:22:56.0772 2920 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
00:22:56.0772 2920 avgntflt - ok
00:22:56.0850 2920 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
00:22:56.0866 2920 avipbb - ok
00:22:56.0912 2920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
00:22:56.0928 2920 b06bdrv - ok
00:22:57.0053 2920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
00:22:57.0068 2920 b57nd60a - ok
00:22:57.0100 2920 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
00:22:57.0100 2920 Beep - ok
00:22:57.0271 2920 BHDrvx64 (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
00:22:57.0287 2920 BHDrvx64 - ok
00:22:57.0396 2920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
00:22:57.0396 2920 blbdrive - ok
00:22:57.0458 2920 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
00:22:57.0474 2920 bowser - ok
00:22:57.0568 2920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
00:22:57.0568 2920 BrFiltLo - ok
00:22:57.0583 2920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
00:22:57.0599 2920 BrFiltUp - ok
00:22:57.0646 2920 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:22:57.0646 2920 BridgeMP - ok
00:22:57.0739 2920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
00:22:57.0755 2920 Brserid - ok
00:22:57.0770 2920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
00:22:57.0786 2920 BrSerWdm - ok
00:22:57.0817 2920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
00:22:57.0817 2920 BrUsbMdm - ok
00:22:57.0911 2920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
00:22:57.0911 2920 BrUsbSer - ok
00:22:57.0958 2920 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
00:22:57.0973 2920 BthEnum - ok
00:22:58.0067 2920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
00:22:58.0082 2920 BTHMODEM - ok
00:22:58.0114 2920 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
00:22:58.0129 2920 BthPan - ok
00:22:58.0223 2920 BTHPORT (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
00:22:58.0254 2920 BTHPORT - ok
00:22:58.0363 2920 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
00:22:58.0363 2920 BTHUSB - ok
00:22:58.0410 2920 BTMCOM (e588420b950dac5ac397f76660bce520) C:\windows\system32\Drivers\btmcom.sys
00:22:58.0426 2920 BTMCOM - ok
00:22:58.0566 2920 BTMUSB (d1bcd0e189378f81e3fe57783684b3da) C:\windows\system32\Drivers\btmusb.sys
00:22:58.0628 2920 BTMUSB - ok
00:22:58.0769 2920 catchme - ok
00:22:58.0862 2920 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
00:22:58.0862 2920 cdfs - ok
00:22:58.0909 2920 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
00:22:58.0925 2920 cdrom - ok
00:22:59.0050 2920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
00:22:59.0050 2920 circlass - ok
00:22:59.0081 2920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
00:22:59.0096 2920 CLFS - ok
00:22:59.0237 2920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
00:22:59.0237 2920 CmBatt - ok
00:22:59.0284 2920 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
00:22:59.0299 2920 cmdide - ok
00:22:59.0346 2920 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
00:22:59.0377 2920 CNG - ok
00:22:59.0471 2920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
00:22:59.0471 2920 Compbatt - ok
00:22:59.0502 2920 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
00:22:59.0502 2920 CompositeBus - ok
00:22:59.0533 2920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
00:22:59.0533 2920 crcdisk - ok
00:22:59.0658 2920 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
00:22:59.0658 2920 DfsC - ok
00:22:59.0689 2920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
00:22:59.0705 2920 discache - ok
00:22:59.0798 2920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
00:22:59.0814 2920 Disk - ok
00:22:59.0861 2920 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
00:22:59.0861 2920 drmkaud - ok
00:22:59.0986 2920 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
00:23:00.0001 2920 DXGKrnl - ok
00:23:00.0173 2920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
00:23:00.0235 2920 ebdrv - ok
00:23:00.0313 2920 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:23:00.0344 2920 eeCtrl - ok
00:23:00.0547 2920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
00:23:00.0547 2920 elxstor - ok
00:23:00.0906 2920 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:23:00.0922 2920 EraserUtilRebootDrv - ok
00:23:01.0046 2920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
00:23:01.0046 2920 ErrDev - ok
00:23:01.0218 2920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
00:23:01.0265 2920 exfat - ok
00:23:01.0327 2920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
00:23:01.0390 2920 fastfat - ok
00:23:01.0608 2920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
00:23:01.0624 2920 fdc - ok
00:23:01.0717 2920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
00:23:01.0748 2920 FileInfo - ok
00:23:01.0936 2920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
00:23:01.0951 2920 Filetrace - ok
00:23:02.0138 2920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
00:23:02.0138 2920 flpydisk - ok
00:23:02.0263 2920 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
00:23:02.0326 2920 FltMgr - ok
00:23:02.0388 2920 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
00:23:02.0388 2920 FsDepends - ok
00:23:02.0560 2920 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
00:23:02.0560 2920 Fs_Rec - ok
00:23:02.0794 2920 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
00:23:02.0965 2920 fvevol - ok
00:23:03.0106 2920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
00:23:03.0106 2920 gagp30kx - ok
00:23:03.0184 2920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
00:23:03.0215 2920 hcw85cir - ok
00:23:03.0355 2920 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
00:23:03.0433 2920 HdAudAddService - ok
00:23:03.0589 2920 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
00:23:03.0652 2920 HDAudBus - ok
00:23:03.0776 2920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
00:23:03.0776 2920 HidBatt - ok
00:23:03.0854 2920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
00:23:03.0854 2920 HidBth - ok
00:23:04.0042 2920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
00:23:04.0042 2920 HidIr - ok
00:23:04.0198 2920 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
00:23:04.0213 2920 HidUsb - ok
00:23:04.0588 2920 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
00:23:04.0588 2920 HpqKbFiltr - ok
00:23:04.0822 2920 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
00:23:04.0837 2920 HpSAMD - ok
00:23:04.0962 2920 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
00:23:05.0040 2920 HTTP - ok
00:23:05.0180 2920 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
00:23:05.0180 2920 hwpolicy - ok
00:23:05.0336 2920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
00:23:05.0352 2920 i8042prt - ok
00:23:05.0508 2920 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
00:23:05.0524 2920 iaStor - ok
00:23:05.0789 2920 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
00:23:05.0851 2920 iaStorV - ok
00:23:06.0007 2920 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
00:23:06.0023 2920 IDSVia64 - ok
00:23:06.0834 2920 igfx (7467ae8f96ea983423148c62458669fa) C:\windows\system32\DRIVERS\igdkmd64.sys
00:23:07.0146 2920 igfx - ok
00:23:07.0271 2920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
00:23:07.0286 2920 iirsp - ok
00:23:07.0474 2920 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\windows\system32\drivers\IntcHdmi.sys
00:23:07.0474 2920 IntcHdmiAddService - ok
00:23:07.0598 2920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
00:23:07.0630 2920 intelide - ok
00:23:07.0708 2920 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
00:23:07.0723 2920 intelppm - ok
00:23:07.0895 2920 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:23:07.0926 2920 IpFilterDriver - ok
00:23:08.0285 2920 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
00:23:08.0332 2920 IPMIDRV - ok
00:23:08.0722 2920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
00:23:08.0753 2920 IPNAT - ok
00:23:09.0252 2920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
00:23:09.0299 2920 IRENUM - ok
00:23:09.0611 2920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
00:23:09.0626 2920 isapnp - ok
00:23:10.0469 2920 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
00:23:10.0562 2920 iScsiPrt - ok
00:23:11.0124 2920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
00:23:11.0140 2920 kbdclass - ok
00:23:11.0389 2920 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
00:23:11.0405 2920 kbdhid - ok
00:23:11.0561 2920 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
00:23:11.0576 2920 KSecDD - ok
00:23:11.0654 2920 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
00:23:11.0686 2920 KSecPkg - ok
00:23:11.0842 2920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
00:23:11.0873 2920 ksthunk - ok
00:23:12.0138 2920 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
00:23:12.0154 2920 lltdio - ok
00:23:12.0341 2920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
00:23:12.0341 2920 LSI_FC - ok
00:23:12.0497 2920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
00:23:12.0528 2920 LSI_SAS - ok
00:23:12.0684 2920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
00:23:12.0700 2920 LSI_SAS2 - ok
00:23:12.0840 2920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
00:23:12.0856 2920 LSI_SCSI - ok
00:23:13.0012 2920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
00:23:13.0027 2920 luafv - ok
00:23:13.0136 2920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
00:23:13.0152 2920 megasas - ok
00:23:13.0448 2920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
00:23:13.0542 2920 MegaSR - ok
00:23:13.0838 2920 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
00:23:13.0963 2920 Modem - ok
00:23:14.0197 2920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
00:23:14.0275 2920 monitor - ok
00:23:14.0525 2920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
00:23:14.0743 2920 mouclass - ok
00:23:15.0040 2920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
00:23:15.0086 2920 mouhid - ok
00:23:15.0320 2920 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
00:23:15.0367 2920 mountmgr - ok
00:23:15.0617 2920 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
00:23:15.0695 2920 mpio - ok
00:23:15.0898 2920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
00:23:16.0038 2920 mpsdrv - ok
00:23:16.0350 2920 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
00:23:16.0412 2920 MRxDAV - ok
00:23:16.0756 2920 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
00:23:16.0787 2920 mrxsmb - ok
00:23:16.0990 2920 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:23:17.0099 2920 mrxsmb10 - ok
00:23:17.0364 2920 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:23:17.0520 2920 mrxsmb20 - ok
00:23:17.0754 2920 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\drivers\msahci.sys
00:23:17.0816 2920 msahci - ok
00:23:18.0206 2920 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
00:23:18.0284 2920 msdsm - ok
00:23:18.0565 2920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
00:23:18.0581 2920 Msfs - ok
00:23:18.0893 2920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
00:23:18.0908 2920 mshidkmdf - ok
00:23:19.0220 2920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
00:23:19.0236 2920 msisadrv - ok
00:23:19.0579 2920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
00:23:19.0595 2920 MSKSSRV - ok
00:23:19.0922 2920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
00:23:19.0938 2920 MSPCLOCK - ok
00:23:20.0328 2920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
00:23:20.0344 2920 MSPQM - ok
00:23:20.0656 2920 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
00:23:20.0702 2920 MsRPC - ok
00:23:20.0936 2920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
00:23:20.0952 2920 mssmbios - ok
00:23:21.0186 2920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
00:23:21.0186 2920 MSTEE - ok
00:23:21.0264 2920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
00:23:21.0295 2920 MTConfig - ok
00:23:21.0888 2920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
00:23:21.0888 2920 Mup - ok
00:23:22.0028 2920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
00:23:22.0060 2920 NativeWifiP - ok
00:23:22.0247 2920 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
00:23:22.0262 2920 NAVENG - ok
00:23:22.0652 2920 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
00:23:22.0855 2920 NAVEX15 - ok
00:23:23.0105 2920 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
00:23:23.0120 2920 NDIS - ok
00:23:23.0354 2920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
00:23:23.0417 2920 NdisCap - ok
00:23:23.0776 2920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
00:23:23.0807 2920 NdisTapi - ok
00:23:24.0337 2920 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
00:23:24.0368 2920 Ndisuio - ok
00:23:24.0634 2920 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
00:23:24.0649 2920 NdisWan - ok
00:23:25.0039 2920 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
00:23:25.0055 2920 NDProxy - ok
00:23:25.0258 2920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
00:23:25.0273 2920 NetBIOS - ok
00:23:25.0445 2920 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
00:23:25.0460 2920 NetBT - ok
00:23:25.0757 2920 netr28x (b964d4c524a80aba22db16fc1eded0a9) C:\windows\system32\DRIVERS\netr28x.sys
00:23:25.0788 2920 netr28x - ok
00:23:25.0960 2920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
00:23:25.0960 2920 nfrd960 - ok
00:23:26.0646 2920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
00:23:26.0755 2920 Npfs - ok
00:23:26.0880 2920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
00:23:26.0880 2920 nsiproxy - ok
00:23:27.0020 2920 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
00:23:27.0114 2920 Ntfs - ok
00:23:27.0254 2920 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
00:23:27.0270 2920 Null - ok
00:23:27.0379 2920 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
00:23:27.0395 2920 nvraid - ok
00:23:27.0488 2920 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
00:23:27.0504 2920 nvstor - ok
00:23:27.0582 2920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
00:23:27.0629 2920 nv_agp - ok
00:23:27.0707 2920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
00:23:27.0722 2920 ohci1394 - ok
00:23:27.0785 2920 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
00:23:27.0816 2920 Parport - ok
00:23:27.0878 2920 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
00:23:27.0894 2920 partmgr - ok
00:23:27.0972 2920 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
00:23:27.0972 2920 pci - ok
00:23:28.0050 2920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
00:23:28.0066 2920 pciide - ok
00:23:28.0237 2920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
00:23:28.0253 2920 pcmcia - ok
00:23:28.0409 2920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
00:23:28.0409 2920 pcw - ok
00:23:28.0534 2920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
00:23:28.0565 2920 PEAUTH - ok
00:23:28.0814 2920 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
00:23:28.0830 2920 PptpMiniport - ok
00:23:28.0924 2920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
00:23:28.0939 2920 Processor - ok
00:23:28.0986 2920 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
00:23:28.0986 2920 Psched - ok
00:23:29.0189 2920 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
00:23:29.0189 2920 PxHlpa64 - ok
00:23:29.0532 2920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
00:23:29.0579 2920 ql2300 - ok
00:23:29.0828 2920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
00:23:29.0860 2920 ql40xx - ok
00:23:30.0031 2920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
00:23:30.0031 2920 QWAVEdrv - ok
00:23:30.0156 2920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
00:23:30.0172 2920 RasAcd - ok
00:23:30.0343 2920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
00:23:30.0359 2920 RasAgileVpn - ok
00:23:30.0484 2920 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
00:23:30.0499 2920 Rasl2tp - ok
00:23:30.0546 2920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
00:23:30.0562 2920 RasPppoe - ok
00:23:30.0718 2920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
00:23:30.0749 2920 RasSstp - ok
00:23:30.0967 2920 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
00:23:30.0998 2920 rdbss - ok
00:23:31.0108 2920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
00:23:31.0123 2920 rdpbus - ok
00:23:31.0154 2920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
00:23:31.0170 2920 RDPCDD - ok
00:23:31.0295 2920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
00:23:31.0326 2920 RDPENCDD - ok
00:23:31.0404 2920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
00:23:31.0435 2920 RDPREFMP - ok
00:23:31.0513 2920 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
00:23:31.0544 2920 RDPWD - ok
00:23:31.0638 2920 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
00:23:31.0654 2920 rdyboost - ok
00:23:31.0872 2920 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
00:23:31.0888 2920 RFCOMM - ok
00:23:32.0012 2920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
00:23:32.0028 2920 rspndr - ok
00:23:32.0075 2920 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
00:23:32.0137 2920 RTL8167 - ok
00:23:32.0262 2920 rtsuvc (73157d4a4f6da18c5148e47cb958af58) C:\windows\system32\DRIVERS\rtsuvc.sys
00:23:32.0309 2920 rtsuvc - ok
00:23:32.0402 2920 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
00:23:32.0449 2920 sbp2port - ok
00:23:32.0558 2920 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
00:23:32.0590 2920 scfilter - ok
00:23:32.0714 2920 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
00:23:32.0761 2920 sdbus - ok
00:23:32.0917 2920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
00:23:32.0933 2920 secdrv - ok
00:23:33.0104 2920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
00:23:33.0104 2920 Serenum - ok
00:23:33.0198 2920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
00:23:33.0229 2920 Serial - ok
00:23:33.0370 2920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
00:23:33.0385 2920 sermouse - ok
00:23:34.0134 2920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
00:23:34.0134 2920 sffdisk - ok
00:23:34.0384 2920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
00:23:34.0477 2920 sffp_mmc - ok
00:23:34.0633 2920 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
00:23:34.0633 2920 sffp_sd - ok
00:23:34.0664 2920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
00:23:34.0664 2920 sfloppy - ok
00:23:34.0867 2920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
00:23:34.0867 2920 SiSRaid2 - ok
00:23:35.0101 2920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
00:23:35.0148 2920 SiSRaid4 - ok
00:23:35.0335 2920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
00:23:35.0398 2920 Smb - ok
00:23:35.0850 2920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
00:23:35.0897 2920 spldr - ok
00:23:36.0287 2920 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
00:23:36.0427 2920 SRTSP - ok
00:23:36.0630 2920 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
00:23:36.0661 2920 SRTSPX - ok
00:23:36.0864 2920 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
00:23:36.0926 2920 srv - ok
00:23:37.0082 2920 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
00:23:37.0129 2920 srv2 - ok
00:23:37.0332 2920 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
00:23:37.0363 2920 srvnet - ok
00:23:37.0613 2920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
00:23:37.0628 2920 stexstor - ok
00:23:37.0753 2920 STHDA (96df19a03d37f8568141612d31f0d035) C:\windows\system32\DRIVERS\stwrt64.sys
00:23:37.0784 2920 STHDA - ok
00:23:37.0972 2920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
00:23:37.0987 2920 swenum - ok
00:23:38.0596 2920 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
00:23:38.0658 2920 SymDS - ok
00:23:39.0064 2920 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
00:23:39.0079 2920 SymEFA - ok
00:23:39.0266 2920 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
00:23:39.0266 2920 SymEvent - ok
00:23:39.0500 2920 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
00:23:39.0625 2920 SymIRON - ok
00:23:39.0750 2920 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
00:23:39.0766 2920 SymNetS - ok
00:23:39.0906 2920 SynTP (be2b928de9af2848289db7a54c7e2398) C:\windows\system32\DRIVERS\SynTP.sys
00:23:39.0906 2920 SynTP - ok
00:23:40.0124 2920 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
00:23:40.0280 2920 Tcpip - ok
00:23:40.0483 2920 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
00:23:40.0499 2920 TCPIP6 - ok
00:23:40.0733 2920 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
00:23:40.0748 2920 tcpipreg - ok
00:23:40.0904 2920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
00:23:40.0920 2920 TDPIPE - ok
00:23:41.0029 2920 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
00:23:41.0045 2920 TDTCP - ok
00:23:41.0154 2920 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
00:23:41.0170 2920 tdx - ok
00:23:41.0404 2920 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
00:23:41.0404 2920 TermDD - ok
00:23:41.0731 2920 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
00:23:41.0731 2920 TPM - ok
00:23:42.0137 2920 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
00:23:42.0184 2920 tssecsrv - ok
00:23:42.0371 2920 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
00:23:42.0371 2920 tunnel - ok
00:23:42.0574 2920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
00:23:42.0589 2920 uagp35 - ok
00:23:42.0901 2920 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\windows\system32\DRIVERS\udfs.sys
00:23:42.0995 2920 udfs - ok
00:23:43.0229 2920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
00:23:43.0229 2920 uliagpkx - ok
00:23:43.0322 2920 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
00:23:43.0338 2920 umbus - ok
00:23:43.0432 2920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
00:23:43.0447 2920 UmPass - ok
00:23:43.0728 2920 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
00:23:43.0775 2920 usbaudio - ok
00:23:43.0868 2920 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
00:23:43.0884 2920 usbccgp - ok
00:23:43.0946 2920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
00:23:43.0978 2920 usbcir - ok
00:23:44.0274 2920 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
00:23:44.0321 2920 usbehci - ok
00:23:44.0555 2920 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
00:23:44.0586 2920 usbhub - ok
00:23:44.0898 2920 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
00:23:44.0929 2920 usbohci - ok
00:23:45.0023 2920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
00:23:45.0038 2920 usbprint - ok
00:23:45.0070 2920 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
00:23:45.0085 2920 usbscan - ok
00:23:45.0163 2920 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:23:45.0179 2920 USBSTOR - ok
00:23:45.0366 2920 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
00:23:45.0366 2920 usbuhci - ok
00:23:45.0522 2920 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
00:23:45.0538 2920 usbvideo - ok
00:23:45.0709 2920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
00:23:45.0709 2920 vdrvroot - ok
00:23:45.0787 2920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
00:23:45.0787 2920 vga - ok
00:23:45.0881 2920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
00:23:45.0881 2920 VgaSave - ok
00:23:46.0006 2920 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
00:23:46.0021 2920 vhdmp - ok
00:23:46.0240 2920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
00:23:46.0255 2920 viaide - ok
00:23:46.0411 2920 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
00:23:46.0427 2920 volmgr - ok
00:23:46.0552 2920 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
00:23:46.0567 2920 volmgrx - ok
00:23:46.0614 2920 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
00:23:46.0645 2920 volsnap - ok
00:23:46.0739 2920 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\windows\system32\DRIVERS\vpnva64.sys
00:23:46.0739 2920 vpnva - ok
00:23:46.0801 2920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
00:23:46.0817 2920 vsmraid - ok
00:23:46.0864 2920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
00:23:46.0879 2920 vwifibus - ok
00:23:47.0004 2920 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
00:23:47.0020 2920 vwififlt - ok
00:23:47.0066 2920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
00:23:47.0066 2920 WacomPen - ok
00:23:47.0176 2920 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
00:23:47.0191 2920 WANARP - ok
00:23:47.0191 2920 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
00:23:47.0207 2920 Wanarpv6 - ok
00:23:47.0285 2920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
00:23:47.0347 2920 Wd - ok
00:23:47.0441 2920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
00:23:47.0488 2920 Wdf01000 - ok
00:23:47.0628 2920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
00:23:47.0628 2920 WfpLwf - ok
00:23:47.0644 2920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
00:23:47.0659 2920 WIMMount - ok
00:23:47.0815 2920 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUsb.sys
00:23:47.0831 2920 WinUsb - ok
00:23:47.0893 2920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
00:23:47.0909 2920 WmiAcpi - ok
00:23:48.0018 2920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
00:23:48.0018 2920 ws2ifsl - ok
00:23:48.0080 2920 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
00:23:48.0096 2920 WudfPf - ok
00:23:48.0127 2920 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
00:23:48.0127 2920 WUDFRd - ok
00:23:48.0190 2920 MBR (0x1B8) (ab1119be9d817f19019e3b0913c8f91d) \Device\Harddisk0\DR0
00:23:48.0205 2920 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
00:23:48.0205 2920 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
00:23:48.0268 2920 Boot (0x1200) (1ee21c7b77ed91c9058aeb55e9ecf476) \Device\Harddisk0\DR0\Partition0
00:23:48.0268 2920 \Device\Harddisk0\DR0\Partition0 - ok
00:23:48.0299 2920 Boot (0x1200) (8fe53148daf8727d76a884b26cd7fcc9) \Device\Harddisk0\DR0\Partition1
00:23:48.0314 2920 \Device\Harddisk0\DR0\Partition1 - ok
00:23:48.0346 2920 Boot (0x1200) (06d24fdd054d6596a2e2ce690049e3a2) \Device\Harddisk0\DR0\Partition2
00:23:48.0377 2920 \Device\Harddisk0\DR0\Partition2 - ok
00:23:48.0424 2920 Boot (0x1200) (2c3909372ade9ceed3dab637b90e161b) \Device\Harddisk0\DR0\Partition3
00:23:48.0439 2920 \Device\Harddisk0\DR0\Partition3 - ok
00:23:48.0439 2920 ============================================================
00:23:48.0439 2920 Scan finished
00:23:48.0439 2920 ============================================================
00:23:48.0455 2220 Detected object count: 1
00:23:48.0455 2220 Actual detected object count: 1
00:24:01.0075 2220 \Device\Harddisk0\DR0 - processing error
00:24:13.0368 2220 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure

markusg 25.01.2012 14:52
hast du eine windows cd zur hand?

nu3nn 25.01.2012 20:49
Nein, ich habe allerdings Windows 7 Professional (x86) auf einem anderen Rechner. Das ist eine Version, die ich als Student an der Uni herunterladen durfte. Ich könnte diese Version auf meiner externen Festplatte speichern und diese dann an das "verseuchte" Notebook (läuft aktuell mit Windows 7 Home) anschließen und von dort booten, wenn das möglich ist. Ansonsten müsste ich mich umhören, in den nächsten Tagen bekomme ich sicherlich von irgendwo eine CD her.

markusg 26.01.2012 12:57
nein das ist nicht möglich.
1. muss dieses system neu aufgesetzt werden, du hast ein rootkit auf dem pc.
2. wenn du onlinebanking machst, lasse das umgehend sperren.
3. müssen wir den mbr trotzdem sauber bekommen.
lade mal hitmanpro:
http://www.trojaner-board.de/99424-c...o-scannen.html
doppelklicken, settings, license, testlicense.
bitte aktivieren.
dann scan, funde in quarantäne, log am ende als xml datei exportieren und hier anhängen als datei.

nu3nn 26.01.2012 15:26
Folgende Meldung beim Ausführen von Hitman Pro:

64-bit Betriebssystem gefunden. Diese Version unterstützt lediglich eine 32-bit Version von Windows.

Ich habe über die Produkthomepage die 64 Bit Version geladen. Wollte unter Lizenz die kostenlose Lizez aktivieren, beim Aktivierungsprozess tritt aber ein Fehler mit der Meldung auf, dass eine Firewall-Software die Anwendung blockieren würde. Sie fordern auf, die Firewallregeln zu aktualisieren. Allerdings habe ich keine Firewall an, jedenfalls meines Wissens nach.

nu3nn 26.01.2012 15:28
heute abend hätte ich evtl. eine gebrannte windows cd zur verfügung..

markusg 26.01.2012 15:57
was heißt gebrannt, ist die original oder aus irgend ner tauschbörse.
solche versionen sollte man nicht verwenden, da
1. illegal.
2. du nicht weist ob da nicht noch was drinn versteckt ist.
deaktiviere mal die windows firewall:
http://windows.microsoft.com/de-DE/w...wall-on-or-off
starte neu und probiere hitmanpro erneut

nu3nn 26.01.2012 16:26
Der Fehler tritt nach dem Ausschalten der Firewall immer noch auf.. (Fehlercode 20)

Nein, nichts illegales. Es wäre eine Kopie der original Windows 7 Professional DVD. Allerdings habe ich nur einen Key für Windows 7 Home. Ich werd weiter rumfragen..

muss es denn die Original CD sein?

markusg 26.01.2012 17:33
es muss eine zu deiner version passende cd sein
wo ist denn deine windows version geblieben, irgendwie muss das betriebssystem ja auf den pc gekommen sein.
lade:
http://ad13.geekstogo.com/MBRCheck.exe
führe das programm durch doppelklick aus, dann lasse es durchlaufen, schließen, log sollte auf dem desktop liegen, poste es.

nu3nn 26.01.2012 17:48
Windows 7 Home x64 war vorinstalliert, der Key befindet sich am Boden des Notebooks. Ich kann die entsprechende Windows Version soweit ich weiß als .iso downloaden und auf DVD brennen.


Hier die log:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP 620
Logical Drives Mask: 0x0000006c

Kernel Drivers (total 201):
0x02C55000 \SystemRoot\system32\ntoskrnl.exe
0x02C0C000 \SystemRoot\system32\hal.dll
0x00B9D000 \SystemRoot\system32\kdcom.dll
0x00C54000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C98000 \SystemRoot\system32\PSHED.dll
0x00CAC000 \SystemRoot\system32\CLFS.SYS
0x00D0A000 \SystemRoot\system32\CI.dll
0x00E46000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EEA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF9000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F50000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F59000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F63000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F96000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FA3000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FC1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FCD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0102D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01089000 \SystemRoot\System32\drivers\mountmgr.sys
0x01234000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0143E000 \SystemRoot\system32\drivers\amdxata.sys
0x01449000 \SystemRoot\system32\drivers\fltmgr.sys
0x01495000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
0x01506000 \SystemRoot\system32\drivers\fileinfo.sys
0x0151A000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
0x01200000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01658000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010A3000 \SystemRoot\System32\Drivers\msrpc.sys
0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01101000 \SystemRoot\System32\Drivers\cng.sys
0x0161A000 \SystemRoot\System32\drivers\pcw.sys
0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01825000 \SystemRoot\system32\drivers\ndis.sys
0x01917000 \SystemRoot\system32\drivers\NETIO.SYS
0x01977000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A01000 \SystemRoot\System32\drivers\tcpip.sys
0x019A2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01174000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x019EC000 \SystemRoot\System32\Drivers\spldr.sys
0x011C0000 \SystemRoot\System32\drivers\rdyboost.sys
0x01800000 \SystemRoot\System32\Drivers\mup.sys
0x01812000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00E00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01635000 \SystemRoot\system32\DRIVERS\disk.sys
0x00DCA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03E22000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03E4C000 \SystemRoot\System32\Drivers\Null.SYS
0x03E55000 \SystemRoot\System32\Drivers\Beep.SYS
0x03E5C000 \SystemRoot\System32\drivers\vga.sys
0x03E6A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03E8F000 \SystemRoot\System32\drivers\watchdog.sys
0x03E9F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03EA8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03EB1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03EBA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03EC5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03ED6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03EF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03F01000 \SystemRoot\system32\drivers\afd.sys
0x03F8A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03FCF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03FDA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01000000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03FE3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0121B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00FE2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00C00000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E24000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
0x02E8B000 \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
0x02EC1000 \SystemRoot\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
0x02EEE000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
0x02F04000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02F55000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02F61000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02F6C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
0x040AE000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04124000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04149000 \SystemRoot\System32\drivers\discache.sys
0x04158000 \SystemRoot\System32\Drivers\dfsc.sys
0x04176000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04261000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
0x0434C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x04370000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04396000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A3D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x051B8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0441D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04511000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04557000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04564000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045BA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x045CB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04628000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x04712000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0471F000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04772000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04790000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x0479C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x047AB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x047FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04600000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0460F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04614000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x045EF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04400000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043DB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04221000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0461D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04187000 \SystemRoot\system32\DRIVERS\ks.sys
0x051EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04000000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0423B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0623B000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x062BD000 \SystemRoot\system32\DRIVERS\portcls.sys
0x062FA000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0631C000 \SystemRoot\system32\drivers\ksthunk.sys
0x06634000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x06765000 \SystemRoot\system32\drivers\modem.sys
0x06774000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x0679C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x067AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x067BD000 \SystemRoot\System32\drivers\Dxapi.sys
0x067C9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x067D7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x067E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06609000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06616000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00930000 \SystemRoot\System32\ATMFD.DLL
0x06322000 \SystemRoot\system32\drivers\luafv.sys
0x06345000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x06364000 \SystemRoot\system32\drivers\WudfPf.sys
0x06385000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x063A2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0405A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x063B7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x063CA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x063E2000 \SystemRoot\system32\DRIVERS\rtsuvc.sys
0x04804000 \SystemRoot\system32\drivers\HTTP.sys
0x048CC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x048EA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04902000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0492F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0497D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x076B8000 \SystemRoot\system32\drivers\peauth.sys
0x0775E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07769000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07796000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C0C000 \SystemRoot\System32\DRIVERS\srv.sys
0x07D43000 \SystemRoot\system32\drivers\spsys.sys
0x07DB4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x774C0000 \Windows\System32\ntdll.dll
0x48050000 \Windows\System32\smss.exe
0xFF7E0000 \Windows\System32\apisetschema.dll
0xFF660000 \Windows\System32\autochk.exe
0xFF7B0000 \Windows\System32\sechost.dll
0xFF7A0000 \Windows\System32\lpk.dll
0xFF750000 \Windows\System32\Wldap32.dll
0xFF620000 \Windows\System32\wininet.dll
0xFF4F0000 \Windows\System32\rpcrt4.dll
0x773C0000 \Windows\System32\user32.dll
0xFF450000 \Windows\System32\clbcatq.dll
0xFE6C0000 \Windows\System32\shell32.dll
0xFE690000 \Windows\System32\imm32.dll
0x77690000 \Windows\System32\normaliz.dll
0xFE5F0000 \Windows\System32\comdlg32.dll
0xFE510000 \Windows\System32\oleaut32.dll
0xFE300000 \Windows\System32\ole32.dll
0xFE2E0000 \Windows\System32\imagehlp.dll
0xFE240000 \Windows\System32\msvcrt.dll
0xFE170000 \Windows\System32\usp10.dll
0xFE120000 \Windows\System32\ws2_32.dll
0xFE040000 \Windows\System32\advapi32.dll
0xFDFD0000 \Windows\System32\gdi32.dll
0xFDD70000 \Windows\System32\iertutil.dll
0xFDC60000 \Windows\System32\msctf.dll
0xFDBE0000 \Windows\System32\difxapi.dll
0x772A0000 \Windows\System32\kernel32.dll
0xFDBD0000 \Windows\System32\nsi.dll
0xFDA50000 \Windows\System32\urlmon.dll
0xFD870000 \Windows\System32\setupapi.dll
0x77680000 \Windows\System32\psapi.dll
0xFD7F0000 \Windows\System32\shlwapi.dll
0xFD780000 \Windows\System32\KernelBase.dll
0xFD6E0000 \Windows\System32\comctl32.dll
0xFD6C0000 \Windows\System32\devobj.dll
0xFD680000 \Windows\System32\wintrust.dll
0xFD640000 \Windows\System32\cfgmgr32.dll
0xFD4D0000 \Windows\System32\crypt32.dll
0xFD4C0000 \Windows\System32\msasn1.dll
0x77670000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
424 csrss.exe
484 C:\Windows\System32\wininit.exe
496 csrss.exe
540 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\svchost.exe
752 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\winlogon.exe
968 C:\Program Files\IDT\WDM\stacsv64.exe
1044 C:\Windows\System32\svchost.exe
1132 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1164 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\spoolsv.exe
1440 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1464 C:\Windows\System32\svchost.exe
1644 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1692 C:\Program Files\IDT\WDM\AESTSr64.exe
1716 C:\Program Files\LSI SoftModem\agr64svc.exe
1744 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1772 C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
1828 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1868 C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
1888 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1900 C:\Windows\System32\conhost.exe
1944 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1988 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
2028 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
912 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
2088 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2176 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2284 C:\Windows\System32\svchost.exe
2416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2452 C:\Program Files\Motorola\Bluetooth\obexsrv.exe
2776 unsecapp.exe
2948 C:\Windows\System32\taskhost.exe
3020 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
3036 C:\Windows\System32\dwm.exe
2084 WmiPrvSE.exe
2408 C:\Windows\explorer.exe
3268 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3304 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3336 C:\Windows\System32\igfxtray.exe
3352 C:\Windows\System32\hkcmd.exe
3376 C:\Windows\System32\igfxpers.exe
3428 C:\Windows\System32\rundll32.exe
3512 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3528 C:\Program Files\IDT\WDM\sttray64.exe
3548 C:\Windows\System32\igfxsrvc.exe
3572 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3692 C:\Program Files (x86)\Steam\Steam.exe
3760 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3768 C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
3804 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
3900 C:\Windows\System32\SearchIndexer.exe
3132 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3244 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
708 C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
284 C:\Windows\System32\svchost.exe
4116 C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
4208 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
4216 C:\Windows\System32\svchost.exe
4264 C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
4360 C:\Program Files (x86)\Ask.com\Updater\Updater.exe
4408 C:\Program Files (x86)\PDF24\pdf24.exe
5024 C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
5052 C:\Program Files\Motorola\Bluetooth\audiosrv.exe
4012 C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
4908 C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
4740 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
3912 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
3780 C:\Windows\System32\svchost.exe
4540 C:\Program Files\Windows Media Player\wmpnetwk.exe
5560 C:\Windows\System32\wuauclt.exe
4864 C:\Windows\System32\audiodg.exe
6060 C:\Windows\System32\sppsvc.exe
3776 WUDFHost.exe
3236 C:\Windows\System32\SearchProtocolHost.exe
4804 C:\Windows\System32\SearchFilterHost.exe
5692 C:\Users\***\Desktop\MBRCheck.exe
5780 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`12d00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000073`f0a00000 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OCA1G

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3C6D6087F5B8355C972741641140563E26F33E87


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

markusg 26.01.2012 18:09
drücke 1 für "dump of mbr" enter
drücke "0" for hardisk 0
schreib jetzt nen namen für den mbr, tippe enter
schließe mbrcheck.
die von dir erstellte datei befindet sich im selben ordner wie mbrcheck
uploade sie in den upload channel
Trojaner-Board Upload Channel

nu3nn 26.01.2012 18:23
die datei Hugo (name des MBR) enthält den Trojaner BOO..., das hat Avira gerade gemeldet... warum und was nun?

trotzdem uploaden?

markusg 26.01.2012 19:08
ich will mal noch was versuchen, starte mal den tdss killer und setze die haken zusätzlich unter additional parameters, lasse das programm noch mal laufen und versuche cure durchzuführen

nu3nn 26.01.2012 19:12
Bei Auswahl von cure und continue:

Can't cure MBR. Write standard bootcode?
If youn have installed custom bootloader (acronis, grub, lilo), you will have to reinstall them after the treatment

markusg 26.01.2012 19:59
wähle yes aus.

nu3nn 26.01.2012 20:01
hier der report... ich reboote jetzt


19:09:06.0669 1208 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
19:09:06.0856 1208 ============================================================
19:09:06.0856 1208 Current date / time: 2012/01/26 19:09:06.0856
19:09:06.0856 1208 SystemInfo:
19:09:06.0856 1208
19:09:06.0856 1208 OS Version: 6.1.7600 ServicePack: 0.0
19:09:06.0856 1208 Product type: Workstation
19:09:06.0856 1208 ComputerName: BERNDT-HP
19:09:06.0856 1208 UserName: Berndt
19:09:06.0856 1208 Windows directory: C:\windows
19:09:06.0856 1208 System windows directory: C:\windows
19:09:06.0856 1208 Running under WOW64
19:09:06.0856 1208 Processor architecture: Intel x64
19:09:06.0856 1208 Number of processors: 2
19:09:06.0856 1208 Page size: 0x1000
19:09:06.0856 1208 Boot type: Safe boot with network
19:09:06.0856 1208 ============================================================
19:09:07.0402 1208 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:09:07.0464 1208 Initialize success
19:09:34.0546 0624 ============================================================
19:09:34.0546 0624 Scan started
19:09:34.0546 0624 Mode: Manual; SigCheck; TDLFS;
19:09:34.0546 0624 ============================================================
19:09:34.0936 0624 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
19:09:35.0029 0624 1394ohci - ok
19:09:35.0123 0624 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
19:09:35.0154 0624 ACPI - ok
19:09:35.0185 0624 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
19:09:35.0279 0624 AcpiPmi - ok
19:09:35.0404 0624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:09:35.0419 0624 adp94xx - ok
19:09:35.0529 0624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:09:35.0544 0624 adpahci - ok
19:09:35.0575 0624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:09:35.0591 0624 adpu320 - ok
19:09:35.0700 0624 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
19:09:35.0778 0624 AFD - ok
19:09:35.0887 0624 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
19:09:35.0965 0624 AgereSoftModem - ok
19:09:36.0059 0624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
19:09:36.0059 0624 agp440 - ok
19:09:36.0121 0624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:09:36.0137 0624 aliide - ok
19:09:36.0215 0624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:09:36.0231 0624 amdide - ok
19:09:36.0277 0624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:09:36.0309 0624 AmdK8 - ok
19:09:36.0418 0624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:09:36.0449 0624 AmdPPM - ok
19:09:36.0527 0624 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
19:09:36.0527 0624 amdsata - ok
19:09:36.0621 0624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:09:36.0636 0624 amdsbs - ok
19:09:36.0699 0624 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
19:09:36.0714 0624 amdxata - ok
19:09:36.0823 0624 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
19:09:36.0901 0624 AppID - ok
19:09:37.0026 0624 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:09:37.0042 0624 arc - ok
19:09:37.0057 0624 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:09:37.0073 0624 arcsas - ok
19:09:37.0120 0624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:09:37.0245 0624 AsyncMac - ok
19:09:37.0354 0624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:09:37.0369 0624 atapi - ok
19:09:37.0447 0624 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
19:09:37.0479 0624 avgntflt - ok
19:09:37.0557 0624 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
19:09:37.0557 0624 avipbb - ok
19:09:37.0635 0624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:09:37.0681 0624 b06bdrv - ok
19:09:37.0775 0624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:09:37.0806 0624 b57nd60a - ok
19:09:37.0869 0624 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:09:37.0915 0624 Beep - ok
19:09:38.0071 0624 BHDrvx64 (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
19:09:38.0103 0624 BHDrvx64 - ok
19:09:38.0212 0624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:09:38.0227 0624 blbdrive - ok
19:09:38.0352 0624 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
19:09:38.0415 0624 bowser - ok
19:09:38.0508 0624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:09:38.0539 0624 BrFiltLo - ok
19:09:38.0571 0624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:09:38.0586 0624 BrFiltUp - ok
19:09:38.0695 0624 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:09:38.0758 0624 BridgeMP - ok
19:09:38.0805 0624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:09:38.0851 0624 Brserid - ok
19:09:38.0945 0624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:09:38.0976 0624 BrSerWdm - ok
19:09:39.0070 0624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:09:39.0117 0624 BrUsbMdm - ok
19:09:39.0148 0624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:09:39.0163 0624 BrUsbSer - ok
19:09:39.0257 0624 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
19:09:39.0304 0624 BthEnum - ok
19:09:39.0397 0624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:09:39.0429 0624 BTHMODEM - ok
19:09:39.0460 0624 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:09:39.0491 0624 BthPan - ok
19:09:39.0569 0624 BTHPORT (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
19:09:39.0631 0624 BTHPORT - ok
19:09:39.0725 0624 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
19:09:39.0741 0624 BTHUSB - ok
19:09:39.0787 0624 BTMCOM (e588420b950dac5ac397f76660bce520) C:\windows\system32\Drivers\btmcom.sys
19:09:39.0834 0624 BTMCOM - ok
19:09:39.0990 0624 BTMUSB (d1bcd0e189378f81e3fe57783684b3da) C:\windows\system32\Drivers\btmusb.sys
19:09:40.0084 0624 BTMUSB - ok
19:09:40.0115 0624 catchme - ok
19:09:40.0209 0624 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:09:40.0271 0624 cdfs - ok
19:09:40.0318 0624 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
19:09:40.0349 0624 cdrom - ok
19:09:40.0427 0624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:09:40.0443 0624 circlass - ok
19:09:40.0505 0624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:09:40.0521 0624 CLFS - ok
19:09:40.0630 0624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:09:40.0645 0624 CmBatt - ok
19:09:40.0708 0624 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:09:40.0708 0624 cmdide - ok
19:09:40.0755 0624 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
19:09:40.0770 0624 CNG - ok
19:09:40.0864 0624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:09:40.0879 0624 Compbatt - ok
19:09:40.0895 0624 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
19:09:40.0911 0624 CompositeBus - ok
19:09:40.0942 0624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:09:40.0957 0624 crcdisk - ok
19:09:41.0051 0624 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
19:09:41.0098 0624 DfsC - ok
19:09:41.0129 0624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:09:41.0176 0624 discache - ok
19:09:41.0285 0624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:09:41.0301 0624 Disk - ok
19:09:41.0347 0624 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:09:41.0363 0624 drmkaud - ok
19:09:41.0472 0624 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
19:09:41.0503 0624 DXGKrnl - ok
19:09:41.0659 0624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:09:41.0737 0624 ebdrv - ok
19:09:41.0815 0624 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:09:41.0831 0624 eeCtrl - ok
19:09:41.0956 0624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:09:41.0971 0624 elxstor - ok
19:09:42.0049 0624 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:09:42.0065 0624 EraserUtilRebootDrv - ok
19:09:42.0143 0624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
19:09:42.0159 0624 ErrDev - ok
19:09:42.0221 0624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:09:42.0268 0624 exfat - ok
19:09:42.0330 0624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:09:42.0361 0624 fastfat - ok
19:09:42.0408 0624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:09:42.0439 0624 fdc - ok
19:09:42.0533 0624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:09:42.0549 0624 FileInfo - ok
19:09:42.0580 0624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:09:42.0658 0624 Filetrace - ok
19:09:42.0751 0624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:09:42.0783 0624 flpydisk - ok
19:09:42.0829 0624 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
19:09:42.0845 0624 FltMgr - ok
19:09:42.0923 0624 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:09:42.0939 0624 FsDepends - ok
19:09:42.0954 0624 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:09:42.0954 0624 Fs_Rec - ok
19:09:43.0032 0624 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
19:09:43.0048 0624 fvevol - ok
19:09:43.0126 0624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:09:43.0141 0624 gagp30kx - ok
19:09:43.0173 0624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:09:43.0188 0624 hcw85cir - ok
19:09:43.0282 0624 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
19:09:43.0313 0624 HdAudAddService - ok
19:09:43.0407 0624 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:09:43.0453 0624 HDAudBus - ok
19:09:43.0453 0624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:09:43.0485 0624 HidBatt - ok
19:09:43.0500 0624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:09:43.0547 0624 HidBth - ok
19:09:43.0641 0624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:09:43.0656 0624 HidIr - ok
19:09:43.0734 0624 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
19:09:43.0765 0624 HidUsb - ok
19:09:43.0968 0624 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
19:09:43.0984 0624 HpqKbFiltr - ok
19:09:44.0124 0624 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
19:09:44.0124 0624 HpSAMD - ok
19:09:44.0187 0624 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
19:09:44.0233 0624 HTTP - ok
19:09:44.0311 0624 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
19:09:44.0343 0624 hwpolicy - ok
19:09:44.0436 0624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:09:44.0452 0624 i8042prt - ok
19:09:44.0483 0624 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
19:09:44.0499 0624 iaStor - ok
19:09:44.0623 0624 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
19:09:44.0639 0624 iaStorV - ok
19:09:44.0748 0624 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
19:09:44.0779 0624 IDSVia64 - ok
19:09:45.0013 0624 igfx (7467ae8f96ea983423148c62458669fa) C:\windows\system32\DRIVERS\igdkmd64.sys
19:09:45.0247 0624 igfx - ok
19:09:45.0341 0624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:09:45.0357 0624 iirsp - ok
19:09:45.0403 0624 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\windows\system32\drivers\IntcHdmi.sys
19:09:45.0435 0624 IntcHdmiAddService - ok
19:09:45.0528 0624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:09:45.0544 0624 intelide - ok
19:09:45.0575 0624 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:09:45.0606 0624 intelppm - ok
19:09:45.0700 0624 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:09:45.0731 0624 IpFilterDriver - ok
19:09:45.0762 0624 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
19:09:45.0793 0624 IPMIDRV - ok
19:09:45.0887 0624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:09:45.0934 0624 IPNAT - ok
19:09:45.0965 0624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:09:45.0996 0624 IRENUM - ok
19:09:46.0074 0624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
19:09:46.0090 0624 isapnp - ok
19:09:46.0121 0624 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
19:09:46.0121 0624 iScsiPrt - ok
19:09:46.0168 0624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:09:46.0168 0624 kbdclass - ok
19:09:46.0261 0624 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
19:09:46.0293 0624 kbdhid - ok
19:09:46.0324 0624 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
19:09:46.0324 0624 KSecDD - ok
19:09:46.0417 0624 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
19:09:46.0433 0624 KSecPkg - ok
19:09:46.0464 0624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:09:46.0511 0624 ksthunk - ok
19:09:46.0636 0624 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:09:46.0683 0624 lltdio - ok
19:09:46.0745 0624 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:09:46.0745 0624 LSI_FC - ok
19:09:46.0823 0624 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:09:46.0839 0624 LSI_SAS - ok
19:09:46.0854 0624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:09:46.0870 0624 LSI_SAS2 - ok
19:09:46.0901 0624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:09:46.0901 0624 LSI_SCSI - ok
19:09:46.0948 0624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:09:46.0995 0624 luafv - ok
19:09:47.0073 0624 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:09:47.0088 0624 megasas - ok
19:09:47.0119 0624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:09:47.0119 0624 MegaSR - ok
19:09:47.0166 0624 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:09:47.0213 0624 Modem - ok
19:09:47.0291 0624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:09:47.0322 0624 monitor - ok
19:09:47.0369 0624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:09:47.0369 0624 mouclass - ok
19:09:47.0463 0624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:09:47.0494 0624 mouhid - ok
19:09:47.0525 0624 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
19:09:47.0541 0624 mountmgr - ok
19:09:47.0572 0624 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
19:09:47.0587 0624 mpio - ok
19:09:47.0650 0624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:09:47.0697 0624 mpsdrv - ok
19:09:47.0743 0624 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
19:09:47.0775 0624 MRxDAV - ok
19:09:47.0837 0624 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
19:09:47.0884 0624 mrxsmb - ok
19:09:47.0915 0624 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:09:47.0946 0624 mrxsmb10 - ok
19:09:48.0024 0624 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:09:48.0040 0624 mrxsmb20 - ok
19:09:48.0087 0624 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\drivers\msahci.sys
19:09:48.0102 0624 msahci - ok
19:09:48.0133 0624 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
19:09:48.0149 0624 msdsm - ok
19:09:48.0227 0624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:09:48.0274 0624 Msfs - ok
19:09:48.0305 0624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:09:48.0352 0624 mshidkmdf - ok
19:09:48.0414 0624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
19:09:48.0414 0624 msisadrv - ok
19:09:48.0461 0624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:09:48.0508 0624 MSKSSRV - ok
19:09:48.0601 0624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:09:48.0648 0624 MSPCLOCK - ok
19:09:48.0664 0624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:09:48.0711 0624 MSPQM - ok
19:09:48.0804 0624 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
19:09:48.0820 0624 MsRPC - ok
19:09:48.0851 0624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:09:48.0851 0624 mssmbios - ok
19:09:48.0867 0624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:09:48.0913 0624 MSTEE - ok
19:09:49.0007 0624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:09:49.0038 0624 MTConfig - ok
19:09:49.0101 0624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:09:49.0101 0624 Mup - ok
19:09:49.0194 0624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:09:49.0241 0624 NativeWifiP - ok
19:09:49.0366 0624 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
19:09:49.0381 0624 NAVENG - ok
19:09:49.0428 0624 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
19:09:49.0459 0624 NAVEX15 - ok
19:09:49.0569 0624 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
19:09:49.0600 0624 NDIS - ok
19:09:49.0678 0624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:09:49.0709 0624 NdisCap - ok
19:09:49.0740 0624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:09:49.0787 0624 NdisTapi - ok
19:09:49.0881 0624 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
19:09:49.0927 0624 Ndisuio - ok
19:09:49.0943 0624 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
19:09:50.0005 0624 NdisWan - ok
19:09:50.0083 0624 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
19:09:50.0146 0624 NDProxy - ok
19:09:50.0161 0624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:09:50.0208 0624 NetBIOS - ok
19:09:50.0286 0624 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
19:09:50.0349 0624 NetBT - ok
19:09:50.0458 0624 netr28x (b964d4c524a80aba22db16fc1eded0a9) C:\windows\system32\DRIVERS\netr28x.sys
19:09:50.0489 0624 netr28x - ok
19:09:50.0583 0624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:09:50.0598 0624 nfrd960 - ok
19:09:50.0739 0624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:09:50.0770 0624 Npfs - ok
19:09:50.0801 0624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:09:50.0848 0624 nsiproxy - ok
19:09:50.0910 0624 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
19:09:50.0941 0624 Ntfs - ok
19:09:51.0019 0624 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:09:51.0051 0624 Null - ok
19:09:51.0082 0624 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
19:09:51.0097 0624 nvraid - ok
19:09:51.0129 0624 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
19:09:51.0144 0624 nvstor - ok
19:09:51.0175 0624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
19:09:51.0191 0624 nv_agp - ok
19:09:51.0285 0624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
19:09:51.0300 0624 ohci1394 - ok
19:09:51.0347 0624 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:09:51.0347 0624 Parport - ok
19:09:51.0378 0624 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
19:09:51.0394 0624 partmgr - ok
19:09:51.0487 0624 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
19:09:51.0487 0624 pci - ok
19:09:51.0534 0624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:09:51.0550 0624 pciide - ok
19:09:51.0565 0624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:09:51.0581 0624 pcmcia - ok
19:09:51.0612 0624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:09:51.0628 0624 pcw - ok
19:09:51.0706 0624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:09:51.0768 0624 PEAUTH - ok
19:09:51.0893 0624 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
19:09:51.0940 0624 PptpMiniport - ok
19:09:51.0987 0624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:09:52.0002 0624 Processor - ok
19:09:52.0096 0624 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
19:09:52.0158 0624 Psched - ok
19:09:52.0189 0624 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
19:09:52.0189 0624 PxHlpa64 - ok
19:09:52.0299 0624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:09:52.0330 0624 ql2300 - ok
19:09:52.0423 0624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:09:52.0439 0624 ql40xx - ok
19:09:52.0470 0624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:09:52.0501 0624 QWAVEdrv - ok
19:09:52.0595 0624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:09:52.0642 0624 RasAcd - ok
19:09:52.0689 0624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:09:52.0720 0624 RasAgileVpn - ok
19:09:52.0813 0624 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
19:09:52.0845 0624 Rasl2tp - ok
19:09:52.0891 0624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:09:52.0938 0624 RasPppoe - ok
19:09:53.0016 0624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:09:53.0063 0624 RasSstp - ok
19:09:53.0094 0624 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
19:09:53.0141 0624 rdbss - ok
19:09:53.0172 0624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:09:53.0203 0624 rdpbus - ok
19:09:53.0281 0624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:09:53.0328 0624 RDPCDD - ok
19:09:53.0359 0624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:09:53.0406 0624 RDPENCDD - ok
19:09:53.0500 0624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:09:53.0531 0624 RDPREFMP - ok
19:09:53.0562 0624 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
19:09:53.0625 0624 RDPWD - ok
19:09:53.0671 0624 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
19:09:53.0687 0624 rdyboost - ok
19:09:53.0781 0624 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:09:53.0812 0624 RFCOMM - ok
19:09:53.0921 0624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:09:53.0968 0624 rspndr - ok
19:09:53.0999 0624 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
19:09:54.0015 0624 RTL8167 - ok
19:09:54.0046 0624 rtsuvc (73157d4a4f6da18c5148e47cb958af58) C:\windows\system32\DRIVERS\rtsuvc.sys
19:09:54.0077 0624 rtsuvc - ok
19:09:54.0171 0624 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
19:09:54.0186 0624 sbp2port - ok
19:09:54.0217 0624 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
19:09:54.0280 0624 scfilter - ok
19:09:54.0358 0624 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
19:09:54.0373 0624 sdbus - ok
19:09:54.0420 0624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:09:54.0467 0624 secdrv - ok
19:09:54.0561 0624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:09:54.0561 0624 Serenum - ok
19:09:54.0576 0624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:09:54.0607 0624 Serial - ok
19:09:54.0623 0624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:09:54.0654 0624 sermouse - ok
19:09:54.0748 0624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
19:09:54.0779 0624 sffdisk - ok
19:09:54.0795 0624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
19:09:54.0810 0624 sffp_mmc - ok
19:09:54.0888 0624 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
19:09:54.0904 0624 sffp_sd - ok
19:09:54.0935 0624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:09:54.0951 0624 sfloppy - ok
19:09:55.0060 0624 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:09:55.0075 0624 SiSRaid2 - ok
19:09:55.0091 0624 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:09:55.0107 0624 SiSRaid4 - ok
19:09:55.0138 0624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:09:55.0185 0624 Smb - ok
19:09:55.0278 0624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:09:55.0294 0624 spldr - ok
19:09:55.0356 0624 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
19:09:55.0372 0624 SRTSP - ok
19:09:55.0481 0624 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
19:09:55.0497 0624 SRTSPX - ok
19:09:55.0528 0624 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
19:09:55.0575 0624 srv - ok
19:09:55.0653 0624 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
19:09:55.0668 0624 srv2 - ok
19:09:55.0700 0624 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
19:09:55.0715 0624 srvnet - ok
19:09:55.0871 0624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:09:55.0871 0624 stexstor - ok
19:09:55.0934 0624 STHDA (96df19a03d37f8568141612d31f0d035) C:\windows\system32\DRIVERS\stwrt64.sys
19:09:55.0980 0624 STHDA - ok
19:09:56.0058 0624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:09:56.0074 0624 swenum - ok
19:09:56.0136 0624 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
19:09:56.0152 0624 SymDS - ok
19:09:56.0261 0624 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
19:09:56.0292 0624 SymEFA - ok
19:09:56.0386 0624 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:09:56.0402 0624 SymEvent - ok
19:09:56.0464 0624 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
19:09:56.0464 0624 SymIRON - ok
19:09:56.0573 0624 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
19:09:56.0589 0624 SymNetS - ok
19:09:56.0682 0624 SynTP (be2b928de9af2848289db7a54c7e2398) C:\windows\system32\DRIVERS\SynTP.sys
19:09:56.0698 0624 SynTP - ok
19:09:56.0776 0624 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
19:09:56.0823 0624 Tcpip - ok
19:09:56.0948 0624 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
19:09:56.0979 0624 TCPIP6 - ok
19:09:57.0072 0624 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
19:09:57.0119 0624 tcpipreg - ok
19:09:57.0135 0624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:09:57.0182 0624 TDPIPE - ok
19:09:57.0197 0624 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:09:57.0228 0624 TDTCP - ok
19:09:57.0306 0624 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
19:09:57.0353 0624 tdx - ok
19:09:57.0384 0624 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
19:09:57.0384 0624 TermDD - ok
19:09:57.0478 0624 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
19:09:57.0478 0624 TPM - ok
19:09:57.0525 0624 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
19:09:57.0556 0624 tssecsrv - ok
19:09:57.0665 0624 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
19:09:57.0712 0624 tunnel - ok
19:09:57.0743 0624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:09:57.0743 0624 uagp35 - ok
19:09:57.0806 0624 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\windows\system32\DRIVERS\udfs.sys
19:09:57.0837 0624 udfs - ok
19:09:57.0930 0624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
19:09:57.0930 0624 uliagpkx - ok
19:09:57.0962 0624 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
19:09:57.0962 0624 umbus - ok
19:09:57.0993 0624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:09:58.0008 0624 UmPass - ok
19:09:58.0102 0624 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
19:09:58.0118 0624 usbaudio - ok
19:09:58.0149 0624 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
19:09:58.0180 0624 usbccgp - ok
19:09:58.0274 0624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
19:09:58.0305 0624 usbcir - ok
19:09:58.0336 0624 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
19:09:58.0352 0624 usbehci - ok
19:09:58.0445 0624 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
19:09:58.0461 0624 usbhub - ok
19:09:58.0492 0624 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
19:09:58.0523 0624 usbohci - ok
19:09:58.0570 0624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:09:58.0586 0624 usbprint - ok
19:09:58.0648 0624 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:09:58.0679 0624 usbscan - ok
19:09:58.0710 0624 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:09:58.0757 0624 USBSTOR - ok
19:09:58.0804 0624 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
19:09:58.0835 0624 usbuhci - ok
19:09:58.0882 0624 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
19:09:58.0929 0624 usbvideo - ok
19:09:59.0007 0624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
19:09:59.0007 0624 vdrvroot - ok
19:09:59.0069 0624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:09:59.0085 0624 vga - ok
19:09:59.0132 0624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:09:59.0178 0624 VgaSave - ok
19:09:59.0256 0624 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
19:09:59.0272 0624 vhdmp - ok
19:09:59.0334 0624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:09:59.0350 0624 viaide - ok
19:09:59.0366 0624 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
19:09:59.0381 0624 volmgr - ok
19:09:59.0444 0624 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
19:09:59.0459 0624 volmgrx - ok
19:09:59.0506 0624 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
19:09:59.0522 0624 volsnap - ok
19:09:59.0600 0624 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\windows\system32\DRIVERS\vpnva64.sys
19:09:59.0615 0624 vpnva - ok
19:09:59.0678 0624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:09:59.0678 0624 vsmraid - ok
19:09:59.0709 0624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:09:59.0724 0624 vwifibus - ok
19:09:59.0802 0624 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:09:59.0818 0624 vwififlt - ok
19:09:59.0880 0624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:09:59.0912 0624 WacomPen - ok
19:09:59.0990 0624 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:10:00.0021 0624 WANARP - ok
19:10:00.0036 0624 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:10:00.0068 0624 Wanarpv6 - ok
19:10:00.0130 0624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:10:00.0130 0624 Wd - ok
19:10:00.0177 0624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:10:00.0192 0624 Wdf01000 - ok
19:10:00.0317 0624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:10:00.0348 0624 WfpLwf - ok
19:10:00.0364 0624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:10:00.0380 0624 WIMMount - ok
19:10:00.0473 0624 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUsb.sys
19:10:00.0520 0624 WinUsb - ok
19:10:00.0629 0624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:10:00.0816 0624 WmiAcpi - ok
19:10:00.0879 0624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:10:00.0926 0624 ws2ifsl - ok
19:10:01.0004 0624 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
19:10:01.0050 0624 WudfPf - ok
19:10:01.0097 0624 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
19:10:01.0144 0624 WUDFRd - ok
19:10:01.0191 0624 MBR (0x1B8) (ab1119be9d817f19019e3b0913c8f91d) \Device\Harddisk0\DR0
19:10:01.0222 0624 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
19:10:01.0222 0624 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
19:10:01.0269 0624 Boot (0x1200) (1ee21c7b77ed91c9058aeb55e9ecf476) \Device\Harddisk0\DR0\Partition0
19:10:01.0284 0624 \Device\Harddisk0\DR0\Partition0 - ok
19:10:01.0300 0624 Boot (0x1200) (8fe53148daf8727d76a884b26cd7fcc9) \Device\Harddisk0\DR0\Partition1
19:10:01.0300 0624 \Device\Harddisk0\DR0\Partition1 - ok
19:10:01.0331 0624 Boot (0x1200) (06d24fdd054d6596a2e2ce690049e3a2) \Device\Harddisk0\DR0\Partition2
19:10:01.0331 0624 \Device\Harddisk0\DR0\Partition2 - ok
19:10:01.0347 0624 Boot (0x1200) (2c3909372ade9ceed3dab637b90e161b) \Device\Harddisk0\DR0\Partition3
19:10:01.0347 0624 \Device\Harddisk0\DR0\Partition3 - ok
19:10:01.0347 0624 ============================================================
19:10:01.0347 0624 Scan finished
19:10:01.0347 0624 ============================================================
19:10:01.0362 1520 Detected object count: 1
19:10:01.0362 1520 Actual detected object count: 1
19:10:12.0875 1520 \Device\Harddisk0\DR0 - processing error
19:59:26.0898 1520 \Device\Harddisk0\DR0 - will be restored on reboot
19:59:26.0898 1520 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore

markusg 26.01.2012 20:04
scheint nicht geklappt zu haben, scanne noch mal damit wir sehen ob ich mit meiner vermutung richtig liege

nu3nn 26.01.2012 20:09
jetzt wird nichts mehr gemeldet.. hier der Report:

20:08:21.0192 1420 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
20:08:21.0675 1420 ============================================================
20:08:21.0675 1420 Current date / time: 2012/01/26 20:08:21.0675
20:08:21.0675 1420 SystemInfo:
20:08:21.0675 1420
20:08:21.0675 1420 OS Version: 6.1.7600 ServicePack: 0.0
20:08:21.0675 1420 Product type: Workstation
20:08:21.0675 1420 ComputerName: BERNDT-HP
20:08:21.0675 1420 UserName: Berndt
20:08:21.0675 1420 Windows directory: C:\windows
20:08:21.0675 1420 System windows directory: C:\windows
20:08:21.0675 1420 Running under WOW64
20:08:21.0675 1420 Processor architecture: Intel x64
20:08:21.0675 1420 Number of processors: 2
20:08:21.0675 1420 Page size: 0x1000
20:08:21.0675 1420 Boot type: Safe boot with network
20:08:21.0675 1420 ============================================================
20:08:22.0564 1420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:08:22.0642 1420 Initialize success
20:08:27.0244 0776 ============================================================
20:08:27.0244 0776 Scan started
20:08:27.0244 0776 Mode: Manual; SigCheck; TDLFS;
20:08:27.0244 0776 ============================================================
20:08:28.0102 0776 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
20:08:28.0383 0776 1394ohci - ok
20:08:28.0492 0776 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:08:28.0508 0776 ACPI - ok
20:08:28.0539 0776 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:08:28.0617 0776 AcpiPmi - ok
20:08:28.0758 0776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:08:28.0773 0776 adp94xx - ok
20:08:28.0867 0776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:08:28.0882 0776 adpahci - ok
20:08:28.0929 0776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:08:28.0929 0776 adpu320 - ok
20:08:29.0054 0776 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
20:08:29.0132 0776 AFD - ok
20:08:29.0241 0776 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
20:08:29.0304 0776 AgereSoftModem - ok
20:08:29.0382 0776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:08:29.0397 0776 agp440 - ok
20:08:29.0475 0776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:08:29.0475 0776 aliide - ok
20:08:29.0538 0776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:08:29.0553 0776 amdide - ok
20:08:29.0584 0776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:08:29.0616 0776 AmdK8 - ok
20:08:29.0709 0776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:08:29.0740 0776 AmdPPM - ok
20:08:29.0803 0776 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:08:29.0803 0776 amdsata - ok
20:08:29.0881 0776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:08:29.0896 0776 amdsbs - ok
20:08:29.0943 0776 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:08:29.0959 0776 amdxata - ok
20:08:30.0068 0776 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:08:30.0146 0776 AppID - ok
20:08:30.0271 0776 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:08:30.0286 0776 arc - ok
20:08:30.0302 0776 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:08:30.0318 0776 arcsas - ok
20:08:30.0349 0776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:08:30.0474 0776 AsyncMac - ok
20:08:30.0598 0776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:08:30.0614 0776 atapi - ok
20:08:30.0676 0776 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
20:08:30.0895 0776 avgntflt - ok
20:08:30.0973 0776 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
20:08:30.0988 0776 avipbb - ok
20:08:31.0051 0776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:08:31.0098 0776 b06bdrv - ok
20:08:31.0191 0776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:08:31.0222 0776 b57nd60a - ok
20:08:31.0269 0776 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:08:31.0316 0776 Beep - ok
20:08:31.0472 0776 BHDrvx64 (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
20:08:31.0503 0776 BHDrvx64 - ok
20:08:31.0597 0776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:08:31.0612 0776 blbdrive - ok
20:08:31.0722 0776 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:08:31.0784 0776 bowser - ok
20:08:31.0878 0776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:08:31.0924 0776 BrFiltLo - ok
20:08:31.0940 0776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:08:31.0956 0776 BrFiltUp - ok
20:08:32.0065 0776 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:08:32.0127 0776 BridgeMP - ok
20:08:32.0158 0776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:08:32.0190 0776 Brserid - ok
20:08:32.0283 0776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:08:32.0314 0776 BrSerWdm - ok
20:08:32.0408 0776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:08:32.0455 0776 BrUsbMdm - ok
20:08:32.0486 0776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:08:32.0502 0776 BrUsbSer - ok
20:08:32.0595 0776 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:08:32.0642 0776 BthEnum - ok
20:08:32.0751 0776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:08:32.0767 0776 BTHMODEM - ok
20:08:32.0798 0776 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:08:32.0829 0776 BthPan - ok
20:08:32.0907 0776 BTHPORT (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
20:08:32.0970 0776 BTHPORT - ok
20:08:33.0063 0776 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
20:08:33.0094 0776 BTHUSB - ok
20:08:33.0141 0776 BTMCOM (e588420b950dac5ac397f76660bce520) C:\windows\system32\Drivers\btmcom.sys
20:08:33.0172 0776 BTMCOM - ok
20:08:33.0344 0776 BTMUSB (d1bcd0e189378f81e3fe57783684b3da) C:\windows\system32\Drivers\btmusb.sys
20:08:33.0422 0776 BTMUSB - ok
20:08:33.0453 0776 catchme - ok
20:08:33.0547 0776 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:08:33.0609 0776 cdfs - ok
20:08:33.0672 0776 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:08:33.0703 0776 cdrom - ok
20:08:33.0812 0776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:08:33.0828 0776 circlass - ok
20:08:33.0874 0776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:08:33.0890 0776 CLFS - ok
20:08:34.0015 0776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:08:34.0030 0776 CmBatt - ok
20:08:34.0062 0776 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:08:34.0077 0776 cmdide - ok
20:08:34.0108 0776 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
20:08:34.0171 0776 CNG - ok
20:08:34.0280 0776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:08:34.0280 0776 Compbatt - ok
20:08:34.0311 0776 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:08:34.0311 0776 CompositeBus - ok
20:08:34.0342 0776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:08:34.0358 0776 crcdisk - ok
20:08:34.0467 0776 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:08:34.0498 0776 DfsC - ok
20:08:34.0545 0776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:08:34.0576 0776 discache - ok
20:08:34.0670 0776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:08:34.0686 0776 Disk - ok
20:08:34.0732 0776 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:08:34.0748 0776 drmkaud - ok
20:08:34.0857 0776 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
20:08:34.0888 0776 DXGKrnl - ok
20:08:35.0044 0776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:08:35.0122 0776 ebdrv - ok
20:08:35.0185 0776 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:08:35.0216 0776 eeCtrl - ok
20:08:35.0310 0776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:08:35.0325 0776 elxstor - ok
20:08:35.0419 0776 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:08:35.0419 0776 EraserUtilRebootDrv - ok
20:08:35.0497 0776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:08:35.0528 0776 ErrDev - ok
20:08:35.0606 0776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:08:35.0637 0776 exfat - ok
20:08:35.0700 0776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:08:35.0746 0776 fastfat - ok
20:08:35.0778 0776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:08:35.0809 0776 fdc - ok
20:08:35.0902 0776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:08:35.0902 0776 FileInfo - ok
20:08:35.0934 0776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:08:36.0012 0776 Filetrace - ok
20:08:36.0105 0776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:08:36.0121 0776 flpydisk - ok
20:08:36.0168 0776 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:08:36.0183 0776 FltMgr - ok
20:08:36.0261 0776 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:08:36.0277 0776 FsDepends - ok
20:08:36.0292 0776 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:08:36.0292 0776 Fs_Rec - ok
20:08:36.0386 0776 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:08:36.0402 0776 fvevol - ok
20:08:36.0464 0776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:08:36.0480 0776 gagp30kx - ok
20:08:36.0495 0776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:08:36.0526 0776 hcw85cir - ok
20:08:36.0620 0776 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:08:36.0651 0776 HdAudAddService - ok
20:08:36.0698 0776 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:08:36.0729 0776 HDAudBus - ok
20:08:36.0807 0776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:08:36.0823 0776 HidBatt - ok
20:08:36.0854 0776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:08:36.0885 0776 HidBth - ok
20:08:36.0948 0776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:08:36.0979 0776 HidIr - ok
20:08:37.0041 0776 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:08:37.0088 0776 HidUsb - ok
20:08:37.0260 0776 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
20:08:37.0275 0776 HpqKbFiltr - ok
20:08:37.0322 0776 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:08:37.0338 0776 HpSAMD - ok
20:08:37.0447 0776 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:08:37.0494 0776 HTTP - ok
20:08:37.0572 0776 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:08:37.0587 0776 hwpolicy - ok
20:08:37.0634 0776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:08:37.0650 0776 i8042prt - ok
20:08:37.0728 0776 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
20:08:37.0743 0776 iaStor - ok
20:08:37.0884 0776 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:08:37.0899 0776 iaStorV - ok
20:08:38.0008 0776 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
20:08:38.0024 0776 IDSVia64 - ok
20:08:38.0274 0776 igfx (7467ae8f96ea983423148c62458669fa) C:\windows\system32\DRIVERS\igdkmd64.sys
20:08:38.0508 0776 igfx - ok
20:08:38.0586 0776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:08:38.0601 0776 iirsp - ok
20:08:38.0648 0776 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\windows\system32\drivers\IntcHdmi.sys
20:08:38.0695 0776 IntcHdmiAddService - ok
20:08:38.0788 0776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:08:38.0804 0776 intelide - ok
20:08:38.0835 0776 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:08:38.0866 0776 intelppm - ok
20:08:38.0960 0776 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:08:38.0991 0776 IpFilterDriver - ok
20:08:39.0038 0776 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:08:39.0069 0776 IPMIDRV - ok
20:08:39.0163 0776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:08:39.0210 0776 IPNAT - ok
20:08:39.0241 0776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:08:39.0272 0776 IRENUM - ok
20:08:39.0350 0776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:08:39.0366 0776 isapnp - ok
20:08:39.0381 0776 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:08:39.0397 0776 iScsiPrt - ok
20:08:39.0428 0776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:08:39.0444 0776 kbdclass - ok
20:08:39.0537 0776 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:08:39.0568 0776 kbdhid - ok
20:08:39.0584 0776 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
20:08:39.0600 0776 KSecDD - ok
20:08:39.0693 0776 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
20:08:39.0709 0776 KSecPkg - ok
20:08:39.0740 0776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:08:39.0787 0776 ksthunk - ok
20:08:39.0912 0776 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:08:39.0958 0776 lltdio - ok
20:08:40.0021 0776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:08:40.0021 0776 LSI_FC - ok
20:08:40.0099 0776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:08:40.0114 0776 LSI_SAS - ok
20:08:40.0130 0776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:08:40.0130 0776 LSI_SAS2 - ok
20:08:40.0177 0776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:08:40.0177 0776 LSI_SCSI - ok
20:08:40.0224 0776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:08:40.0270 0776 luafv - ok
20:08:40.0348 0776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:08:40.0364 0776 megasas - ok
20:08:40.0380 0776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:08:40.0395 0776 MegaSR - ok
20:08:40.0442 0776 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:08:40.0473 0776 Modem - ok
20:08:40.0567 0776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:08:40.0598 0776 monitor - ok
20:08:40.0629 0776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:08:40.0629 0776 mouclass - ok
20:08:40.0723 0776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:08:40.0754 0776 mouhid - ok
20:08:40.0785 0776 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:08:40.0785 0776 mountmgr - ok
20:08:40.0816 0776 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:08:40.0832 0776 mpio - ok
20:08:40.0910 0776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:08:40.0957 0776 mpsdrv - ok
20:08:40.0988 0776 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:08:41.0019 0776 MRxDAV - ok
20:08:41.0097 0776 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:08:41.0144 0776 mrxsmb - ok
20:08:41.0175 0776 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:08:41.0206 0776 mrxsmb10 - ok
20:08:41.0284 0776 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:08:41.0316 0776 mrxsmb20 - ok
20:08:41.0362 0776 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\drivers\msahci.sys
20:08:41.0378 0776 msahci - ok
20:08:41.0456 0776 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:08:41.0472 0776 msdsm - ok
20:08:41.0518 0776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:08:41.0565 0776 Msfs - ok
20:08:41.0643 0776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:08:41.0690 0776 mshidkmdf - ok
20:08:41.0721 0776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:08:41.0721 0776 msisadrv - ok
20:08:41.0830 0776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:08:41.0877 0776 MSKSSRV - ok
20:08:41.0877 0776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:08:41.0924 0776 MSPCLOCK - ok
20:08:42.0033 0776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:08:42.0080 0776 MSPQM - ok
20:08:42.0096 0776 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:08:42.0111 0776 MsRPC - ok
20:08:42.0142 0776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:08:42.0142 0776 mssmbios - ok
20:08:42.0236 0776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:08:42.0283 0776 MSTEE - ok
20:08:42.0298 0776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:08:42.0330 0776 MTConfig - ok
20:08:42.0408 0776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:08:42.0423 0776 Mup - ok
20:08:42.0454 0776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:08:42.0486 0776 NativeWifiP - ok
20:08:42.0610 0776 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
20:08:42.0610 0776 NAVENG - ok
20:08:42.0657 0776 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
20:08:42.0704 0776 NAVEX15 - ok
20:08:42.0813 0776 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:08:42.0829 0776 NDIS - ok
20:08:42.0922 0776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:08:42.0954 0776 NdisCap - ok
20:08:42.0985 0776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:08:43.0016 0776 NdisTapi - ok
20:08:43.0125 0776 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:08:43.0172 0776 Ndisuio - ok
20:08:43.0188 0776 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:08:43.0234 0776 NdisWan - ok
20:08:43.0328 0776 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:08:43.0375 0776 NDProxy - ok
20:08:43.0406 0776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:08:43.0437 0776 NetBIOS - ok
20:08:43.0531 0776 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:08:43.0578 0776 NetBT - ok
20:08:43.0718 0776 netr28x (b964d4c524a80aba22db16fc1eded0a9) C:\windows\system32\DRIVERS\netr28x.sys
20:08:43.0734 0776 netr28x - ok
20:08:43.0827 0776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:08:43.0843 0776 nfrd960 - ok
20:08:43.0968 0776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:08:44.0014 0776 Npfs - ok
20:08:44.0046 0776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:08:44.0077 0776 nsiproxy - ok
20:08:44.0155 0776 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:08:44.0186 0776 Ntfs - ok
20:08:44.0248 0776 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:08:44.0280 0776 Null - ok
20:08:44.0326 0776 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:08:44.0326 0776 nvraid - ok
20:08:44.0373 0776 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:08:44.0373 0776 nvstor - ok
20:08:44.0467 0776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:08:44.0482 0776 nv_agp - ok
20:08:44.0514 0776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:08:44.0545 0776 ohci1394 - ok
20:08:44.0654 0776 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:08:44.0654 0776 Parport - ok
20:08:44.0685 0776 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:08:44.0701 0776 partmgr - ok
20:08:44.0716 0776 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
20:08:44.0732 0776 pci - ok
20:08:44.0826 0776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:08:44.0826 0776 pciide - ok
20:08:44.0857 0776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:08:44.0872 0776 pcmcia - ok
20:08:44.0904 0776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:08:44.0919 0776 pcw - ok
20:08:45.0013 0776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:08:45.0075 0776 PEAUTH - ok
20:08:45.0184 0776 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:08:45.0247 0776 PptpMiniport - ok
20:08:45.0278 0776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:08:45.0309 0776 Processor - ok
20:08:45.0418 0776 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:08:45.0465 0776 Psched - ok
20:08:45.0512 0776 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:08:45.0528 0776 PxHlpa64 - ok
20:08:45.0652 0776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:08:45.0684 0776 ql2300 - ok
20:08:45.0808 0776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:08:45.0808 0776 ql40xx - ok
20:08:45.0840 0776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:08:45.0871 0776 QWAVEdrv - ok
20:08:45.0949 0776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:08:45.0996 0776 RasAcd - ok
20:08:46.0027 0776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:08:46.0074 0776 RasAgileVpn - ok
20:08:46.0152 0776 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:08:46.0183 0776 Rasl2tp - ok
20:08:46.0230 0776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:08:46.0276 0776 RasPppoe - ok
20:08:46.0354 0776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:08:46.0401 0776 RasSstp - ok
20:08:46.0432 0776 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:08:46.0479 0776 rdbss - ok
20:08:46.0510 0776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:08:46.0526 0776 rdpbus - ok
20:08:46.0604 0776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:08:46.0651 0776 RDPCDD - ok
20:08:46.0666 0776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:08:46.0713 0776 RDPENCDD - ok
20:08:46.0729 0776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:08:46.0760 0776 RDPREFMP - ok
20:08:46.0838 0776 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:08:46.0885 0776 RDPWD - ok
20:08:46.0916 0776 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
20:08:46.0932 0776 rdyboost - ok
20:08:47.0025 0776 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:08:47.0056 0776 RFCOMM - ok
20:08:47.0103 0776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:08:47.0150 0776 rspndr - ok
20:08:47.0228 0776 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
20:08:47.0244 0776 RTL8167 - ok
20:08:47.0275 0776 rtsuvc (73157d4a4f6da18c5148e47cb958af58) C:\windows\system32\DRIVERS\rtsuvc.sys
20:08:47.0306 0776 rtsuvc - ok
20:08:47.0415 0776 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:08:47.0431 0776 sbp2port - ok
20:08:47.0462 0776 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:08:47.0509 0776 scfilter - ok
20:08:47.0587 0776 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
20:08:47.0618 0776 sdbus - ok
20:08:47.0665 0776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:08:47.0712 0776 secdrv - ok
20:08:47.0790 0776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:08:47.0805 0776 Serenum - ok
20:08:47.0836 0776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:08:47.0868 0776 Serial - ok
20:08:47.0883 0776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:08:47.0899 0776 sermouse - ok
20:08:47.0992 0776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:08:48.0039 0776 sffdisk - ok
20:08:48.0055 0776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:08:48.0055 0776 sffp_mmc - ok
20:08:48.0133 0776 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:08:48.0164 0776 sffp_sd - ok
20:08:48.0180 0776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:08:48.0195 0776 sfloppy - ok
20:08:48.0211 0776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:08:48.0226 0776 SiSRaid2 - ok
20:08:48.0304 0776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:08:48.0320 0776 SiSRaid4 - ok
20:08:48.0351 0776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:08:48.0398 0776 Smb - ok
20:08:48.0476 0776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:08:48.0492 0776 spldr - ok
20:08:48.0570 0776 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
20:08:48.0585 0776 SRTSP - ok
20:08:48.0694 0776 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
20:08:48.0694 0776 SRTSPX - ok
20:08:48.0726 0776 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:08:48.0772 0776 srv - ok
20:08:48.0850 0776 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:08:48.0866 0776 srv2 - ok
20:08:48.0882 0776 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:08:48.0913 0776 srvnet - ok
20:08:49.0053 0776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:08:49.0069 0776 stexstor - ok
20:08:49.0116 0776 STHDA (96df19a03d37f8568141612d31f0d035) C:\windows\system32\DRIVERS\stwrt64.sys
20:08:49.0162 0776 STHDA - ok
20:08:49.0256 0776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:08:49.0256 0776 swenum - ok
20:08:49.0334 0776 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
20:08:49.0350 0776 SymDS - ok
20:08:49.0459 0776 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
20:08:49.0490 0776 SymEFA - ok
20:08:49.0584 0776 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:08:49.0584 0776 SymEvent - ok
20:08:49.0662 0776 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
20:08:49.0662 0776 SymIRON - ok
20:08:49.0771 0776 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
20:08:49.0786 0776 SymNetS - ok
20:08:49.0880 0776 SynTP (be2b928de9af2848289db7a54c7e2398) C:\windows\system32\DRIVERS\SynTP.sys
20:08:49.0896 0776 SynTP - ok
20:08:49.0974 0776 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
20:08:50.0020 0776 Tcpip - ok
20:08:50.0145 0776 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
20:08:50.0176 0776 TCPIP6 - ok
20:08:50.0254 0776 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:08:50.0301 0776 tcpipreg - ok
20:08:50.0332 0776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:08:50.0379 0776 TDPIPE - ok
20:08:50.0395 0776 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:08:50.0426 0776 TDTCP - ok
20:08:50.0504 0776 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:08:50.0551 0776 tdx - ok
20:08:50.0582 0776 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:08:50.0582 0776 TermDD - ok
20:08:50.0660 0776 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
20:08:50.0676 0776 TPM - ok
20:08:50.0707 0776 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:08:50.0754 0776 tssecsrv - ok
20:08:50.0863 0776 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:08:50.0894 0776 tunnel - ok
20:08:50.0925 0776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:08:50.0925 0776 uagp35 - ok
20:08:50.0988 0776 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\windows\system32\DRIVERS\udfs.sys
20:08:51.0019 0776 udfs - ok
20:08:51.0112 0776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:08:51.0128 0776 uliagpkx - ok
20:08:51.0144 0776 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:08:51.0159 0776 umbus - ok
20:08:51.0175 0776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:08:51.0190 0776 UmPass - ok
20:08:51.0284 0776 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
20:08:51.0315 0776 usbaudio - ok
20:08:51.0346 0776 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:08:51.0362 0776 usbccgp - ok
20:08:51.0456 0776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:08:51.0487 0776 usbcir - ok
20:08:51.0518 0776 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
20:08:51.0549 0776 usbehci - ok
20:08:51.0643 0776 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:08:51.0658 0776 usbhub - ok
20:08:51.0690 0776 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:08:51.0705 0776 usbohci - ok
20:08:51.0768 0776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:08:51.0783 0776 usbprint - ok
20:08:51.0830 0776 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:08:51.0861 0776 usbscan - ok
20:08:51.0908 0776 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:08:51.0955 0776 USBSTOR - ok
20:08:52.0002 0776 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
20:08:52.0033 0776 usbuhci - ok
20:08:52.0080 0776 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
20:08:52.0111 0776 usbvideo - ok
20:08:52.0189 0776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:08:52.0204 0776 vdrvroot - ok
20:08:52.0251 0776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:08:52.0267 0776 vga - ok
20:08:52.0282 0776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:08:52.0329 0776 VgaSave - ok
20:08:52.0407 0776 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:08:52.0423 0776 vhdmp - ok
20:08:52.0485 0776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:08:52.0501 0776 viaide - ok
20:08:52.0532 0776 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:08:52.0532 0776 volmgr - ok
20:08:52.0610 0776 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:08:52.0626 0776 volmgrx - ok
20:08:52.0657 0776 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:08:52.0672 0776 volsnap - ok
20:08:52.0766 0776 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\windows\system32\DRIVERS\vpnva64.sys
20:08:52.0766 0776 vpnva - ok
20:08:52.0828 0776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:08:52.0828 0776 vsmraid - ok
20:08:52.0860 0776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:08:52.0875 0776 vwifibus - ok
20:08:52.0953 0776 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:08:52.0969 0776 vwififlt - ok
20:08:53.0031 0776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:08:53.0062 0776 WacomPen - ok
20:08:53.0125 0776 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:08:53.0172 0776 WANARP - ok
20:08:53.0187 0776 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:08:53.0218 0776 Wanarpv6 - ok
20:08:53.0265 0776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:08:53.0281 0776 Wd - ok
20:08:53.0359 0776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:08:53.0374 0776 Wdf01000 - ok
20:08:53.0484 0776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:08:53.0515 0776 WfpLwf - ok
20:08:53.0530 0776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:08:53.0546 0776 WIMMount - ok
20:08:53.0671 0776 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUsb.sys
20:08:53.0702 0776 WinUsb - ok
20:08:53.0733 0776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:08:53.0749 0776 WmiAcpi - ok
20:08:53.0842 0776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:08:53.0889 0776 ws2ifsl - ok
20:08:53.0936 0776 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:08:53.0983 0776 WudfPf - ok
20:08:54.0014 0776 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:08:54.0061 0776 WUDFRd - ok
20:08:54.0108 0776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:08:54.0310 0776 \Device\Harddisk0\DR0 - ok
20:08:54.0310 0776 Boot (0x1200) (1ee21c7b77ed91c9058aeb55e9ecf476) \Device\Harddisk0\DR0\Partition0
20:08:54.0310 0776 \Device\Harddisk0\DR0\Partition0 - ok
20:08:54.0342 0776 Boot (0x1200) (8fe53148daf8727d76a884b26cd7fcc9) \Device\Harddisk0\DR0\Partition1
20:08:54.0342 0776 \Device\Harddisk0\DR0\Partition1 - ok
20:08:54.0373 0776 Boot (0x1200) (06d24fdd054d6596a2e2ce690049e3a2) \Device\Harddisk0\DR0\Partition2
20:08:54.0373 0776 \Device\Harddisk0\DR0\Partition2 - ok
20:08:54.0388 0776 Boot (0x1200) (2c3909372ade9ceed3dab637b90e161b) \Device\Harddisk0\DR0\Partition3
20:08:54.0388 0776 \Device\Harddisk0\DR0\Partition3 - ok
20:08:54.0388 0776 ============================================================
20:08:54.0388 0776 Scan finished
20:08:54.0388 0776 ============================================================
20:08:54.0420 0724 Detected object count: 0
20:08:54.0420 0724 Actual detected object count: 0

markusg 26.01.2012 20:15
ok, jetzt könnaok, jetzt können wir gefahrlos formatieren bzw daten sichern.
von wo sollst du das iso laden? vom hersteller?
dann mach das mal und ich erkläre dir wie du es brennst falls nötig :-)

nu3nn 26.01.2012 20:25
ja, über folgenden link.. wird jedenfalls in mehreren Onlineforen bei vorhandenem Key (bei mir ja der Fall) empfohlen

Windows 7 – Home Premium und Professional Direkt Download Links

bzw. der Host

hxxp://msft-dnl.digitalrivercontent.net/msvista/pub/X15-65741/X15-65741.iso

also ist es sicher, wenn ich im abgesicherten Modus Windows (vom oben genannten Link) downloade?

markusg 26.01.2012 20:29
idial wäre es von nem andern pc aus, aber wenn es nicht anders geht lade es von diesem.

nu3nn 26.01.2012 20:45
Okay, noch eine letzte Sache. Der verseuchte Rechner war nie Online. Ich habe die downloads der Scanprogramme, die du mir empfohlen hast, auf nem anderen Rechner gemacht, und dann mit nem USB Stick auf den verseuchten Rechner kopiert, die entprechenden Logs dann wieder auf den USB stick, um sie zu posten. Bei der Datei, die beim MBR Check ensteht (die auch auf dem USB stick ist) wurde beim Anschließen des Sticks dann auf dem anderen Rechner auch dieser BOO... Trojaner von AVira gemeldet. Habe den Stick sofort entfernt. Kann ich den USB stick wegwerfen, bzw ist dieser jetzt auch verseucht? Immerhin meldet der andere PC nichts... Ich hoffe du kannst mir folgen..

markusg 26.01.2012 21:39
nein, die datei in dem gesicherten zustand ist ungefährlich, sie enthält zwar malware code aber dieser kann nichts anrichten, einfach datei löschen und gut ist :-)

nu3nn 26.01.2012 21:58
alles klar, danke!!

die .iso (zip datei) des betriebssystems ist heruntergeladen.. ich bin im abgesicherten modus.. wie soll ich weiter vorgehen? würde gerne, wie bereits gesagt, einige Dateien (Ordner) sichern..

markusg 27.01.2012 12:15
brenne es mit ISOBurner auf eine CD.
ISO Burner Download - ISO Burner 2.5
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
einfach doppelklick aufs iso, dann wird isoburner geöffnet und die cd gebrannt, stelle es sicherheitshalber auf die langsamste geschwindigkeit.
danach sichern wir daten :-)

nu3nn 27.01.2012 13:48
Ich habe den PC gerade gestartet (nicht im abgesicherten Modus) und Avira meldet wieder Malware (BOO.TD..) Ist das normal? gestern wurde doch beim Scannen kein Virus mehr gemeldet..

Habe die iso gebrannt..

markusg 27.01.2012 15:49
woher soll ich denn wissen wo avira was findet wenn du es mir nicht genau sagst mit fundmeldung...?
wie gesagt, idial wäre es von nem andern pc aus zu brennen und den hier nur noch anzuschalten wenn daten zu sichern sind.

nu3nn 28.01.2012 13:33
Ja tut mir leid, es hat sich wieder nur um die Datei gehandelt, die beim MBR Check entsteht.. hab sie jetzt, wie von dir empfholen, gelöscht. Ich glaube, wir können jetzt mit dem Daten sichern beginnen. Habe eine Windows DVD zur Hand.

markusg 28.01.2012 15:58
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
deaktiviere autorun, dann sichere auf nen externen datenträger, bilder dokumente musik vidios

nu3nn 29.01.2012 20:35
Habe die Daten gesichert! was wäre der nächste Schritt?

markusg 30.01.2012 13:20
das iso ist gebrannt mit isoburner?
dann starte mal neu, drücke f12 um ins boot menü zu gelangen, dort das dvd bzw cd laufwerk wählen.
dann benutzerdefiniert, dann gehe bis zur partitionsauswahl, dann bitte optionen, dann formatieren.
wenn daten bei der instalation nach windows.old verschoben werden sollen, abbrechen, du hast nicht formatiert.
danach:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware

und du kannst vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html
sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
https://www.google.com/chrome?hl=de
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://filepony.de/download-sandboxie/
anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

nu3nn 30.01.2012 13:55
Ja, ist mit iso burner gebrannt, unter Benutzerdefiniert erscheinen 4 Partitionen: 1.System (300 MB), 2.leer (448,5 GB), 3.HP_Recovery(15GB), 4.HP_Tools (2GB). dann wahrscheinlich die 2. formatieren, oder?

markusg 30.01.2012 15:59
ja, die zweite wirds sein :-)

nu3nn 30.01.2012 19:18
Alles klar, das ist wirklich viel, ich werd mich aber durcharbeiten.
Zur Antivirussoftware: ich werde Avast nehmen..
Ich habe aber ein Problem. Seit der Neuinstallation von Windows 7 werden keine W-Lan Verbindungen mehr angezeigt. Zudem gibt es eine Taste, mit der ich Bluetooth/WLAN aktivieren(leuchtet blau)/deaktivieren(leuchtet rot) kann. Das Aktivieren funktioniert jetzt nicht mehr, die Taste leuchtet trotz drücken rot. Mein Rechner ist von HP. Muss ich evtl. den passenden Treiber herunterladen? wenn ja, wie finde ich den?

markusg 30.01.2012 19:30
hi, wenn du banking machst bzw einkäufe oder sonst was wichtiges, würde ich die 20 € im jahr für emsisoft investieren, bietet einfach noch mal wesendlich besseren schutz.
kannst du mir noch mal die rechner bezeichnung sagen, finde sie grad nicht.

nu3nn 30.01.2012 19:40
steht auf der rückseite des notebook

HP 620 Notebook PC
Serial: 5CG1100NVP
Product: XN574EA#ABD

kannst damit was anfangen?

Ich habe jetzt noch den HP wireless assistant installiert, der mir auch anzeigt dass der Drahtlosadapter nicht an ist. Im Windows-Mobilitätscenter steht auch "Drahtlosadapter ausgeschaltet" und der "Einschalten" Button kann nicht betätigt werden..

markusg 30.01.2012 20:44
hast du das wlan vllt deaktiviert? die meisten geräte haben doch einen schalter dafür.

nu3nn 30.01.2012 20:49
ja, so einen habe ich, aber wie gesagt, Wlan lässt sich dadurch ja nicht aktivieren. Es wird als Deaktiviert angezeigt und ich finde keine Möglichkeit, es zu aktivieren.

nu3nn 30.01.2012 20:56
OK, Problem behoben, es lag am Treiber, der nicht vorhanden war!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55