Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Fehlermeldung 15mal ale 5 min: Delayed Write Filed (https://www.trojaner-board.de/110435-fehlermeldung-15mal-ale-5-min-delayed-write-filed.html)

cosinus 05.03.2012 19:05
Zitat:
Scan Mode: Current user
Du solltest doch den Haken bei Scanne alle Benutzer setzen :(

ingamix 06.03.2012 14:45
Ups, überlesen. Nun kommt hier nochmal die OTL Logdatei, wo ich vorher den Haken nun richtig gesetzt habe:
OTL Logfile:
Code:
OTL logfile created on: 06.03.2012 11:49:53 - Run 5
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Inga\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,43% Memory free
8,16 Gb Paging File | 6,24 Gb Available in Paging File | 76,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,58 Gb Total Space | 336,14 Gb Free Space | 74,60% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,09 Gb Free Space | 33,91% Space Free | Partition Type: NTFS
 
Computer Name: INGA-PC | User Name: Inga | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Inga\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 3\WinSkinD7R.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 3\STFix.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 3\NtfsData.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe (Symantec Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\SYMEFA64.SYS ()
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NAVx64\1305000.091\SRTSP64.SYS ()
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\SRTSPX64.SYS ()
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NAVx64\1305000.091\SYMTDIV.SYS ()
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\Ironx64.SYS ()
DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccSetx64.sys ()
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\SYMDS64.SYS ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys ()
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys ()
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys ()
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys ()
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys ()
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys ()
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys ()
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys ()
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys ()
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120305.032\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120305.032\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120305.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys (Symantec Corporation)
DRV - (PCDSRVC{DF3A5B5B-128783DB-06000000}_0) -- c:\program files (x86)\dell support center\hwdiag\bin\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.ingadoformen.net/wp-admin/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Inga\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Inga\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Inga\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012.02.28 10:08:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.26 10:42:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.21 19:23:00 | 000,000,000 | ---D | M]
 
[2009.10.23 17:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inga\AppData\Roaming\mozilla\Extensions
[2012.02.26 10:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inga\AppData\Roaming\mozilla\Firefox\Profiles\tf1p0t3y.default\extensions
[2012.02.26 10:42:25 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Inga\AppData\Roaming\mozilla\Firefox\Profiles\tf1p0t3y.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011.07.29 19:18:20 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Inga\AppData\Roaming\mozilla\Firefox\Profiles\tf1p0t3y.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}(152)
[2012.02.15 16:42:25 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Inga\AppData\Roaming\mozilla\Firefox\Profiles\tf1p0t3y.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.08.31 10:25:08 | 000,000,917 | ---- | M] () -- C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\tf1p0t3y.default\searchplugins\conduit.xml
[2012.01.03 16:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.11 08:20:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\INGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TF1P0T3Y.DEFAULT\EXTENSIONS\{ACBE8C0E-43DF-4A61-A626-171D523E9353}.XPI
() (No name found) -- C:\USERS\INGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TF1P0T3Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.25 16:38:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.31 19:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.25 16:37:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.25 16:37:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.25 16:37:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.25 16:37:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.25 16:37:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.25 16:37:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79C545A5-85CD-473A-B46D-2900A585D7F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7F46BCF-BDFD-49A1-9CDE-63BC86F5C870}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Inga\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Inga\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Programme\Dell\QuickSet\quickset.exe - (Dell Inc.)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys ()
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys ()
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys ()
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys ()
SafeBootNet:64bit: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.03 19:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.29 17:02:59 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Inga\Desktop\OTL.exe
[2012.02.28 10:29:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1305000.091
[2012.02.27 16:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.02.27 10:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.02.27 10:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.02.27 10:08:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012.02.27 10:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012.02.27 10:08:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012.02.27 10:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.02.27 10:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.02.27 10:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.02.26 14:44:54 | 000,000,000 | ---D | C] -- C:\Users\Inga\Documents\wiederhergestellt
[2012.02.24 17:21:57 | 000,000,000 | ---D | C] -- C:\Users\Inga\AppData\Roaming\Malwarebytes
[2012.02.24 17:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.24 17:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.24 17:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.24 15:40:50 | 000,000,000 | ---D | C] -- C:\Users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2010.08.12 14:51:42 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Inga\AppData\Roaming\SetupGFD.exe
[2010.08.12 14:51:02 | 004,284,535 | ---- | C] (ffdshow                                                    ) -- C:\Users\Inga\AppData\Roaming\ffdshow.exe
[2010.08.12 14:50:58 | 000,642,685 | ---- | C] (Xvid team                                                  ) -- C:\Users\Inga\AppData\Roaming\xvid.exe
[2010.08.12 14:50:50 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Users\Inga\AppData\Roaming\Imgburn.exe
[2010.08.12 14:50:28 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Inga\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 11:10:41 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2012.03.06 11:10:01 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 11:10:01 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 11:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 11:09:40 | 4289,613,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.05 17:18:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.29 17:03:01 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Inga\Desktop\OTL.exe
[2012.02.28 15:52:29 | 002,861,245 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\Cat.DB
[2012.02.28 15:51:40 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\VT20111023.024
[2012.02.28 10:31:11 | 000,175,736 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.02.28 10:31:11 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.02.28 10:31:11 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.02.27 10:00:17 | 001,592,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.27 10:00:17 | 000,685,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.27 10:00:17 | 000,642,704 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.27 10:00:17 | 000,150,100 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.27 10:00:17 | 000,121,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.26 14:48:16 | 000,067,072 | ---- | M] () -- C:\Users\Inga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.25 13:10:46 | 000,000,456 | ---- | M] () -- C:\ProgramData\7hGadwEfWbivuz
[2012.02.25 13:09:05 | 000,000,304 | ---- | M] () -- C:\ProgramData\~7hGadwEfWbivuz
[2012.02.25 13:09:05 | 000,000,208 | ---- | M] () -- C:\ProgramData\~7hGadwEfWbivuzr
[2012.02.24 15:42:33 | 000,000,456 | ---- | M] () -- C:\ProgramData\TPIPcHJ0nncZ17
[2012.02.24 15:40:53 | 000,000,288 | ---- | M] () -- C:\ProgramData\~TPIPcHJ0nncZ17
[2012.02.24 15:40:53 | 000,000,184 | ---- | M] () -- C:\ProgramData\~TPIPcHJ0nncZ17r
[2012.02.06 11:35:07 | 843,486,000 | ---- | M] () -- C:\Users\Inga\Documents\Image.bin
[2012.02.06 11:35:07 | 000,001,096 | ---- | M] () -- C:\Users\Inga\Documents\Image.cue
 
========== Files Created - No Company Name ==========
 
[2012.02.28 15:51:40 | 002,861,245 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\Cat.DB
[2012.02.28 15:51:40 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\VT20111023.024
[2012.02.28 10:29:54 | 000,445,560 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symtdiv.sys
[2012.02.28 10:29:54 | 000,405,624 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnets.sys
[2012.02.28 10:29:54 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnetv64.cat
[2012.02.28 10:29:54 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnet64.cat
[2012.02.28 10:29:54 | 000,001,469 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnetv.inf
[2012.02.28 10:29:54 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symnet.inf
[2012.02.28 10:29:53 | 001,092,728 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symefa64.sys
[2012.02.28 10:29:53 | 000,738,936 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtsp64.sys
[2012.02.28 10:29:53 | 000,451,192 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symds64.sys
[2012.02.28 10:29:53 | 000,190,072 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ironx64.sys
[2012.02.28 10:29:53 | 000,167,048 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccsetx64.sys
[2012.02.28 10:29:53 | 000,037,496 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtspx64.sys
[2012.02.28 10:29:53 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symds64.cat
[2012.02.28 10:29:53 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtspx64.cat
[2012.02.28 10:29:53 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symefa64.cat
[2012.02.28 10:29:53 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtsp64.cat
[2012.02.28 10:29:53 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\iron.cat
[2012.02.28 10:29:53 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symefa.inf
[2012.02.28 10:29:53 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symds.inf
[2012.02.28 10:29:53 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtsp64.inf
[2012.02.28 10:29:53 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\srtspx64.inf
[2012.02.28 10:29:53 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\iron.inf
[2012.02.28 10:29:52 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccsetx64.cat
[2012.02.28 10:29:52 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\ccsetx64.inf
[2012.02.28 10:29:27 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\symvtcer.dat
[2012.02.28 10:29:27 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1305000.091\isolate.ini
[2012.02.27 10:10:39 | 000,175,736 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.02.27 10:10:39 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.02.27 10:10:39 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.02.25 13:09:05 | 000,000,208 | ---- | C] () -- C:\ProgramData\~7hGadwEfWbivuzr
[2012.02.25 13:09:04 | 000,000,304 | ---- | C] () -- C:\ProgramData\~7hGadwEfWbivuz
[2012.02.25 13:08:56 | 000,000,456 | ---- | C] () -- C:\ProgramData\7hGadwEfWbivuz
[2012.02.24 17:21:17 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.24 15:40:53 | 000,000,288 | ---- | C] () -- C:\ProgramData\~TPIPcHJ0nncZ17
[2012.02.24 15:40:53 | 000,000,184 | ---- | C] () -- C:\ProgramData\~TPIPcHJ0nncZ17r
[2012.02.24 15:40:46 | 000,000,456 | ---- | C] () -- C:\ProgramData\TPIPcHJ0nncZ17
[2012.02.06 11:35:07 | 000,001,096 | ---- | C] () -- C:\Users\Inga\Documents\Image.cue
[2012.02.06 11:24:19 | 843,486,000 | ---- | C] () -- C:\Users\Inga\Documents\Image.bin
[2011.05.25 13:27:17 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.05.25 13:26:50 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.01.08 16:05:07 | 001,449,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.22 19:51:35 | 000,000,732 | ---- | C] () -- C:\Users\Inga\AppData\Local\d3d9caps64.dat
[2010.08.12 14:52:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.08.12 14:51:14 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Inga\AppData\Roaming\AvsP.exe
[2010.06.27 09:45:08 | 000,203,145 | ---- | C] () -- C:\Windows\hpwins19.dat
[2010.04.16 08:15:13 | 000,202,998 | ---- | C] () -- C:\Windows\hpwins19.dat.temp
[2010.04.16 08:15:13 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp
 
========== LOP Check ==========
 
[2009.12.05 19:01:00 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Amazon
[2009.10.28 10:39:14 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\COWON
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\DATA BECKER Shared
[2009.10.23 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Facebook
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\FreeScreenToVideo
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\gtk-2.0
[2012.02.06 11:35:07 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\ImgBurn
[2011.10.12 08:15:27 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\IObit
[2011.03.24 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\kikin
[2011.05.25 13:31:46 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\MAGIX
[2009.10.29 15:27:07 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\OpenOffice.org
[2011.06.22 14:30:08 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Opera
[2012.02.26 10:42:26 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\ProtectDisc
[2011.09.30 16:23:21 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\TeamViewer
[2009.10.23 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Template
[2009.10.29 15:31:08 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Windows Live Writer
[2012.02.26 10:42:27 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\XMedia Recode
[2012.03.06 11:10:41 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2012.03.05 17:18:40 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.23 18:24:48 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Adobe
[2009.12.05 19:01:00 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Amazon
[2009.10.23 17:24:21 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\ATI
[2009.10.28 10:39:14 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\COWON
[2009.10.23 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Creative
[2009.10.23 21:51:33 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\CyberLink
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\DATA BECKER Shared
[2009.10.23 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009.10.23 17:26:03 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Dell
[2010.07.29 11:00:20 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\DivX
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Facebook
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\FreeScreenToVideo
[2012.02.26 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\gtk-2.0
[2010.02.26 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\HP
[2009.10.23 17:22:52 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Identities
[2012.02.06 11:35:07 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\ImgBurn
[2009.10.24 21:07:07 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\InstallShield
[2011.10.12 08:15:27 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\IObit
[2011.03.24 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\kikin
[2009.10.23 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Macromedia
[2011.05.25 13:31:46 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\MAGIX
[2012.02.24 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Media Center Programs
[2010.08.12 14:57:12 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Media Player Classic
[2011.03.22 20:40:17 | 000,000,000 | --SD | M] -- C:\Users\Inga\AppData\Roaming\Microsoft
[2009.10.23 17:43:07 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Mozilla
[2009.10.29 15:27:07 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\OpenOffice.org
[2011.06.22 14:30:08 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Opera
[2012.02.26 10:42:26 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\ProtectDisc
[2009.10.23 18:13:04 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Reallusion
[2009.10.28 11:34:38 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Roxio
[2012.02.26 10:42:27 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Skype
[2011.06.29 13:40:32 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\skypePM
[2011.09.30 16:23:21 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\TeamViewer
[2009.10.23 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Template
[2009.10.29 15:31:08 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\Windows Live Writer
[2012.02.26 10:42:27 | 000,000,000 | ---D | M] -- C:\Users\Inga\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2010.08.12 14:50:50 | 004,182,178 | ---- | M] (The Public) -- C:\Users\Inga\AppData\Roaming\Avisynth.exe
[2010.08.12 14:51:42 | 005,243,208 | ---- | M] (                                                            ) -- C:\Users\Inga\AppData\Roaming\AvsP.exe
[2009.12.10 21:54:15 | 008,653,312 | ---- | M] (Dell, Inc.                                                  ) -- C:\Users\Inga\AppData\Roaming\DataSafeDotNet.exe
[2010.08.12 14:51:13 | 004,284,535 | ---- | M] (ffdshow                                                    ) -- C:\Users\Inga\AppData\Roaming\ffdshow.exe
[2010.08.12 14:50:57 | 002,169,915 | ---- | M] (LIGHTNING UK!) -- C:\Users\Inga\AppData\Roaming\Imgburn.exe
[2010.08.12 14:51:59 | 007,760,687 | ---- | M] (Boraxsoft) -- C:\Users\Inga\AppData\Roaming\SetupGFD.exe
[2010.08.12 14:51:02 | 000,642,685 | ---- | M] (Xvid team                                                  ) -- C:\Users\Inga\AppData\Roaming\xvid.exe
[2011.09.30 18:48:21 | 000,650,576 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Users\Inga\AppData\Roaming\DATA BECKER Shared\DATA BECKER Update Service.exe
[2011.09.30 18:48:22 | 000,175,104 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Users\Inga\AppData\Roaming\DATA BECKER Shared\DBService.exe
[2010.03.08 15:09:25 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Inga\AppData\Roaming\Facebook\uninstall.exe
[2009.07.22 16:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\Inga\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe
[2011.09.30 18:20:39 | 000,059,043 | ---- | M] () -- C:\Users\Inga\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.21 15:57:48 | 006,078,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C

< End of report >
--- --- ---


Danke wieder, Inga

cosinus 06.03.2012 15:03
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
[2012.02.15 16:42:25 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Inga\AppData\Roaming\mozilla\Firefox\Profiles\tf1p0t3y.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.08.31 10:25:08 | 000,000,917 | ---- | M] () -- C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\tf1p0t3y.default\searchplugins\conduit.xml
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll File not found
O3 - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-3504157938-2375964975-2055701984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
[2012.02.25 13:10:46 | 000,000,456 | ---- | M] () -- C:\ProgramData\7hGadwEfWbivuz
[2012.02.25 13:09:05 | 000,000,304 | ---- | M] () -- C:\ProgramData\~7hGadwEfWbivuz
[2012.02.25 13:09:05 | 000,000,208 | ---- | M] () -- C:\ProgramData\~7hGadwEfWbivuzr
[2012.02.24 15:42:33 | 000,000,456 | ---- | M] () -- C:\ProgramData\TPIPcHJ0nncZ17
[2012.02.24 15:40:53 | 000,000,288 | ---- | M] () -- C:\ProgramData\~TPIPcHJ0nncZ17
[2012.02.24 15:40:53 | 000,000,184 | ---- | M] () -- C:\ProgramData\~TPIPcHJ0nncZ17r
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ingamix 07.03.2012 10:48
Hallo Arne,

habe den Fix bei OTL durchgeführt, und hier die Logdatei:
Code:
All processes killed
========== OTL ==========
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=723823" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Folder C:\Users\Inga\AppData\Roaming\mozilla\Firefox\Profiles\tf1p0t3y.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\tf1p0t3y.default\searchplugins\conduit.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}\ not found.
File C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry value HKEY_USERS\S-1-5-21-3504157938-2375964975-2055701984-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3504157938-2375964975-2055701984-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
File move failed. C:\Users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_USERS\S-1-5-21-3504157938-2375964975-2055701984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\AUTORUN.INF not found.
File C:\ProgramData\7hGadwEfWbivuz not found.
File C:\ProgramData\~7hGadwEfWbivuz not found.
File C:\ProgramData\~7hGadwEfWbivuzr not found.
File C:\ProgramData\TPIPcHJ0nncZ17 not found.
File C:\ProgramData\~TPIPcHJ0nncZ17 not found.
File C:\ProgramData\~TPIPcHJ0nncZ17r not found.
Unable to delete ADS C:\ProgramData\TEMP:6152D44C .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Inga
->Temp folder emptied: 32596 bytes
->Temporary Internet Files folder emptied: 33286 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6392509 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Mato
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1384 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 328 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 03072012_104054

Files\Folders moved on Reboot...
File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File\Folder C:\Users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQF9JQDS\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIGV68TF\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKFYY7WU\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EUUS8AD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\deployment.properties scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Grüße von Inga

cosinus 07.03.2012 12:09
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ingamix 08.03.2012 11:06
Hallo Arne

hier der Log nach dem scan mit TDSS Killer:
Code:
10:37:28.0555 3236        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
10:37:29.0007 3236        ============================================================
10:37:29.0007 3236        Current date / time: 2012/03/08 10:37:29.0007
10:37:29.0007 3236        SystemInfo:
10:37:29.0007 3236       
10:37:29.0007 3236        OS Version: 6.0.6001 ServicePack: 1.0
10:37:29.0007 3236        Product type: Workstation
10:37:29.0007 3236        ComputerName: INGA-PC
10:37:29.0007 3236        UserName: Inga
10:37:29.0007 3236        Windows directory: C:\Windows
10:37:29.0007 3236        System windows directory: C:\Windows
10:37:29.0007 3236        Running under WOW64
10:37:29.0007 3236        Processor architecture: Intel x64
10:37:29.0007 3236        Number of processors: 2
10:37:29.0007 3236        Page size: 0x1000
10:37:29.0007 3236        Boot type: Normal boot
10:37:29.0007 3236        ============================================================
10:37:31.0285 3236        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:37:31.0316 3236        \Device\Harddisk0\DR0:
10:37:31.0316 3236        MBR used
10:37:31.0316 3236        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5A800, BlocksNum 0x1E00000
10:37:31.0316 3236        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E5A800, BlocksNum 0x3852B000
10:37:31.0441 3236        Initialize success
10:37:31.0441 3236        ============================================================
10:56:13.0360 1400        ============================================================
10:56:13.0360 1400        Scan started
10:56:13.0360 1400        Mode: Manual;
10:56:13.0360 1400        ============================================================
10:56:14.0967 1400        acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
10:56:14.0967 1400        acedrv11 - ok
10:56:15.0030 1400        ACPI            (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
10:56:15.0123 1400        ACPI - ok
10:56:15.0357 1400        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:56:15.0388 1400        adp94xx - ok
10:56:15.0420 1400        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:56:15.0435 1400        adpahci - ok
10:56:15.0451 1400        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:56:15.0451 1400        adpu160m - ok
10:56:15.0482 1400        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:56:15.0482 1400        adpu320 - ok
10:56:15.0622 1400        AFD            (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
10:56:15.0654 1400        AFD - ok
10:56:15.0685 1400        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:56:15.0685 1400        agp440 - ok
10:56:15.0732 1400        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:56:15.0732 1400        aic78xx - ok
10:56:15.0751 1400        aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
10:56:15.0754 1400        aliide - ok
10:56:15.0791 1400        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:56:15.0794 1400        amdide - ok
10:56:15.0835 1400        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:56:15.0839 1400        AmdK8 - ok
10:56:15.0918 1400        ApfiltrService  (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:56:15.0926 1400        ApfiltrService - ok
10:56:15.0981 1400        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:56:15.0986 1400        arc - ok
10:56:16.0006 1400        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:56:16.0012 1400        arcsas - ok
10:56:16.0031 1400        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:16.0037 1400        AsyncMac - ok
10:56:16.0068 1400        atapi          (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
10:56:16.0070 1400        atapi - ok
10:56:16.0897 1400        atikmdag        (db96850170c9895d855463c207fbd4ad) C:\Windows\system32\DRIVERS\atikmdag.sys
10:56:17.0037 1400        atikmdag - ok
10:56:17.0333 1400        BHDrvx64        (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
10:56:17.0349 1400        BHDrvx64 - ok
10:56:17.0474 1400        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:56:17.0489 1400        blbdrive - ok
10:56:17.0833 1400        bowser          (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
10:56:17.0879 1400        bowser - ok
10:56:17.0957 1400        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:56:17.0957 1400        BrFiltLo - ok
10:56:17.0989 1400        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:56:17.0989 1400        BrFiltUp - ok
10:56:18.0035 1400        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:56:18.0051 1400        Brserid - ok
10:56:18.0067 1400        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:56:18.0067 1400        BrSerWdm - ok
10:56:18.0098 1400        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:56:18.0098 1400        BrUsbMdm - ok
10:56:18.0129 1400        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:56:18.0129 1400        BrUsbSer - ok
10:56:18.0191 1400        BthEnum        (12b275fd8ea054a719d024d7017eb932) C:\Windows\system32\DRIVERS\BthEnum.sys
10:56:18.0191 1400        BthEnum - ok
10:56:18.0223 1400        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:56:18.0238 1400        BTHMODEM - ok
10:56:18.0269 1400        BthPan          (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
10:56:18.0269 1400        BthPan - ok
10:56:18.0316 1400        BthPort        (516cdda5b7f6c6999db7eb7425337a19) C:\Windows\system32\Drivers\BTHport.sys
10:56:18.0332 1400        BthPort - ok
10:56:18.0363 1400        BTHUSB          (264cc52d69337ce5d12d13d71220b612) C:\Windows\system32\Drivers\BTHUSB.sys
10:56:18.0379 1400        BTHUSB - ok
10:56:18.0457 1400        btwaudio        (319c67f7d157eaac519dcc5f29e929d0) C:\Windows\system32\drivers\btwaudio.sys
10:56:18.0457 1400        btwaudio - ok
10:56:18.0472 1400        btwavdt        (0b79273c8c2846d28aab936e7a2dbaad) C:\Windows\system32\drivers\btwavdt.sys
10:56:18.0472 1400        btwavdt - ok
10:56:18.0503 1400        btwl2cap        (fda1b5124e07003c3d0d279e5050485e) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:56:18.0519 1400        btwl2cap - ok
10:56:18.0535 1400        btwrchid        (47216d8b5f4042e6d0736bfa2e57b5df) C:\Windows\system32\DRIVERS\btwrchid.sys
10:56:18.0535 1400        btwrchid - ok
10:56:18.0706 1400        ccSet_NAV      (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys
10:56:18.0722 1400        ccSet_NAV - ok
10:56:18.0831 1400        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:56:18.0831 1400        cdfs - ok
10:56:18.0862 1400        cdrom          (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
10:56:18.0862 1400        cdrom - ok
10:56:18.0878 1400        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:56:18.0893 1400        circlass - ok
10:56:18.0925 1400        CLFS            (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
10:56:18.0925 1400        CLFS - ok
10:56:18.0987 1400        CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:56:18.0987 1400        CmBatt - ok
10:56:19.0003 1400        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:56:19.0018 1400        cmdide - ok
10:56:19.0034 1400        Compbatt        (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
10:56:19.0034 1400        Compbatt - ok
10:56:19.0065 1400        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:56:19.0065 1400        crcdisk - ok
10:56:19.0143 1400        CtClsFlt        (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:56:19.0143 1400        CtClsFlt - ok
10:56:19.0252 1400        DfsC            (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
10:56:19.0252 1400        DfsC - ok
10:56:19.0299 1400        disk            (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
10:56:19.0299 1400        disk - ok
10:56:19.0346 1400        Dot4            (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
10:56:19.0361 1400        Dot4 - ok
10:56:19.0408 1400        Dot4Print      (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:56:19.0408 1400        Dot4Print - ok
10:56:19.0439 1400        dot4usb        (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
10:56:19.0439 1400        dot4usb - ok
10:56:19.0486 1400        drmkaud        (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
10:56:19.0486 1400        drmkaud - ok
10:56:19.0549 1400        DXGKrnl        (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
10:56:19.0595 1400        DXGKrnl - ok
10:56:19.0611 1400        e1express      (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
10:56:19.0627 1400        e1express - ok
10:56:19.0658 1400        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:56:19.0658 1400        E1G60 - ok
10:56:19.0705 1400        Ecache          (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
10:56:19.0705 1400        Ecache - ok
10:56:19.0783 1400        eeCtrl          (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:56:19.0783 1400        eeCtrl - ok
10:56:19.0845 1400        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:56:19.0845 1400        elxstor - ok
10:56:19.0907 1400        EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:56:19.0923 1400        EraserUtilRebootDrv - ok
10:56:20.0001 1400        ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
10:56:20.0001 1400        ErrDev - ok
10:56:20.0063 1400        exfat          (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
10:56:20.0063 1400        exfat - ok
10:56:20.0110 1400        fastfat        (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
10:56:20.0110 1400        fastfat - ok
10:56:20.0141 1400        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:56:20.0141 1400        fdc - ok
10:56:20.0173 1400        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:56:20.0188 1400        FileInfo - ok
10:56:20.0219 1400        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:56:20.0219 1400        Filetrace - ok
10:56:20.0235 1400        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:20.0251 1400        flpydisk - ok
10:56:20.0297 1400        FltMgr          (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
10:56:20.0313 1400        FltMgr - ok
10:56:20.0329 1400        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:56:20.0329 1400        Fs_Rec - ok
10:56:20.0360 1400        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:56:20.0375 1400        gagp30kx - ok
10:56:20.0422 1400        HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:56:20.0422 1400        HdAudAddService - ok
10:56:20.0469 1400        HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:56:20.0469 1400        HDAudBus - ok
10:56:20.0500 1400        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:56:20.0500 1400        HidBth - ok
10:56:20.0531 1400        HidIr          (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:56:20.0531 1400        HidIr - ok
10:56:20.0578 1400        HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
10:56:20.0578 1400        HidUsb - ok
10:56:20.0625 1400        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:56:20.0625 1400        HpCISSs - ok
10:56:20.0703 1400        HTTP            (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
10:56:20.0734 1400        HTTP - ok
10:56:20.0781 1400        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:56:20.0781 1400        i2omp - ok
10:56:20.0812 1400        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:56:20.0812 1400        i8042prt - ok
10:56:20.0859 1400        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:56:20.0859 1400        iaStorV - ok
10:56:21.0140 1400        IDSVia64        (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120307.002\IDSvia64.sys
10:56:21.0155 1400        IDSVia64 - ok
10:56:21.0233 1400        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:56:21.0233 1400        iirsp - ok
10:56:21.0265 1400        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:56:21.0265 1400        intelide - ok
10:56:21.0311 1400        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:56:21.0311 1400        intelppm - ok
10:56:21.0358 1400        IpFilterDriver  (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:21.0358 1400        IpFilterDriver - ok
10:56:21.0374 1400        IpInIp - ok
10:56:21.0405 1400        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:56:21.0405 1400        IPMIDRV - ok
10:56:21.0452 1400        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:56:21.0467 1400        IPNAT - ok
10:56:21.0483 1400        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:56:21.0499 1400        IRENUM - ok
10:56:21.0514 1400        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:56:21.0514 1400        isapnp - ok
10:56:21.0561 1400        iScsiPrt        (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
10:56:21.0561 1400        iScsiPrt - ok
10:56:21.0592 1400        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:56:21.0592 1400        iteatapi - ok
10:56:21.0639 1400        itecir          (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
10:56:21.0639 1400        itecir - ok
10:56:21.0686 1400        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:56:21.0686 1400        iteraid - ok
10:56:21.0733 1400        k57nd60a        (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:56:21.0748 1400        k57nd60a - ok
10:56:21.0764 1400        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:56:21.0764 1400        kbdclass - ok
10:56:21.0795 1400        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:56:21.0795 1400        kbdhid - ok
10:56:21.0857 1400        KSecDD          (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
10:56:21.0889 1400        KSecDD - ok
10:56:21.0935 1400        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:56:21.0935 1400        ksthunk - ok
10:56:22.0013 1400        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:56:22.0013 1400        lltdio - ok
10:56:22.0060 1400        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:56:22.0060 1400        LSI_FC - ok
10:56:22.0091 1400        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:56:22.0107 1400        LSI_SAS - ok
10:56:22.0138 1400        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:56:22.0138 1400        LSI_SCSI - ok
10:56:22.0154 1400        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:56:22.0154 1400        luafv - ok
10:56:22.0201 1400        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:56:22.0201 1400        MBAMProtector - ok
10:56:22.0279 1400        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:56:22.0279 1400        megasas - ok
10:56:22.0325 1400        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:56:22.0341 1400        MegaSR - ok
10:56:22.0403 1400        mfeapfk        (0d8a2ccd9fb7a18114ffa13bb681f362) C:\Windows\system32\drivers\mfeapfk.sys
10:56:22.0419 1400        mfeapfk - ok
10:56:22.0466 1400        mfeavfk        (58e891f01db2b41ef1a1296fe63ed74c) C:\Windows\system32\drivers\mfeavfk.sys
10:56:22.0466 1400        mfeavfk - ok
10:56:22.0513 1400        mfebopk        (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
10:56:22.0528 1400        mfebopk - ok
10:56:22.0591 1400        mfefirek        (74c4bf6c59a8a900c25ee892d3771f73) C:\Windows\system32\drivers\mfefirek.sys
10:56:22.0606 1400        mfefirek - ok
10:56:22.0653 1400        mfehidk        (bcd060ddc1ea7d2f84e75d17c8e2c88c) C:\Windows\system32\drivers\mfehidk.sys
10:56:22.0684 1400        mfehidk - ok
10:56:22.0731 1400        mferkdet        (537d31cf8d41222be5bfa56a5ec35ceb) C:\Windows\system32\drivers\mferkdet.sys
10:56:22.0731 1400        mferkdet - ok
10:56:22.0793 1400        mferkdk        (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
10:56:22.0793 1400        mferkdk - ok
10:56:22.0840 1400        mfesmfk        (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
10:56:22.0840 1400        mfesmfk - ok
10:56:22.0903 1400        mfewfpk        (5c07cb165074c6114616d8473cdd0938) C:\Windows\system32\drivers\mfewfpk.sys
10:56:22.0903 1400        mfewfpk - ok
10:56:22.0949 1400        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:56:22.0949 1400        Modem - ok
10:56:22.0996 1400        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:56:22.0996 1400        monitor - ok
10:56:23.0027 1400        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:56:23.0027 1400        mouclass - ok
10:56:23.0043 1400        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:56:23.0059 1400        mouhid - ok
10:56:23.0090 1400        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:56:23.0090 1400        MountMgr - ok
10:56:23.0121 1400        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:56:23.0121 1400        mpio - ok
10:56:23.0152 1400        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:56:23.0152 1400        mpsdrv - ok
10:56:23.0183 1400        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:56:23.0183 1400        Mraid35x - ok
10:56:23.0199 1400        MRxDAV          (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
10:56:23.0215 1400        MRxDAV - ok
10:56:23.0293 1400        mrxsmb          (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:56:23.0308 1400        mrxsmb - ok
10:56:23.0355 1400        mrxsmb10        (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:56:23.0355 1400        mrxsmb10 - ok
10:56:23.0402 1400        mrxsmb20        (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:56:23.0402 1400        mrxsmb20 - ok
10:56:23.0417 1400        msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
10:56:23.0433 1400        msahci - ok
10:56:23.0464 1400        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:56:23.0464 1400        msdsm - ok
10:56:23.0511 1400        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:56:23.0511 1400        Msfs - ok
10:56:23.0527 1400        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:56:23.0542 1400        msisadrv - ok
10:56:23.0573 1400        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:56:23.0573 1400        MSKSSRV - ok
10:56:23.0605 1400        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:56:23.0605 1400        MSPCLOCK - ok
10:56:23.0667 1400        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:56:23.0667 1400        MSPQM - ok
10:56:23.0698 1400        MsRPC          (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
10:56:23.0714 1400        MsRPC - ok
10:56:23.0745 1400        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:56:23.0745 1400        mssmbios - ok
10:56:23.0792 1400        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:56:23.0792 1400        MSTEE - ok
10:56:23.0839 1400        Mup            (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
10:56:23.0839 1400        Mup - ok
10:56:23.0885 1400        NativeWifiP    (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
10:56:23.0885 1400        NativeWifiP - ok
10:56:24.0135 1400        NAVENG          (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120307.035\ENG64.SYS
10:56:24.0135 1400        NAVENG - ok
10:56:24.0431 1400        NAVEX15        (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120307.035\EX64.SYS
10:56:24.0463 1400        NAVEX15 - ok
10:56:24.0556 1400        NDIS            (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
10:56:24.0587 1400        NDIS - ok
10:56:24.0619 1400        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:56:24.0619 1400        NdisTapi - ok
10:56:24.0665 1400        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:56:24.0665 1400        Ndisuio - ok
10:56:24.0697 1400        NdisWan        (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
10:56:24.0712 1400        NdisWan - ok
10:56:24.0728 1400        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:56:24.0743 1400        NDProxy - ok
10:56:24.0759 1400        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:56:24.0775 1400        NetBIOS - ok
10:56:24.0806 1400        netbt          (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
10:56:24.0806 1400        netbt - ok
10:56:24.0993 1400        NETw5v64        (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
10:56:25.0133 1400        NETw5v64 - ok
10:56:25.0165 1400        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:56:25.0165 1400        nfrd960 - ok
10:56:25.0180 1400        Npfs            (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
10:56:25.0180 1400        Npfs - ok
10:56:25.0211 1400        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:56:25.0227 1400        nsiproxy - ok
10:56:25.0305 1400        Ntfs            (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
10:56:25.0352 1400        Ntfs - ok
10:56:25.0383 1400        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:56:25.0383 1400        Null - ok
10:56:25.0414 1400        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:56:25.0414 1400        nvraid - ok
10:56:25.0430 1400        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:56:25.0445 1400        nvstor - ok
10:56:25.0461 1400        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:56:25.0461 1400        nv_agp - ok
10:56:25.0477 1400        NwlnkFlt - ok
10:56:25.0508 1400        NwlnkFwd - ok
10:56:25.0586 1400        OA001Ufd        (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
10:56:25.0586 1400        OA001Ufd - ok
10:56:25.0617 1400        OA001Vid        (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
10:56:25.0633 1400        OA001Vid - ok
10:56:25.0664 1400        ohci1394        (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
10:56:25.0664 1400        ohci1394 - ok
10:56:25.0742 1400        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:56:25.0742 1400        Parport - ok
10:56:25.0773 1400        partmgr        (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
10:56:25.0773 1400        partmgr - ok
10:56:25.0929 1400        PCDSRVC{DF3A5B5B-128783DB-06000000}_0 (6f8432f6ee241034f3295b053007e0c2) c:\program files (x86)\dell support center\hwdiag\bin\pcdsrvc_x64.pkms
10:56:26.0038 1400        PCDSRVC{DF3A5B5B-128783DB-06000000}_0 - ok
10:56:26.0147 1400        pci            (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
10:56:26.0147 1400        pci - ok
10:56:26.0210 1400        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:56:26.0210 1400        pciide - ok
10:56:26.0241 1400        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:56:26.0257 1400        pcmcia - ok
10:56:26.0319 1400        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:56:26.0335 1400        PEAUTH - ok
10:56:26.0459 1400        PptpMiniport    (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
10:56:26.0459 1400        PptpMiniport - ok
10:56:26.0506 1400        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:56:26.0522 1400        Processor - ok
10:56:26.0569 1400        PSched          (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
10:56:26.0569 1400        PSched - ok
10:56:26.0631 1400        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:56:26.0631 1400        PxHlpa64 - ok
10:56:26.0693 1400        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:56:26.0740 1400        ql2300 - ok
10:56:26.0756 1400        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:56:26.0756 1400        ql40xx - ok
10:56:26.0787 1400        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:56:26.0787 1400        QWAVEdrv - ok
10:56:26.0974 1400        R300            (db96850170c9895d855463c207fbd4ad) C:\Windows\system32\DRIVERS\atikmdag.sys
10:56:27.0037 1400        R300 - ok
10:56:27.0068 1400        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:56:27.0068 1400        RasAcd - ok
10:56:27.0099 1400        Rasl2tp        (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:56:27.0099 1400        Rasl2tp - ok
10:56:27.0115 1400        RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
10:56:27.0130 1400        RasPppoe - ok
10:56:27.0146 1400        RasSstp        (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
10:56:27.0146 1400        RasSstp - ok
10:56:27.0177 1400        rdbss          (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
10:56:27.0193 1400        rdbss - ok
10:56:27.0224 1400        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:56:27.0224 1400        RDPCDD - ok
10:56:27.0255 1400        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:56:27.0271 1400        rdpdr - ok
10:56:27.0286 1400        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:56:27.0286 1400        RDPENCDD - ok
10:56:27.0317 1400        RDPWD          (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
10:56:27.0317 1400        RDPWD - ok
10:56:27.0380 1400        RFCOMM          (a5fd55b4ccd5307f71c2c246f56c4d4f) C:\Windows\system32\DRIVERS\rfcomm.sys
10:56:27.0380 1400        RFCOMM - ok
10:56:27.0411 1400        rimmptsk        (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
10:56:27.0411 1400        rimmptsk - ok
10:56:27.0427 1400        rimsptsk        (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
10:56:27.0427 1400        rimsptsk - ok
10:56:27.0458 1400        rismxdp        (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
10:56:27.0458 1400        rismxdp - ok
10:56:27.0505 1400        RMCAST          (80c5c0a3bee7d4b26b95c3b05a014c1d) C:\Windows\system32\DRIVERS\RMCAST.sys
10:56:27.0505 1400        RMCAST - ok
10:56:27.0583 1400        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:56:27.0583 1400        rspndr - ok
10:56:27.0661 1400        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:56:27.0676 1400        sbp2port - ok
10:56:27.0723 1400        sdbus          (fb30126d3e617c86cd8e8643792ca3cf) C:\Windows\system32\DRIVERS\sdbus.sys
10:56:27.0739 1400        sdbus - ok
10:56:27.0770 1400        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:56:27.0770 1400        secdrv - ok
10:56:27.0817 1400        Serenum        (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:56:27.0817 1400        Serenum - ok
10:56:27.0832 1400        Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:56:27.0848 1400        Serial - ok
10:56:27.0863 1400        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:56:27.0863 1400        sermouse - ok
10:56:27.0941 1400        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
10:56:27.0941 1400        sffdisk - ok
10:56:27.0957 1400        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:56:27.0973 1400        sffp_mmc - ok
10:56:28.0004 1400        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:56:28.0004 1400        sffp_sd - ok
10:56:28.0035 1400        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:56:28.0035 1400        sfloppy - ok
10:56:28.0066 1400        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:56:28.0066 1400        SiSRaid2 - ok
10:56:28.0113 1400        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:56:28.0113 1400        SiSRaid4 - ok
10:56:28.0191 1400        Smb            (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
10:56:28.0191 1400        Smb - ok
10:56:28.0253 1400        spldr          (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
10:56:28.0253 1400        spldr - ok
10:56:28.0409 1400        SRTSP          (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NAVx64\1305000.091\SRTSP64.SYS
10:56:28.0441 1400        SRTSP - ok
10:56:28.0487 1400        SRTSPX          (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NAVx64\1305000.091\SRTSPX64.SYS
10:56:28.0487 1400        SRTSPX - ok
10:56:28.0550 1400        srv            (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
10:56:28.0581 1400        srv - ok
10:56:28.0628 1400        srv2            (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
10:56:28.0628 1400        srv2 - ok
10:56:28.0643 1400        srvnet          (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
10:56:28.0659 1400        srvnet - ok
10:56:28.0721 1400        STHDA          (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
10:56:28.0737 1400        STHDA - ok
10:56:28.0784 1400        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:56:28.0784 1400        swenum - ok
10:56:28.0815 1400        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:56:28.0815 1400        Symc8xx - ok
10:56:28.0940 1400        SymDS          (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS
10:56:28.0955 1400        SymDS - ok
10:56:29.0049 1400        SymEFA          (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS
10:56:29.0096 1400        SymEFA - ok
10:56:29.0158 1400        SymEvent        (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:56:29.0158 1400        SymEvent - ok
10:56:29.0221 1400        SymIRON        (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS
10:56:29.0221 1400        SymIRON - ok
10:56:29.0299 1400        SYMTDIv        (a25fee245c78804601d83431386a0bee) C:\Windows\System32\Drivers\NAVx64\1305000.091\SYMTDIV.SYS
10:56:29.0314 1400        SYMTDIv - ok
10:56:29.0361 1400        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:56:29.0377 1400        Sym_hi - ok
10:56:29.0392 1400        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:56:29.0392 1400        Sym_u3 - ok
10:56:29.0517 1400        Tcpip          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
10:56:29.0564 1400        Tcpip - ok
10:56:29.0626 1400        Tcpip6          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
10:56:29.0642 1400        Tcpip6 - ok
10:56:29.0673 1400        tcpipreg        (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
10:56:29.0673 1400        tcpipreg - ok
10:56:29.0704 1400        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:56:29.0720 1400        TDPIPE - ok
10:56:29.0735 1400        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:56:29.0735 1400        TDTCP - ok
10:56:29.0751 1400        tdx            (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
10:56:29.0767 1400        tdx - ok
10:56:29.0813 1400        TermDD          (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
10:56:29.0813 1400        TermDD - ok
10:56:29.0876 1400        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:56:29.0891 1400        tssecsrv - ok
10:56:29.0907 1400        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:56:29.0923 1400        tunmp - ok
10:56:29.0938 1400        tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
10:56:29.0954 1400        tunnel - ok
10:56:29.0969 1400        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:56:29.0985 1400        uagp35 - ok
10:56:30.0001 1400        udfs            (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
10:56:30.0016 1400        udfs - ok
10:56:30.0047 1400        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:56:30.0063 1400        uliagpkx - ok
10:56:30.0094 1400        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:56:30.0110 1400        uliahci - ok
10:56:30.0125 1400        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:56:30.0141 1400        UlSata - ok
10:56:30.0172 1400        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:56:30.0172 1400        ulsata2 - ok
10:56:30.0203 1400        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:56:30.0219 1400        umbus - ok
10:56:30.0469 1400        usbccgp        (cee5090e3c2f23df52b732dc3cc16ad8) C:\Windows\system32\DRIVERS\usbccgp.sys
10:56:30.0469 1400        usbccgp - ok
10:56:30.0671 1400        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:56:30.0687 1400        usbcir - ok
10:56:30.0749 1400        usbehci        (3bb628ad6e7391e801ce4bda9a52bb1d) C:\Windows\system32\DRIVERS\usbehci.sys
10:56:30.0765 1400        usbehci - ok
10:56:30.0827 1400        usbhub          (d02090110a4d92b4b9a9a2e17729e997) C:\Windows\system32\DRIVERS\usbhub.sys
10:56:30.0827 1400        usbhub - ok
10:56:30.0859 1400        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:56:30.0859 1400        usbohci - ok
10:56:30.0921 1400        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:56:30.0937 1400        usbprint - ok
10:56:30.0999 1400        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:56:30.0999 1400        usbscan - ok
10:56:31.0030 1400        USBSTOR        (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:56:31.0030 1400        USBSTOR - ok
10:56:31.0077 1400        usbuhci        (d63b28cffbba74bc374b41a60543190c) C:\Windows\system32\DRIVERS\usbuhci.sys
10:56:31.0077 1400        usbuhci - ok
10:56:31.0124 1400        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:56:31.0139 1400        usbvideo - ok
10:56:31.0186 1400        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:56:31.0202 1400        vga - ok
10:56:31.0217 1400        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:56:31.0217 1400        VgaSave - ok
10:56:31.0249 1400        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:56:31.0249 1400        viaide - ok
10:56:31.0280 1400        volmgr          (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
10:56:31.0280 1400        volmgr - ok
10:56:31.0311 1400        volmgrx        (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
10:56:31.0342 1400        volmgrx - ok
10:56:31.0389 1400        volsnap        (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
10:56:31.0405 1400        volsnap - ok
10:56:31.0451 1400        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:56:31.0451 1400        vsmraid - ok
10:56:31.0483 1400        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:56:31.0498 1400        WacomPen - ok
10:56:31.0529 1400        Wanarp          (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:56:31.0529 1400        Wanarp - ok
10:56:31.0545 1400        Wanarpv6        (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:56:31.0545 1400        Wanarpv6 - ok
10:56:31.0592 1400        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:56:31.0592 1400        Wd - ok
10:56:31.0639 1400        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:56:31.0685 1400        Wdf01000 - ok
10:56:31.0826 1400        WmiAcpi        (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:56:31.0826 1400        WmiAcpi - ok
10:56:31.0904 1400        WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
10:56:31.0919 1400        WpdUsb - ok
10:56:31.0966 1400        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:56:31.0966 1400        ws2ifsl - ok
10:56:32.0044 1400        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:56:32.0044 1400        WUDFRd - ok
10:56:32.0138 1400        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
10:56:32.0138 1400        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
10:56:32.0185 1400        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:56:32.0263 1400        \Device\Harddisk0\DR0 - ok
10:56:32.0278 1400        Boot (0x1200)  (781d7bc17a7913d8bde23ec5fae5aaaf) \Device\Harddisk0\DR0\Partition0
10:56:32.0278 1400        \Device\Harddisk0\DR0\Partition0 - ok
10:56:32.0278 1400        Boot (0x1200)  (36e8568af3d235f0e5c2f4f1b0262f5b) \Device\Harddisk0\DR0\Partition1
10:56:32.0294 1400        \Device\Harddisk0\DR0\Partition1 - ok
10:56:32.0294 1400        ============================================================
10:56:32.0294 1400        Scan finished
10:56:32.0294 1400        ============================================================
10:56:32.0309 3944        Detected object count: 0
10:56:32.0309 3944        Actual detected object count: 0
10:56:51.0825 4272        ============================================================
10:56:51.0825 4272        Scan started
10:56:51.0825 4272        Mode: Manual; SigCheck; TDLFS;
10:56:51.0825 4272        ============================================================
10:56:52.0309 4272        acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
10:56:52.0667 4272        acedrv11 - ok
10:56:52.0730 4272        ACPI            (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
10:56:52.0777 4272        ACPI - ok
10:56:52.0855 4272        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:56:52.0901 4272        adp94xx - ok
10:56:52.0917 4272        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:56:52.0964 4272        adpahci - ok
10:56:53.0042 4272        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:56:53.0073 4272        adpu160m - ok
10:56:53.0089 4272        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:56:53.0120 4272        adpu320 - ok
10:56:53.0213 4272        AFD            (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
10:56:53.0354 4272        AFD - ok
10:56:53.0385 4272        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:56:53.0416 4272        agp440 - ok
10:56:53.0463 4272        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:56:53.0494 4272        aic78xx - ok
10:56:53.0525 4272        aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
10:56:53.0541 4272        aliide - ok
10:56:53.0572 4272        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:56:53.0603 4272        amdide - ok
10:56:53.0619 4272        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:56:53.0869 4272        AmdK8 - ok
10:56:53.0931 4272        ApfiltrService  (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:56:53.0962 4272        ApfiltrService - ok
10:56:54.0009 4272        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:56:54.0040 4272        arc - ok
10:56:54.0056 4272        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:56:54.0087 4272        arcsas - ok
10:56:54.0103 4272        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:54.0243 4272        AsyncMac - ok
10:56:54.0290 4272        atapi          (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
10:56:54.0321 4272        atapi - ok
10:56:54.0493 4272        atikmdag        (db96850170c9895d855463c207fbd4ad) C:\Windows\system32\DRIVERS\atikmdag.sys
10:56:54.0820 4272        atikmdag - ok
10:56:55.0148 4272        BHDrvx64        (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
10:56:55.0304 4272        BHDrvx64 - ok
10:56:55.0444 4272        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:56:55.0553 4272        blbdrive - ok
10:56:55.0647 4272        bowser          (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
10:56:55.0741 4272        bowser - ok
10:56:55.0772 4272        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:56:56.0006 4272        BrFiltLo - ok
10:56:56.0084 4272        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:56:56.0177 4272        BrFiltUp - ok
10:56:56.0240 4272        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:56:56.0489 4272        Brserid - ok
10:56:56.0552 4272        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:56:56.0723 4272        BrSerWdm - ok
10:56:56.0770 4272        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:56:56.0942 4272        BrUsbMdm - ok
10:56:56.0989 4272        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:56:57.0145 4272        BrUsbSer - ok
10:56:57.0207 4272        BthEnum        (12b275fd8ea054a719d024d7017eb932) C:\Windows\system32\DRIVERS\BthEnum.sys
10:56:57.0254 4272        BthEnum - ok
10:56:57.0316 4272        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:56:57.0472 4272        BTHMODEM - ok
10:56:57.0519 4272        BthPan          (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
10:56:57.0691 4272        BthPan - ok
10:56:57.0784 4272        BthPort        (516cdda5b7f6c6999db7eb7425337a19) C:\Windows\system32\Drivers\BTHport.sys
10:56:57.0862 4272        BthPort - ok
10:56:57.0940 4272        BTHUSB          (264cc52d69337ce5d12d13d71220b612) C:\Windows\system32\Drivers\BTHUSB.sys
10:56:58.0003 4272        BTHUSB - ok
10:56:58.0065 4272        btwaudio        (319c67f7d157eaac519dcc5f29e929d0) C:\Windows\system32\drivers\btwaudio.sys
10:56:58.0081 4272        btwaudio - ok
10:56:58.0096 4272        btwavdt        (0b79273c8c2846d28aab936e7a2dbaad) C:\Windows\system32\drivers\btwavdt.sys
10:56:58.0127 4272        btwavdt - ok
10:56:58.0159 4272        btwl2cap        (fda1b5124e07003c3d0d279e5050485e) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:56:58.0174 4272        btwl2cap - ok
10:56:58.0190 4272        btwrchid        (47216d8b5f4042e6d0736bfa2e57b5df) C:\Windows\system32\DRIVERS\btwrchid.sys
10:56:58.0221 4272        btwrchid - ok
10:56:58.0346 4272        ccSet_NAV      (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys
10:56:58.0361 4272        ccSet_NAV - ok
10:56:58.0424 4272        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:56:58.0549 4272        cdfs - ok
10:56:58.0580 4272        cdrom          (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
10:56:58.0705 4272        cdrom - ok
10:56:58.0751 4272        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:56:58.0876 4272        circlass - ok
10:56:58.0970 4272        CLFS            (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
10:56:59.0032 4272        CLFS - ok
10:56:59.0173 4272        CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:56:59.0282 4272        CmBatt - ok
10:56:59.0329 4272        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:56:59.0360 4272        cmdide - ok
10:56:59.0375 4272        Compbatt        (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
10:56:59.0407 4272        Compbatt - ok
10:56:59.0422 4272        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:56:59.0453 4272        crcdisk - ok
10:56:59.0516 4272        CtClsFlt        (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:56:59.0578 4272        CtClsFlt - ok
10:56:59.0641 4272        DfsC            (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
10:56:59.0734 4272        DfsC - ok
10:56:59.0765 4272        disk            (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
10:56:59.0797 4272        disk - ok
10:56:59.0859 4272        Dot4            (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
10:56:59.0968 4272        Dot4 - ok
10:57:00.0015 4272        Dot4Print      (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:57:00.0124 4272        Dot4Print - ok
10:57:00.0171 4272        dot4usb        (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
10:57:00.0296 4272        dot4usb - ok
10:57:00.0343 4272        drmkaud        (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
10:57:00.0436 4272        drmkaud - ok
10:57:00.0514 4272        DXGKrnl        (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
10:57:00.0655 4272        DXGKrnl - ok
10:57:00.0779 4272        e1express      (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
10:57:00.0873 4272        e1express - ok
10:57:00.0904 4272        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:57:01.0029 4272        E1G60 - ok
10:57:01.0091 4272        Ecache          (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
10:57:01.0123 4272        Ecache - ok
10:57:01.0185 4272        eeCtrl          (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:57:01.0232 4272        eeCtrl - ok
10:57:01.0325 4272        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:57:01.0403 4272        elxstor - ok
10:57:01.0528 4272        EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:57:01.0559 4272        EraserUtilRebootDrv - ok
10:57:01.0622 4272        ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
10:57:01.0700 4272        ErrDev - ok
10:57:01.0762 4272        exfat          (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
10:57:01.0871 4272        exfat - ok
10:57:01.0918 4272        fastfat        (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
10:57:02.0027 4272        fastfat - ok
10:57:02.0074 4272        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:57:02.0199 4272        fdc - ok
10:57:02.0246 4272        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:57:02.0277 4272        FileInfo - ok
10:57:02.0277 4272        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:57:02.0480 4272        Filetrace - ok
10:57:02.0495 4272        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:57:02.0589 4272        flpydisk - ok
10:57:02.0667 4272        FltMgr          (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
10:57:02.0698 4272        FltMgr - ok
10:57:02.0745 4272        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:57:02.0854 4272        Fs_Rec - ok
10:57:02.0885 4272        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:57:02.0917 4272        gagp30kx - ok
10:57:02.0963 4272        HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:57:03.0135 4272        HdAudAddService - ok
10:57:03.0213 4272        HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:57:03.0322 4272        HDAudBus - ok
10:57:03.0353 4272        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:57:03.0494 4272        HidBth - ok
10:57:03.0525 4272        HidIr          (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:57:03.0619 4272        HidIr - ok
10:57:03.0665 4272        HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
10:57:03.0775 4272        HidUsb - ok
10:57:03.0821 4272        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:57:03.0853 4272        HpCISSs - ok
10:57:03.0931 4272        HTTP            (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
10:57:04.0024 4272        HTTP - ok
10:57:04.0118 4272        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:57:04.0133 4272        i2omp - ok
10:57:04.0196 4272        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:57:04.0289 4272        i8042prt - ok
10:57:04.0352 4272        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:57:04.0383 4272        iaStorV - ok
10:57:04.0648 4272        IDSVia64        (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120307.002\IDSvia64.sys
10:57:04.0679 4272        IDSVia64 - ok
10:57:04.0773 4272        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:57:04.0804 4272        iirsp - ok
10:57:04.0851 4272        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:57:04.0882 4272        intelide - ok
10:57:04.0913 4272        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:57:05.0038 4272        intelppm - ok
10:57:05.0085 4272        IpFilterDriver  (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:57:05.0225 4272        IpFilterDriver - ok
10:57:05.0257 4272        IpInIp - ok
10:57:05.0319 4272        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:57:05.0428 4272        IPMIDRV - ok
10:57:05.0444 4272        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:57:05.0537 4272        IPNAT - ok
10:57:05.0553 4272        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:57:05.0647 4272        IRENUM - ok
10:57:05.0662 4272        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:57:05.0693 4272        isapnp - ok
10:57:05.0740 4272        iScsiPrt        (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
10:57:05.0771 4272        iScsiPrt - ok
10:57:05.0803 4272        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:57:05.0834 4272        iteatapi - ok
10:57:05.0865 4272        itecir          (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
10:57:05.0943 4272        itecir - ok
10:57:05.0974 4272        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:57:06.0005 4272        iteraid - ok
10:57:06.0052 4272        k57nd60a        (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:57:06.0146 4272        k57nd60a - ok
10:57:06.0224 4272        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:57:06.0255 4272        kbdclass - ok
10:57:06.0286 4272        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:57:06.0395 4272        kbdhid - ok
10:57:06.0473 4272        KSecDD          (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
10:57:06.0551 4272        KSecDD - ok
10:57:06.0661 4272        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:57:06.0770 4272        ksthunk - ok
10:57:06.0848 4272        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:57:06.0941 4272        lltdio - ok
10:57:06.0988 4272        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:57:07.0019 4272        LSI_FC - ok
10:57:07.0051 4272        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:57:07.0082 4272        LSI_SAS - ok
10:57:07.0113 4272        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:57:07.0144 4272        LSI_SCSI - ok
10:57:07.0175 4272        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:57:07.0285 4272        luafv - ok
10:57:07.0347 4272        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:57:07.0363 4272        MBAMProtector - ok
10:57:07.0441 4272        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:57:07.0456 4272        megasas - ok
10:57:07.0503 4272        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:57:07.0534 4272        MegaSR - ok
10:57:07.0597 4272        mfeapfk        (0d8a2ccd9fb7a18114ffa13bb681f362) C:\Windows\system32\drivers\mfeapfk.sys
10:57:07.0612 4272        mfeapfk - ok
10:57:07.0675 4272        mfeavfk        (58e891f01db2b41ef1a1296fe63ed74c) C:\Windows\system32\drivers\mfeavfk.sys
10:57:07.0721 4272        mfeavfk - ok
10:57:07.0799 4272        mfebopk        (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
10:57:07.0815 4272        mfebopk - ok
10:57:07.0893 4272        mfefirek        (74c4bf6c59a8a900c25ee892d3771f73) C:\Windows\system32\drivers\mfefirek.sys
10:57:07.0924 4272        mfefirek - ok
10:57:07.0971 4272        mfehidk        (bcd060ddc1ea7d2f84e75d17c8e2c88c) C:\Windows\system32\drivers\mfehidk.sys
10:57:08.0033 4272        mfehidk - ok
10:57:08.0111 4272        mferkdet        (537d31cf8d41222be5bfa56a5ec35ceb) C:\Windows\system32\drivers\mferkdet.sys
10:57:08.0127 4272        mferkdet - ok
10:57:08.0189 4272        mferkdk        (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
10:57:08.0221 4272        mferkdk - ok
10:57:08.0252 4272        mfesmfk        (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
10:57:08.0283 4272        mfesmfk - ok
10:57:08.0330 4272        mfewfpk        (5c07cb165074c6114616d8473cdd0938) C:\Windows\system32\drivers\mfewfpk.sys
10:57:08.0361 4272        mfewfpk - ok
10:57:08.0392 4272        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:57:08.0517 4272        Modem - ok
10:57:08.0564 4272        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:57:08.0657 4272        monitor - ok
10:57:08.0689 4272        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:57:08.0720 4272        mouclass - ok
10:57:08.0735 4272        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:57:08.0860 4272        mouhid - ok
10:57:08.0891 4272        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:57:08.0923 4272        MountMgr - ok
10:57:08.0969 4272        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:57:09.0001 4272        mpio - ok
10:57:09.0016 4272        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:57:09.0094 4272        mpsdrv - ok
10:57:09.0110 4272        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:57:09.0141 4272        Mraid35x - ok
10:57:09.0157 4272        MRxDAV          (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
10:57:09.0266 4272        MRxDAV - ok
10:57:09.0313 4272        mrxsmb          (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:57:09.0422 4272        mrxsmb - ok
10:57:09.0453 4272        mrxsmb10        (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:57:09.0531 4272        mrxsmb10 - ok
10:57:09.0547 4272        mrxsmb20        (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:57:09.0593 4272        mrxsmb20 - ok
10:57:09.0640 4272        msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
10:57:09.0656 4272        msahci - ok
10:57:09.0687 4272        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:57:09.0718 4272        msdsm - ok
10:57:09.0749 4272        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:57:09.0890 4272        Msfs - ok
10:57:09.0937 4272        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:57:09.0952 4272        msisadrv - ok
10:57:09.0983 4272        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:57:10.0077 4272        MSKSSRV - ok
10:57:10.0108 4272        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:57:10.0233 4272        MSPCLOCK - ok
10:57:10.0264 4272        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:57:10.0358 4272        MSPQM - ok
10:57:10.0389 4272        MsRPC          (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
10:57:10.0420 4272        MsRPC - ok
10:57:10.0451 4272        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:57:10.0483 4272        mssmbios - ok
10:57:10.0514 4272        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:57:10.0639 4272        MSTEE - ok
10:57:10.0685 4272        Mup            (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
10:57:10.0701 4272        Mup - ok
10:57:10.0748 4272        NativeWifiP    (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
10:57:10.0826 4272        NativeWifiP - ok
10:57:11.0091 4272        NAVENG          (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120307.035\ENG64.SYS
10:57:11.0122 4272        NAVENG - ok
10:57:11.0419 4272        NAVEX15        (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120307.035\EX64.SYS
10:57:11.0575 4272        NAVEX15 - ok
10:57:11.0715 4272        NDIS            (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
10:57:11.0809 4272        NDIS - ok
10:57:11.0918 4272        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:57:12.0011 4272        NdisTapi - ok
10:57:12.0043 4272        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:57:12.0152 4272        Ndisuio - ok
10:57:12.0199 4272        NdisWan        (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
10:57:12.0323 4272        NdisWan - ok
10:57:12.0339 4272        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:57:12.0417 4272        NDProxy - ok
10:57:12.0464 4272        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:57:12.0573 4272        NetBIOS - ok
10:57:12.0620 4272        netbt          (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
10:57:12.0729 4272        netbt - ok
10:57:12.0963 4272        NETw5v64        (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
10:57:13.0244 4272        NETw5v64 - ok
10:57:13.0291 4272        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:57:13.0306 4272        nfrd960 - ok
10:57:13.0337 4272        Npfs            (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
10:57:13.0431 4272        Npfs - ok
10:57:13.0462 4272        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:57:13.0571 4272        nsiproxy - ok
10:57:13.0649 4272        Ntfs            (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
10:57:13.0743 4272        Ntfs - ok
10:57:13.0790 4272        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:57:13.0915 4272        Null - ok
10:57:13.0993 4272        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:57:14.0024 4272        nvraid - ok
10:57:14.0071 4272        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:57:14.0102 4272        nvstor - ok
10:57:14.0133 4272        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:57:14.0164 4272        nv_agp - ok
10:57:14.0180 4272        NwlnkFlt - ok
10:57:14.0211 4272        NwlnkFwd - ok
10:57:14.0289 4272        OA001Ufd        (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
10:57:14.0336 4272        OA001Ufd - ok
10:57:14.0383 4272        OA001Vid        (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
10:57:14.0445 4272        OA001Vid - ok
10:57:14.0492 4272        ohci1394        (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
10:57:14.0601 4272        ohci1394 - ok
10:57:14.0679 4272        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:57:14.0835 4272        Parport - ok
10:57:14.0882 4272        partmgr        (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
10:57:14.0913 4272        partmgr - ok
10:57:15.0069 4272        PCDSRVC{DF3A5B5B-128783DB-06000000}_0 (6f8432f6ee241034f3295b053007e0c2) c:\program files (x86)\dell support center\hwdiag\bin\pcdsrvc_x64.pkms
10:57:15.0100 4272        PCDSRVC{DF3A5B5B-128783DB-06000000}_0 - ok
10:57:15.0178 4272        pci            (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
10:57:15.0209 4272        pci - ok
10:57:15.0241 4272        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:57:15.0272 4272        pciide - ok
10:57:15.0303 4272        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:57:15.0334 4272        pcmcia - ok
10:57:15.0397 4272        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:57:15.0584 4272        PEAUTH - ok
10:57:15.0693 4272        PptpMiniport    (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
10:57:15.0802 4272        PptpMiniport - ok
10:57:15.0865 4272        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:57:15.0974 4272        Processor - ok
10:57:16.0036 4272        PSched          (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
10:57:16.0130 4272        PSched - ok
10:57:16.0208 4272        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:57:16.0239 4272        PxHlpa64 - ok
10:57:16.0317 4272        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:57:16.0395 4272        ql2300 - ok
10:57:16.0411 4272        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:57:16.0442 4272        ql40xx - ok
10:57:16.0489 4272        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:57:16.0535 4272        QWAVEdrv - ok
10:57:16.0707 4272        R300            (db96850170c9895d855463c207fbd4ad) C:\Windows\system32\DRIVERS\atikmdag.sys
10:57:16.0941 4272        R300 - ok
10:57:17.0003 4272        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:57:17.0113 4272        RasAcd - ok
10:57:17.0175 4272        Rasl2tp        (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:57:17.0284 4272        Rasl2tp - ok
10:57:17.0315 4272        RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
10:57:17.0409 4272        RasPppoe - ok
10:57:17.0456 4272        RasSstp        (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
10:57:17.0581 4272        RasSstp - ok
10:57:17.0690 4272        rdbss          (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
10:57:17.0799 4272        rdbss - ok
10:57:17.0861 4272        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:57:17.0939 4272        RDPCDD - ok
10:57:18.0002 4272        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:57:18.0095 4272        rdpdr - ok
10:57:18.0127 4272        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:57:18.0220 4272        RDPENCDD - ok
10:57:18.0251 4272        RDPWD          (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
10:57:18.0376 4272        RDPWD - ok
10:57:18.0454 4272        RFCOMM          (a5fd55b4ccd5307f71c2c246f56c4d4f) C:\Windows\system32\DRIVERS\rfcomm.sys
10:57:18.0517 4272        RFCOMM - ok
10:57:18.0563 4272        rimmptsk        (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
10:57:18.0641 4272        rimmptsk - ok
10:57:18.0657 4272        rimsptsk        (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
10:57:18.0751 4272        rimsptsk - ok
10:57:18.0766 4272        rismxdp        (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
10:57:18.0829 4272        rismxdp - ok
10:57:18.0907 4272        RMCAST          (80c5c0a3bee7d4b26b95c3b05a014c1d) C:\Windows\system32\DRIVERS\RMCAST.sys
10:57:19.0000 4272        RMCAST - ok
10:57:19.0063 4272        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:57:19.0187 4272        rspndr - ok
10:57:19.0265 4272        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:57:19.0297 4272        sbp2port - ok
10:57:19.0375 4272        sdbus          (fb30126d3e617c86cd8e8643792ca3cf) C:\Windows\system32\DRIVERS\sdbus.sys
10:57:19.0421 4272        sdbus - ok
10:57:19.0484 4272        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:57:19.0609 4272        secdrv - ok
10:57:19.0640 4272        Serenum        (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:57:19.0811 4272        Serenum - ok
10:57:19.0827 4272        Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:57:20.0014 4272        Serial - ok
10:57:20.0108 4272        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:57:20.0201 4272        sermouse - ok
10:57:20.0311 4272        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
10:57:20.0404 4272        sffdisk - ok
10:57:20.0451 4272        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:57:20.0560 4272        sffp_mmc - ok
10:57:20.0607 4272        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:57:20.0716 4272        sffp_sd - ok
10:57:20.0763 4272        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:57:20.0903 4272        sfloppy - ok
10:57:20.0919 4272        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:57:20.0950 4272        SiSRaid2 - ok
10:57:20.0966 4272        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:57:20.0997 4272        SiSRaid4 - ok
10:57:21.0028 4272        Smb            (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
10:57:21.0122 4272        Smb - ok
10:57:21.0169 4272        spldr          (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
10:57:21.0200 4272        spldr - ok
10:57:21.0356 4272        SRTSP          (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NAVx64\1305000.091\SRTSP64.SYS
10:57:21.0434 4272        SRTSP - ok
10:57:21.0512 4272        SRTSPX          (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NAVx64\1305000.091\SRTSPX64.SYS
10:57:21.0543 4272        SRTSPX - ok
10:57:21.0683 4272        srv            (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
10:57:21.0793 4272        srv - ok
10:57:21.0871 4272        srv2            (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
10:57:21.0933 4272        srv2 - ok
10:57:21.0980 4272        srvnet          (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
10:57:22.0042 4272        srvnet - ok
10:57:22.0151 4272        STHDA          (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
10:57:22.0261 4272        STHDA - ok
10:57:22.0339 4272        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:57:22.0370 4272        swenum - ok
10:57:22.0401 4272        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:57:22.0432 4272        Symc8xx - ok
10:57:22.0557 4272        SymDS          (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS
10:57:22.0619 4272        SymDS - ok
10:57:22.0744 4272        SymEFA          (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS
10:57:22.0885 4272        SymEFA - ok
10:57:23.0041 4272        SymEvent        (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:57:23.0056 4272        SymEvent - ok
10:57:23.0181 4272        SymIRON        (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS
10:57:23.0197 4272        SymIRON - ok
10:57:23.0275 4272        SYMTDIv        (a25fee245c78804601d83431386a0bee) C:\Windows\System32\Drivers\NAVx64\1305000.091\SYMTDIV.SYS
10:57:23.0337 4272        SYMTDIv - ok
10:57:23.0446 4272        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:57:23.0477 4272        Sym_hi - ok
10:57:23.0540 4272        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:57:23.0571 4272        Sym_u3 - ok
10:57:23.0711 4272        Tcpip          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
10:57:23.0883 4272        Tcpip - ok
10:57:23.0977 4272        Tcpip6          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
10:57:24.0148 4272        Tcpip6 - ok
10:57:24.0242 4272        tcpipreg        (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
10:57:24.0367 4272        tcpipreg - ok
10:57:24.0445 4272        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:57:24.0554 4272        TDPIPE - ok
10:57:24.0601 4272        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:57:24.0710 4272        TDTCP - ok
10:57:24.0757 4272        tdx            (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
10:57:24.0881 4272        tdx - ok
10:57:24.0944 4272        TermDD          (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
10:57:24.0975 4272        TermDD - ok
10:57:25.0053 4272        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:57:25.0147 4272        tssecsrv - ok
10:57:25.0178 4272        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:57:25.0256 4272        tunmp - ok
10:57:25.0303 4272        tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
10:57:25.0396 4272        tunnel - ok
10:57:25.0443 4272        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:57:25.0474 4272        uagp35 - ok
10:57:25.0490 4272        udfs            (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
10:57:25.0599 4272        udfs - ok
10:57:25.0630 4272        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:57:25.0661 4272        uliagpkx - ok
10:57:25.0677 4272        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:57:25.0708 4272        uliahci - ok
10:57:25.0739 4272        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:57:25.0771 4272        UlSata - ok
10:57:25.0786 4272        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:57:25.0817 4272        ulsata2 - ok
10:57:25.0864 4272        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:57:25.0973 4272        umbus - ok
10:57:26.0083 4272        usbccgp        (cee5090e3c2f23df52b732dc3cc16ad8) C:\Windows\system32\DRIVERS\usbccgp.sys
10:57:26.0176 4272        usbccgp - ok
10:57:26.0223 4272        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:57:26.0379 4272        usbcir - ok
10:57:26.0441 4272        usbehci        (3bb628ad6e7391e801ce4bda9a52bb1d) C:\Windows\system32\DRIVERS\usbehci.sys
10:57:26.0504 4272        usbehci - ok
10:57:26.0566 4272        usbhub          (d02090110a4d92b4b9a9a2e17729e997) C:\Windows\system32\DRIVERS\usbhub.sys
10:57:26.0629 4272        usbhub - ok
10:57:26.0675 4272        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:57:26.0831 4272        usbohci - ok
10:57:26.0894 4272        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:57:26.0972 4272        usbprint - ok
10:57:27.0034 4272        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:57:27.0128 4272        usbscan - ok
10:57:27.0190 4272        USBSTOR        (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:57:27.0315 4272        USBSTOR - ok
10:57:27.0424 4272        usbuhci        (d63b28cffbba74bc374b41a60543190c) C:\Windows\system32\DRIVERS\usbuhci.sys
10:57:27.0471 4272        usbuhci - ok
10:57:27.0549 4272        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:57:27.0643 4272        usbvideo - ok
10:57:27.0721 4272        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:57:27.0830 4272        vga - ok
10:57:27.0877 4272        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:57:27.0986 4272        VgaSave - ok
10:57:28.0017 4272        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:57:28.0033 4272        viaide - ok
10:57:28.0064 4272        volmgr          (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
10:57:28.0095 4272        volmgr - ok
10:57:28.0126 4272        volmgrx        (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
10:57:28.0173 4272        volmgrx - ok
10:57:28.0220 4272        volsnap        (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
10:57:28.0251 4272        volsnap - ok
10:57:28.0298 4272        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:57:28.0329 4272        vsmraid - ok
10:57:28.0360 4272        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:57:28.0501 4272        WacomPen - ok
10:57:28.0516 4272        Wanarp          (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:28.0641 4272        Wanarp - ok
10:57:28.0657 4272        Wanarpv6        (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:28.0750 4272        Wanarpv6 - ok
10:57:28.0813 4272        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:57:28.0828 4272        Wd - ok
10:57:28.0891 4272        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:57:28.0953 4272        Wdf01000 - ok
10:57:29.0093 4272        WmiAcpi        (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:57:29.0156 4272        WmiAcpi - ok
10:57:29.0234 4272        WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
10:57:29.0296 4272        WpdUsb - ok
10:57:29.0343 4272        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:57:29.0452 4272        ws2ifsl - ok
10:57:29.0530 4272        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:57:29.0655 4272        WUDFRd - ok
10:57:29.0764 4272        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
10:57:29.0795 4272        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
10:57:29.0827 4272        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:57:30.0092 4272        \Device\Harddisk0\DR0 - ok
10:57:30.0123 4272        Boot (0x1200)  (781d7bc17a7913d8bde23ec5fae5aaaf) \Device\Harddisk0\DR0\Partition0
10:57:30.0139 4272        \Device\Harddisk0\DR0\Partition0 - ok
10:57:30.0139 4272        Boot (0x1200)  (36e8568af3d235f0e5c2f4f1b0262f5b) \Device\Harddisk0\DR0\Partition1
10:57:30.0139 4272        \Device\Harddisk0\DR0\Partition1 - ok
10:57:30.0139 4272        ============================================================
10:57:30.0139 4272        Scan finished
10:57:30.0139 4272        ============================================================
10:57:30.0170 4476        Detected object count: 0
10:57:30.0170 4476        Actual detected object count: 0
unhide,exe brauchte ich nicht anwenden, da meine Dateien alle wieder vorhanden sind!
Bis dann vielen dank, sagt, Inga

cosinus 08.03.2012 11:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ingamix 09.03.2012 12:27
Hallo Arne,

hier die Logdatei von ComboFix, ich hoffe, dass es richtig durchgelaufen ist:
Combofix Logfile:
Code:
ComboFix 12-03-09.04 - Inga 09.03.2012  11:37:40.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.4090.2570 [GMT 1:00]
ausgeführt von:: c:\users\Inga\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Inga\AppData\Roaming\ImgBurn.exe
c:\users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-09 bis 2012-03-09  ))))))))))))))))))))))))))))))
.
.
2012-03-09 11:14 . 2012-03-09 11:14        --------        d-----w-        c:\users\Mato\AppData\Local\temp
2012-03-09 11:14 . 2012-03-09 11:14        --------        d-----w-        c:\users\Inga\AppData\Local\temp
2012-03-09 11:14 . 2012-03-09 11:14        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-03-09 11:14 . 2012-03-09 11:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-07 09:29 . 2012-03-07 09:29        --------        d-----w-        C:\_OTL
2012-02-27 15:55 . 2012-02-27 15:55        --------        d-----w-        c:\program files (x86)\Common Files\Symantec Shared
2012-02-27 09:10 . 2012-02-28 09:31        175736        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-27 09:10 . 2012-02-28 09:31        --------        d-----w-        c:\program files\Symantec
2012-02-27 09:10 . 2012-02-27 09:10        --------        d-----w-        c:\program files\Common Files\Symantec Shared
2012-02-27 09:08 . 2012-03-09 10:25        --------        d-----w-        c:\windows\system32\drivers\NAVx64
2012-02-27 09:08 . 2012-02-27 09:08        --------        d-----w-        c:\program files (x86)\Norton AntiVirus
2012-02-27 09:08 . 2012-02-27 09:12        --------        d-----w-        c:\programdata\Norton
2012-02-27 09:08 . 2012-02-27 09:08        --------        d-----w-        c:\program files (x86)\NortonInstaller
2012-02-24 16:21 . 2012-02-24 16:21        --------        d-----w-        c:\users\Inga\AppData\Roaming\Malwarebytes
2012-02-24 16:21 . 2012-02-24 16:21        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-24 16:21 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-24 16:21 . 2012-02-24 16:21        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 20:17 . 2012-01-17 03:39        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D0BF2EE-77F5-4820-BC78-763BA17F9353}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-28 18:00        279656        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-14 18:52 . 2011-12-14 18:52        1207568        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-08-17 165104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-09-23 15:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\tf1p0t3y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ingadoformen.net/wp-admin/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{DF3A5B5B-128783DB-06000000}_0]
"ImagePath"="\??\c:\program files (x86)\dell support center\hwdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-03-09  12:22:49
ComboFix-quarantined-files.txt  2012-03-09 11:22
.
Vor Suchlauf: 10 Verzeichnis(se), 360.835.940.352 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 359.697.461.248 Bytes frei
.
- - End Of File - - 9A634B740042151A1633594FD2E0CAE8
--- --- ---


Merci und bis denn, Inga

cosinus 09.03.2012 12:48
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

ingamix 11.03.2012 16:25
Hallo Arne,

habe asw.MBR heruntergeladen, 2 mal den scan gestartet, doch jedes Mal wurde mein PC heruntergefahren und neu gestartet. Und nun? Demnach kein Log und warte auf nächste Anweisung. Grüße von Inga

cosinus 12.03.2012 15:07
Starte aswMBR neu, stell unten links auf (none) und klick dann nochmal auf Scan

ingamix 13.03.2012 10:53
Hallo Arne,

so jetzt hat es geklappt. Inzwischen gab es aber eine Starthilfe von Windows, und der PC musste eine Systemwiederherstellung machen. Ich weiß nicht, ob das etwas mit dem misglückten scan versuchen von asw MBR zu tun hat!?

Hier aber die Logdatei von dem ergolgreichen scan Durchlauf:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-13 10:44:06
-----------------------------
10:44:06.967    OS Version: Windows x64 6.0.6001 Service Pack 1
10:44:06.967    Number of processors: 2 586 0x170A
10:44:06.967    ComputerName: INGA-PC  UserName: Inga
10:44:09.478    Initialize success
10:46:32.652    AVAST engine defs: 12031201
10:47:35.146    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:47:35.162    Disk 0 Vendor: ST9500325AS 0003DEM1 Size: 476940MB BusType: 3
10:47:35.177    Disk 0 MBR read successfully
10:47:35.177    Disk 0 MBR scan
10:47:35.193    Disk 0 Windows VISTA default MBR code
10:47:35.193    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      180 MB offset 63
10:47:35.208    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        15360 MB offset 370688
10:47:35.240    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      461398 MB offset 31827968
10:47:35.286    Disk 0 scanning C:\Windows\system32\drivers
10:47:50.871    Service scanning
10:48:29.450    Modules scanning
10:48:29.465    Disk 0 trace - called modules:
10:48:29.496    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:48:29.496    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d96490]
10:48:29.512    3 CLASSPNP.SYS[fffffa6000db4b3a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bd6060]
10:48:29.528    Scan finished successfully
10:49:16.059    Disk 0 MBR has been saved successfully to "C:\Users\Inga\Documents\MBR.dat"
10:49:16.059    The log file has been saved successfully to "C:\Users\Inga\Documents\aswMBR.txt"
Bis dann, Inga

cosinus 13.03.2012 17:06
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ingamix 19.03.2012 13:22
Hallo Arne,

danke bis hierhin. Die Hilfestellungen waren sehr gut. Die beiden letzten Scans habe ich noch nicht durchgeführt... Nun lasse ich es erstmal, ansonsten werde ich hier wieder vorbeischauen. Vielen Dank, Grüße von Inga

cosinus 19.03.2012 16:54
Was soll das? :balla:
Die Kontrollscans sind wichtig! Mach die bitte umgehend!


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:18 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131