Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] (https://www.trojaner-board.de/106479-verdacht-rootkit-acpi-sys-unknown-0xfffffa8003a912c0.html)

kay2012 18.12.2011 11:26
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]
 
Hallo liebe Helfer,

ich bin habe meinen PC mit "aswMBR" gescannt und dabei einen rot markierten Bereich angezeigt bekommen:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 10:24:08
-----------------------------
10:24:08.699    OS Version: Windows x64 6.1.7601 Service Pack 1
10:24:08.699    Number of processors: 4 586 0x403
10:24:08.699    ComputerName: MAZ-PC  UserName: maz
10:24:09.934    Initialize success
10:24:57.568    AVAST engine defs: 11121800
10:25:07.803    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:07.803    Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
10:25:07.803    Disk 0 MBR read successfully
10:25:07.803    Disk 0 MBR scan
10:25:07.803    Disk 0 Windows XP default MBR code
10:25:07.818    Service scanning
10:25:08.256    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:25:08.787    Modules scanning
10:25:08.787    Disk 0 trace - called modules:
10:25:08.787    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]<<
10:25:08.787    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa8060]
10:25:08.787    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80049419b0]
10:25:08.787    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004f9a060]
10:25:08.787    \Driver\atapi[0xfffffa8003ac0de0] -> IRP_MJ_CREATE -> 0xfffffa8003a912c0
10:25:21.209    AVAST engine scan C:\Windows
10:25:32.178    AVAST engine scan C:\Windows\system32
10:26:52.443    AVAST engine scan C:\Windows\system32\drivers
10:26:59.459    AVAST engine scan C:\Users\maz
10:30:05.803    AVAST engine scan C:\ProgramData
10:30:53.600    Scan finished successfully
10:32:47.741    Disk 0 MBR has been saved successfully to "C:\Users\maz\Desktop\MBR.dat"
10:32:47.741    The log file has been saved successfully to "C:\Users\maz\Desktop\aswMBRlog1.txt"
Hier der Scan mit OTL:

Code:
OTL logfile created on: 18.12.2011 10:13:11 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,40% Memory free
11,81 Gb Paging File | 10,20 Gb Available in Paging File | 86,36% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 802,03 Gb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 366,03 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
 
Computer Name: MAZ-PC | User Name: maz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.17 13:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL\OTL.exe
PRC - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
PRC - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.11.09 19:27:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.23 19:29:08 | 000,349,504 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.11.09 19:27:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.11.09 15:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.22 17:38:52 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.13 22:30:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.17 17:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mr8980x64.sys -- (mr8980)
DRV:64bit: - [2010.03.17 09:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009.10.07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC)
DRV:64bit: - [2009.10.07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.07.31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.01.19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MR8980x64.sys -- (mr8980)
DRV - [2009.07.29 18:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 6F 93 F0 D4 10 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\maz\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 14:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 14:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 19:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 19:13:37 | 000,000,000 | ---D | M]
 
[2011.05.12 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Extensions
[2011.12.16 06:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions
[2011.11.11 21:39:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.09 19:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MAZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L17Q9GVJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 19:27:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.05 10:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.05 10:44:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.05 10:44:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.14 18:46:57 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.05 10:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.05 10:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.05 10:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B46ADE-73F0-4405-890F-AB73DE899EDE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.18 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\3DMark 11
[2011.12.18 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\IsolatedStorage
[2011.12.18 09:41:16 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Futuremark_Corporation
[2011.12.18 09:22:08 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2011.12.18 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2011.12.17 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Malwarebytes
[2011.12.17 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 18:18:32 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.13 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.12.13 20:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.12.13 20:44:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.12.13 20:44:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.12.11 20:18:21 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Chromium
[2011.12.11 18:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.12.11 18:25:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SamsungPrinterLiveUpdate
[2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[2011.12.11 17:53:12 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011.12.11 17:53:02 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.exe
[2011.12.11 17:53:02 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.dll
[2011.12.11 17:53:02 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssdevm.dll
[2011.12.11 17:53:02 | 000,074,240 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssdevm64.dll
[2011.12.11 17:53:02 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssusbpn.dll
[2011.12.11 17:53:02 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssusbp64.dll
[2011.12.11 17:51:39 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\drivers\SSPORT.SYS
[2011.12.11 17:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011.12.11 17:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2011.12.11 17:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011.12.10 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\pokerth
[2011.12.06 21:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.12.06 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Apple Computer
[2011.12.04 08:42:39 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Avira
[2011.12.04 08:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.04 08:37:14 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.04 08:37:14 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.04 08:37:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.04 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.04 08:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2011.12.04 08:10:46 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\F-Secure
[2011.12.04 08:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\GetRightToGo
[2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Downloads
[2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Take On Helicopters Demo
[2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Take On Helicopters Demo
[2011.12.02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\sec4
[2011.12.02 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2011.11.26 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2011.11.26 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\TP
[2011.11.25 07:19:45 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\lazarus
[2011.11.24 18:51:37 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Need for Speed World
[2011.11.22 18:45:10 | 000,000,000 | ---D | C] -- C:\LH1
[2011.11.21 19:43:53 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2011.11.19 23:32:40 | 000,000,000 | ---D | C] -- C:\cuprojects
[2011.11.19 21:58:00 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Electronic_Arts_Inc
[2011.11.19 21:54:17 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Akamai
[2011.11.18 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.11.18 18:38:08 | 000,256,000 | ---- | C] (SEC) -- C:\Windows\SysNative\SIPDUtil.dll
[2011.11.18 18:38:08 | 000,162,096 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvcA.dll
[2011.11.18 18:38:07 | 000,166,704 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvc.exe
[2011.11.18 18:38:07 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.18 09:54:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.18 09:22:08 | 000,001,086 | ---- | M] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk
[2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.18 08:49:16 | 001,506,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.18 08:49:16 | 000,656,544 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.18 08:49:16 | 000,618,426 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.18 08:49:16 | 000,131,014 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.18 08:49:16 | 000,107,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.18 08:44:26 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.18 08:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.18 08:44:19 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.17 21:58:57 | 000,000,600 | ---- | M] () -- C:\Users\maz\AppData\Local\PUTTY.RND
[2011.12.17 21:03:04 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.12.11 18:01:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.11 17:42:46 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 06:33:06 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.12.06 19:19:03 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.04 08:12:44 | 001,544,938 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.04 08:12:37 | 000,019,476 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2011.11.27 14:42:59 | 000,001,467 | ---- | M] () -- C:\Users\maz\.recently-used.xbel
[2011.11.26 21:20:59 | 000,000,052 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011.11.26 07:43:03 | 000,052,275 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.11.24 05:59:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.11.24 05:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.11.24 05:59:00 | 000,007,653 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.11.23 19:29:36 | 000,406,336 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.18 09:22:08 | 000,001,086 | ---- | C] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk
[2011.12.13 20:44:39 | 000,007,653 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.12.11 18:01:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.11 17:53:13 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.11 17:53:03 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\ssp7ml6.smt
[2011.12.11 17:42:46 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2011.12.04 08:12:37 | 000,019,476 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.12.04 08:12:36 | 001,544,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.27 14:42:59 | 000,001,467 | ---- | C] () -- C:\Users\maz\.recently-used.xbel
[2011.11.23 19:29:36 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.11.18 18:38:07 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\DscPnt.dll
[2011.11.18 18:38:07 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.11.18 18:38:07 | 000,151,552 | ---- | C] () -- C:\Windows\SysNative\spd__ci.exe
[2011.11.18 18:38:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll
[2011.11.18 18:38:07 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt
[2011.11.03 22:43:36 | 000,004,096 | -H-- | C] () -- C:\Users\maz\AppData\Local\keyfile3.drm
[2011.10.31 23:10:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.10.31 23:09:11 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.10.31 23:09:10 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 18:12:11 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.11 07:44:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.09.04 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.14 22:35:55 | 000,007,595 | ---- | C] () -- C:\Users\maz\AppData\Local\Resmon.ResmonCfg
[2011.05.12 22:51:12 | 000,000,600 | ---- | C] () -- C:\Users\maz\AppData\Local\PUTTY.RND
[2011.05.12 22:24:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.12 22:24:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.05.12 22:24:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.05.29 17:47:44 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\.purple
[2011.09.20 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ableton
[2011.09.19 17:10:42 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\aborange
[2011.05.15 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ashampoo
[2011.09.07 07:33:40 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Blender Foundation
[2011.10.18 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\calibre
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\DAEMON Tools Lite
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\FileZilla
[2011.12.03 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\GetRightToGo
[2011.05.15 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\gtk-2.0
[2011.09.25 10:13:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Image-Line
[2011.05.14 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Leadertech
[2011.11.24 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Need for Speed World
[2011.05.28 19:48:28 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Notepad++
[2011.05.13 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\OpenOffice.org
[2011.10.26 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Origin
[2011.09.19 18:23:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\PhotoScape
[2011.12.10 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\pokerth
[2011.05.15 09:05:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Serif
[2011.11.26 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Steinberg
[2011.09.28 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\SynthMaker
[2011.11.21 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TeamViewer
[2011.11.26 20:10:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TP
[2011.05.13 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TrueCrypt
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TS3Client
[2011.05.14 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Unity
[2011.09.07 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Windows Live Writer
[2011.09.13 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XMedia Recode
[2011.05.13 22:27:05 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XProfanFree
[2011.11.04 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\{50A2320B-16F8-4CD0-9404-2F8F9C2128A7}
[2011.10.29 07:37:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Was ist zu tun ?
Vielen Dank im voraus.

Anhang 25975
Anhang 25976

cosinus 18.12.2011 16:19
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

kay2012 18.12.2011 21:16
MBAM:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8392

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

18.12.2011 20:12:21
mbam-log-2011-12-18 (20-12-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 384256
Laufzeit: 39 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ab7e40f3267f14c9db2b19a590c9533
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-18 08:10:51
# local_time=2011-12-18 09:10:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1255274 1255274 0 0
# compatibility_mode=5893 16776574 100 94 17669408 75865758 0 0
# compatibility_mode=8192 67108863 100 0 3676 3676 0 0
# scanned=229796
# found=0
# cleaned=0
# scan_time=3143

cosinus 19.12.2011 12:01
Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

kay2012 19.12.2011 18:26
TDSS:

Code:
18:22:23.0634 3644        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:22:23.0765 3644        ============================================================
18:22:23.0765 3644        Current date / time: 2011/12/19 18:22:23.0765
18:22:23.0765 3644        SystemInfo:
18:22:23.0765 3644       
18:22:23.0765 3644        OS Version: 6.1.7601 ServicePack: 1.0
18:22:23.0765 3644        Product type: Workstation
18:22:23.0765 3644        ComputerName: MAZ-PC
18:22:23.0765 3644        UserName: maz
18:22:23.0765 3644        Windows directory: C:\Windows
18:22:23.0765 3644        System windows directory: C:\Windows
18:22:23.0766 3644        Running under WOW64
18:22:23.0766 3644        Processor architecture: Intel x64
18:22:23.0766 3644        Number of processors: 4
18:22:23.0766 3644        Page size: 0x1000
18:22:23.0766 3644        Boot type: Normal boot
18:22:23.0766 3644        ============================================================
18:22:26.0309 3644        Initialize success
18:22:38.0121 2964        ============================================================
18:22:38.0121 2964        Scan started
18:22:38.0121 2964        Mode: Manual; SigCheck; TDLFS;
18:22:38.0121 2964        ============================================================
18:22:39.0390 2964        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:22:39.0486 2964        1394ohci - ok
18:22:39.0524 2964        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:22:39.0553 2964        ACPI - ok
18:22:39.0571 2964        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:22:39.0722 2964        AcpiPmi - ok
18:22:39.0801 2964        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:22:39.0819 2964        adp94xx - ok
18:22:39.0841 2964        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:22:39.0856 2964        adpahci - ok
18:22:39.0879 2964        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:22:39.0890 2964        adpu320 - ok
18:22:39.0957 2964        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:22:40.0028 2964        AFD - ok
18:22:40.0053 2964        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:22:40.0065 2964        agp440 - ok
18:22:40.0105 2964        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:22:40.0114 2964        aliide - ok
18:22:40.0144 2964        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:22:40.0167 2964        amdide - ok
18:22:40.0189 2964        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:22:40.0232 2964        AmdK8 - ok
18:22:40.0263 2964        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:22:40.0281 2964        AmdPPM - ok
18:22:40.0304 2964        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:22:40.0315 2964        amdsata - ok
18:22:40.0351 2964        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:22:40.0363 2964        amdsbs - ok
18:22:40.0378 2964        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:22:40.0404 2964        amdxata - ok
18:22:40.0499 2964        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:22:40.0765 2964        AppID - ok
18:22:40.0792 2964        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:22:40.0800 2964        arc - ok
18:22:40.0819 2964        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:22:40.0829 2964        arcsas - ok
18:22:40.0868 2964        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:41.0086 2964        AsyncMac - ok
18:22:41.0117 2964        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:22:41.0124 2964        atapi - ok
18:22:41.0179 2964        AtiPcie        (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:22:41.0196 2964        AtiPcie - ok
18:22:41.0258 2964        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:22:41.0269 2964        avgntflt - ok
18:22:41.0335 2964        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:22:41.0347 2964        avipbb - ok
18:22:41.0407 2964        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:22:41.0416 2964        avkmgr - ok
18:22:41.0495 2964        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:22:41.0550 2964        b06bdrv - ok
18:22:41.0608 2964        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:41.0631 2964        b57nd60a - ok
18:22:41.0668 2964        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:22:41.0706 2964        Beep - ok
18:22:41.0776 2964        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:41.0798 2964        blbdrive - ok
18:22:41.0841 2964        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:22:41.0923 2964        bowser - ok
18:22:41.0935 2964        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:41.0954 2964        BrFiltLo - ok
18:22:41.0963 2964        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:41.0976 2964        BrFiltUp - ok
18:22:42.0026 2964        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:22:42.0050 2964        Brserid - ok
18:22:42.0067 2964        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:42.0087 2964        BrSerWdm - ok
18:22:42.0117 2964        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:42.0141 2964        BrUsbMdm - ok
18:22:42.0170 2964        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:42.0180 2964        BrUsbSer - ok
18:22:42.0197 2964        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:22:42.0234 2964        BTHMODEM - ok
18:22:42.0292 2964        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:42.0347 2964        cdfs - ok
18:22:42.0403 2964        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:42.0534 2964        cdrom - ok
18:22:42.0720 2964        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:22:42.0832 2964        circlass - ok
18:22:43.0060 2964        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:22:43.0074 2964        CLFS - ok
18:22:43.0124 2964        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:43.0165 2964        CmBatt - ok
18:22:43.0178 2964        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:22:43.0188 2964        cmdide - ok
18:22:43.0229 2964        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:22:43.0250 2964        CNG - ok
18:22:43.0269 2964        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:43.0279 2964        Compbatt - ok
18:22:43.0334 2964        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:22:43.0374 2964        CompositeBus - ok
18:22:43.0475 2964        cpuz130 - ok
18:22:43.0573 2964        cpuz135 - ok
18:22:43.0584 2964        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:22:43.0591 2964        crcdisk - ok
18:22:43.0611 2964        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:22:43.0672 2964        DfsC - ok
18:22:43.0685 2964        DgiVecp - ok
18:22:43.0707 2964        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:22:43.0737 2964        discache - ok
18:22:43.0760 2964        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:22:43.0769 2964        Disk - ok
18:22:43.0845 2964        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:22:43.0875 2964        drmkaud - ok
18:22:43.0949 2964        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:43.0972 2964        DXGKrnl - ok
18:22:44.0035 2964        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:22:44.0131 2964        ebdrv - ok
18:22:44.0174 2964        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:22:44.0189 2964        elxstor - ok
18:22:44.0227 2964        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:22:44.0264 2964        ErrDev - ok
18:22:44.0303 2964        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:22:44.0349 2964        exfat - ok
18:22:44.0375 2964        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:22:44.0419 2964        fastfat - ok
18:22:44.0465 2964        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:22:44.0505 2964        fdc - ok
18:22:44.0524 2964        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:22:44.0543 2964        FileInfo - ok
18:22:44.0565 2964        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:22:44.0602 2964        Filetrace - ok
18:22:44.0771 2964        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:44.0783 2964        flpydisk - ok
18:22:44.0823 2964        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:22:44.0836 2964        FltMgr - ok
18:22:44.0889 2964        FLxHCIc        (e35f19855192d025da41e8dfa318206a) C:\Windows\system32\DRIVERS\FLxHCIc.sys
18:22:44.0915 2964        FLxHCIc - ok
18:22:44.0955 2964        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:22:44.0964 2964        FsDepends - ok
18:22:44.0972 2964        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:44.0981 2964        Fs_Rec - ok
18:22:45.0057 2964        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:45.0070 2964        fvevol - ok
18:22:45.0116 2964        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:45.0125 2964        gagp30kx - ok
18:22:45.0182 2964        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:22:45.0193 2964        GEARAspiWDM - ok
18:22:45.0227 2964        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:22:45.0264 2964        hcw85cir - ok
18:22:45.0318 2964        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:22:45.0341 2964        HdAudAddService - ok
18:22:45.0372 2964        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:22:45.0391 2964        HDAudBus - ok
18:22:45.0421 2964        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:45.0438 2964        HidBatt - ok
18:22:45.0459 2964        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:45.0515 2964        HidBth - ok
18:22:45.0537 2964        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:22:45.0563 2964        HidIr - ok
18:22:45.0641 2964        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:45.0679 2964        HidUsb - ok
18:22:45.0731 2964        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:22:45.0742 2964        HpSAMD - ok
18:22:45.0822 2964        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:22:45.0880 2964        HTTP - ok
18:22:45.0941 2964        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:22:45.0948 2964        hwpolicy - ok
18:22:45.0984 2964        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:22:45.0999 2964        i8042prt - ok
18:22:46.0077 2964        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:22:46.0091 2964        iaStorV - ok
18:22:46.0136 2964        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:46.0153 2964        iirsp - ok
18:22:46.0529 2964        IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
18:22:46.0618 2964        IntcAzAudAddService - ok
18:22:46.0637 2964        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:22:46.0646 2964        intelide - ok
18:22:46.0684 2964        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:46.0707 2964        intelppm - ok
18:22:46.0755 2964        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:46.0797 2964        IpFilterDriver - ok
18:22:46.0815 2964        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:46.0828 2964        IPMIDRV - ok
18:22:46.0848 2964        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:22:46.0915 2964        IPNAT - ok
18:22:46.0961 2964        irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
18:22:47.0084 2964        irda - ok
18:22:47.0104 2964        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:22:47.0127 2964        IRENUM - ok
18:22:47.0183 2964        irsir          (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
18:22:47.0209 2964        irsir - ok
18:22:47.0254 2964        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:22:47.0266 2964        isapnp - ok
18:22:47.0297 2964        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:22:47.0309 2964        iScsiPrt - ok
18:22:47.0361 2964        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:22:47.0371 2964        kbdclass - ok
18:22:47.0391 2964        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:22:47.0411 2964        kbdhid - ok
18:22:47.0457 2964        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:22:47.0464 2964        KSecDD - ok
18:22:47.0501 2964        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:47.0512 2964        KSecPkg - ok
18:22:47.0548 2964        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:22:47.0582 2964        ksthunk - ok
18:22:47.0611 2964        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:47.0641 2964        lltdio - ok
18:22:47.0699 2964        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:47.0707 2964        LSI_FC - ok
18:22:47.0719 2964        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:47.0728 2964        LSI_SAS - ok
18:22:47.0749 2964        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:47.0756 2964        LSI_SAS2 - ok
18:22:47.0783 2964        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:47.0800 2964        LSI_SCSI - ok
18:22:47.0810 2964        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:22:47.0861 2964        luafv - ok
18:22:47.0879 2964        LVPr2M64 - ok
18:22:47.0951 2964        LVRS64          (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
18:22:47.0972 2964        LVRS64 - ok
18:22:48.0322 2964        LVUVC64        (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
18:22:48.0482 2964        LVUVC64 - ok
18:22:48.0506 2964        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:22:48.0517 2964        megasas - ok
18:22:48.0550 2964        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:48.0563 2964        MegaSR - ok
18:22:48.0595 2964        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:22:48.0637 2964        Modem - ok
18:22:48.0670 2964        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:22:48.0694 2964        monitor - ok
18:22:48.0717 2964        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:22:48.0726 2964        mouclass - ok
18:22:48.0740 2964        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:48.0749 2964        mouhid - ok
18:22:48.0798 2964        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:22:48.0807 2964        mountmgr - ok
18:22:48.0847 2964        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:22:48.0858 2964        mpio - ok
18:22:48.0881 2964        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:22:48.0919 2964        mpsdrv - ok
18:22:49.0017 2964        mr8980          (a6bccf5e16b208b6b490b6efe6f98623) C:\Windows\system32\DRIVERS\mr8980x64.sys
18:22:49.0073 2964        mr8980 - ok
18:22:49.0132 2964        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:22:49.0181 2964        MRxDAV - ok
18:22:49.0221 2964        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:49.0249 2964        mrxsmb - ok
18:22:49.0266 2964        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:49.0283 2964        mrxsmb10 - ok
18:22:49.0307 2964        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:49.0333 2964        mrxsmb20 - ok
18:22:49.0350 2964        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:22:49.0366 2964        msahci - ok
18:22:49.0375 2964        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:22:49.0384 2964        msdsm - ok
18:22:49.0398 2964        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:22:49.0421 2964        Msfs - ok
18:22:49.0434 2964        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:49.0505 2964        mshidkmdf - ok
18:22:49.0514 2964        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:22:49.0523 2964        msisadrv - ok
18:22:49.0558 2964        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:49.0624 2964        MSKSSRV - ok
18:22:49.0670 2964        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:49.0730 2964        MSPCLOCK - ok
18:22:49.0762 2964        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:22:49.0805 2964        MSPQM - ok
18:22:49.0842 2964        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:22:49.0856 2964        MsRPC - ok
18:22:49.0891 2964        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:22:49.0902 2964        mssmbios - ok
18:22:49.0911 2964        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:22:49.0940 2964        MSTEE - ok
18:22:49.0970 2964        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:49.0995 2964        MTConfig - ok
18:22:50.0021 2964        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:22:50.0031 2964        Mup - ok
18:22:50.0066 2964        mv91xx          (77073c1af9c0921ff18ee628049bb1a9) C:\Windows\system32\DRIVERS\mv91xx.sys
18:22:50.0078 2964        mv91xx - ok
18:22:50.0142 2964        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:50.0172 2964        NativeWifiP - ok
18:22:50.0243 2964        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:22:50.0263 2964        NDIS - ok
18:22:50.0285 2964        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:50.0317 2964        NdisCap - ok
18:22:50.0354 2964        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:50.0389 2964        NdisTapi - ok
18:22:50.0440 2964        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:50.0478 2964        Ndisuio - ok
18:22:50.0508 2964        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:50.0548 2964        NdisWan - ok
18:22:50.0592 2964        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:22:50.0652 2964        NDProxy - ok
18:22:50.0662 2964        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:22:50.0707 2964        NetBIOS - ok
18:22:50.0728 2964        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:22:50.0760 2964        NetBT - ok
18:22:50.0843 2964        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:50.0852 2964        nfrd960 - ok
18:22:50.0988 2964        NPF            (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
18:22:51.0019 2964        NPF - ok
18:22:51.0028 2964        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:22:51.0071 2964        Npfs - ok
18:22:51.0088 2964        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:22:51.0134 2964        nsiproxy - ok
18:22:51.0206 2964        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:22:51.0243 2964        Ntfs - ok
18:22:51.0266 2964        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:22:51.0316 2964        Null - ok
18:22:51.0359 2964        NVHDA          (dd743dc997f26eddfdcebe7146b458b8) C:\Windows\system32\drivers\nvhda64v.sys
18:22:51.0369 2964        NVHDA - ok
18:22:51.0755 2964        nvlddmkm        (88e141b9df63c41ea272b2f712d1a227) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:22:52.0066 2964        nvlddmkm - ok
18:22:52.0117 2964        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:22:52.0126 2964        nvraid - ok
18:22:52.0153 2964        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:22:52.0162 2964        nvstor - ok
18:22:52.0231 2964        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:22:52.0241 2964        nv_agp - ok
18:22:52.0258 2964        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:22:52.0280 2964        ohci1394 - ok
18:22:52.0324 2964        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:22:52.0347 2964        Parport - ok
18:22:52.0391 2964        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:22:52.0401 2964        partmgr - ok
18:22:52.0422 2964        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:22:52.0433 2964        pci - ok
18:22:52.0462 2964        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:22:52.0468 2964        pciide - ok
18:22:52.0536 2964        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:52.0553 2964        pcmcia - ok
18:22:52.0571 2964        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:22:52.0579 2964        pcw - ok
18:22:52.0613 2964        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:22:52.0660 2964        PEAUTH - ok
18:22:52.0746 2964        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:52.0776 2964        PptpMiniport - ok
18:22:52.0810 2964        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:22:52.0832 2964        Processor - ok
18:22:52.0895 2964        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:22:52.0929 2964        Psched - ok
18:22:52.0994 2964        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:53.0041 2964        ql2300 - ok
18:22:53.0070 2964        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:53.0082 2964        ql40xx - ok
18:22:53.0122 2964        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:22:53.0145 2964        QWAVEdrv - ok
18:22:53.0286 2964        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:53.0350 2964        RasAcd - ok
18:22:53.0500 2964        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:53.0532 2964        RasAgileVpn - ok
18:22:53.0544 2964        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:53.0593 2964        Rasl2tp - ok
18:22:53.0607 2964        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:53.0656 2964        RasPppoe - ok
18:22:53.0672 2964        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:53.0703 2964        RasSstp - ok
18:22:53.0742 2964        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:53.0768 2964        rdbss - ok
18:22:53.0791 2964        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:53.0806 2964        rdpbus - ok
18:22:53.0824 2964        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:53.0861 2964        RDPCDD - ok
18:22:53.0892 2964        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:22:53.0932 2964        RDPENCDD - ok
18:22:53.0943 2964        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:22:53.0966 2964        RDPREFMP - ok
18:22:54.0000 2964        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:22:54.0026 2964        RDPWD - ok
18:22:54.0055 2964        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:22:54.0067 2964        rdyboost - ok
18:22:54.0121 2964        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:54.0155 2964        rspndr - ok
18:22:54.0231 2964        RTL8167        (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:22:54.0260 2964        RTL8167 - ok
18:22:54.0341 2964        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:22:54.0353 2964        sbp2port - ok
18:22:54.0401 2964        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:54.0440 2964        scfilter - ok
18:22:54.0482 2964        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:22:54.0541 2964        secdrv - ok
18:22:54.0578 2964        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:22:54.0586 2964        Serenum - ok
18:22:54.0616 2964        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:22:54.0640 2964        Serial - ok
18:22:54.0682 2964        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:54.0705 2964        sermouse - ok
18:22:54.0729 2964        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:22:54.0768 2964        sffdisk - ok
18:22:54.0784 2964        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:54.0796 2964        sffp_mmc - ok
18:22:54.0819 2964        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:22:54.0842 2964        sffp_sd - ok
18:22:54.0879 2964        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:54.0891 2964        sfloppy - ok
18:22:54.0946 2964        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:54.0958 2964        SiSRaid2 - ok
18:22:54.0994 2964        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:55.0005 2964        SiSRaid4 - ok
18:22:55.0038 2964        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:22:55.0097 2964        Smb - ok
18:22:55.0124 2964        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:22:55.0134 2964        spldr - ok
18:22:55.0211 2964        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
18:22:55.0211 2964        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:22:55.0213 2964        sptd ( LockedFile.Multi.Generic ) - warning
18:22:55.0213 2964        sptd - detected LockedFile.Multi.Generic (1)
18:22:55.0238 2964        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:22:55.0284 2964        srv - ok
18:22:55.0308 2964        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:22:55.0358 2964        srv2 - ok
18:22:55.0381 2964        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:55.0405 2964        srvnet - ok
18:22:55.0445 2964        SSPORT - ok
18:22:55.0516 2964        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:22:55.0526 2964        stexstor - ok
18:22:55.0585 2964        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:22:55.0597 2964        swenum - ok
18:22:55.0722 2964        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:22:55.0772 2964        Tcpip - ok
18:22:55.0831 2964        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:55.0863 2964        TCPIP6 - ok
18:22:55.0916 2964        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:22:55.0974 2964        tcpipreg - ok
18:22:55.0993 2964        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:22:56.0035 2964        TDPIPE - ok
18:22:56.0062 2964        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:22:56.0095 2964        TDTCP - ok
18:22:56.0124 2964        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:22:56.0155 2964        tdx - ok
18:22:56.0235 2964        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:22:56.0245 2964        TermDD - ok
18:22:56.0323 2964        truecrypt      (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
18:22:56.0335 2964        truecrypt - ok
18:22:56.0375 2964        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:56.0442 2964        tssecsrv - ok
18:22:56.0529 2964        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:22:56.0544 2964        TsUsbFlt - ok
18:22:56.0579 2964        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:56.0625 2964        tunnel - ok
18:22:56.0653 2964        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:56.0664 2964        uagp35 - ok
18:22:56.0725 2964        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:22:56.0759 2964        udfs - ok
18:22:56.0800 2964        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:22:56.0809 2964        uliagpkx - ok
18:22:56.0846 2964        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:22:56.0868 2964        umbus - ok
18:22:56.0895 2964        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:22:56.0917 2964        UmPass - ok
18:22:56.0949 2964        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:22:56.0971 2964        usbaudio - ok
18:22:57.0012 2964        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:57.0027 2964        usbccgp - ok
18:22:57.0058 2964        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:22:57.0085 2964        usbcir - ok
18:22:57.0126 2964        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:57.0147 2964        usbehci - ok
18:22:57.0178 2964        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:57.0199 2964        usbhub - ok
18:22:57.0219 2964        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:22:57.0237 2964        usbohci - ok
18:22:57.0259 2964        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:57.0273 2964        usbprint - ok
18:22:57.0307 2964        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:57.0324 2964        USBSTOR - ok
18:22:57.0341 2964        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:22:57.0381 2964        usbuhci - ok
18:22:57.0428 2964        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:22:57.0443 2964        usbvideo - ok
18:22:57.0479 2964        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:22:57.0490 2964        vdrvroot - ok
18:22:57.0512 2964        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:57.0558 2964        vga - ok
18:22:57.0602 2964        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:22:57.0667 2964        VgaSave - ok
18:22:57.0699 2964        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:22:57.0710 2964        vhdmp - ok
18:22:57.0768 2964        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:22:57.0775 2964        viaide - ok
18:22:57.0785 2964        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:22:57.0794 2964        volmgr - ok
18:22:57.0853 2964        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:22:57.0866 2964        volmgrx - ok
18:22:57.0898 2964        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:22:57.0909 2964        volsnap - ok
18:22:57.0930 2964        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:57.0939 2964        vsmraid - ok
18:22:57.0961 2964        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:22:57.0990 2964        vwifibus - ok
18:22:58.0022 2964        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:58.0037 2964        WacomPen - ok
18:22:58.0079 2964        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:58.0113 2964        WANARP - ok
18:22:58.0116 2964        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:58.0144 2964        Wanarpv6 - ok
18:22:58.0166 2964        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:22:58.0176 2964        Wd - ok
18:22:58.0193 2964        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:22:58.0213 2964        Wdf01000 - ok
18:22:58.0268 2964        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:58.0293 2964        WfpLwf - ok
18:22:58.0315 2964        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:22:58.0364 2964        WIMMount - ok
18:22:58.0462 2964        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:58.0489 2964        WinUsb - ok
18:22:58.0600 2964        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:22:58.0611 2964        WmiAcpi - ok
18:22:58.0650 2964        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:58.0681 2964        ws2ifsl - ok
18:22:58.0716 2964        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:22:58.0756 2964        WudfPf - ok
18:22:58.0768 2964        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:58.0818 2964        WUDFRd - ok
18:22:58.0919 2964        XENfiltv        (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
18:22:59.0150 2964        XENfiltv - ok
18:22:59.0183 2964        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:22:59.0576 2964        \Device\Harddisk0\DR0 - ok
18:22:59.0666 2964        MBR (0x1B8)    (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
18:23:20.0396 2964        \Device\Harddisk1\DR1 - ok
18:23:20.0567 2964        Boot (0x1200)  (0b98b9422d1b4471ba2b98eba915f335) \Device\Harddisk0\DR0\Partition0
18:23:20.0609 2964        \Device\Harddisk0\DR0\Partition0 - ok
18:23:20.0621 2964        Boot (0x1200)  (89a6aeb194b8f3801d332890a478ee28) \Device\Harddisk0\DR0\Partition1
18:23:20.0624 2964        \Device\Harddisk0\DR0\Partition1 - ok
18:23:20.0679 2964        Boot (0x1200)  (739420f675c5a2d3f93e8a3a5021d74a) \Device\Harddisk1\DR1\Partition0
18:23:20.0839 2964        \Device\Harddisk1\DR1\Partition0 - ok
18:23:20.0839 2964        ============================================================
18:23:20.0839 2964        Scan finished
18:23:20.0839 2964        ============================================================
18:23:20.0846 2648        Detected object count: 1
18:23:20.0846 2648        Actual detected object count: 1
18:23:52.0121 2648        sptd ( LockedFile.Multi.Generic ) - skipped by user
18:23:52.0121 2648        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

kay2012 22.12.2011 18:27
War es nun ein Fehlalarm oder ist das kein Rootbot ö.ä. ?

cosinus 22.12.2011 18:42
SPTD ist ein Treiber für CD/DVD Emus wie zB DaemonTools.
Soweit war alles unauffällig.
Rechner im Lot, gibt noch Probleme die uns veranlassen sollten tiefer zu buddeln? ;)

kay2012 22.12.2011 20:23
Hab soweit keine weitere Probleme. Das mit dem Treiber hab ich schon vermutet aber auch "Roots" verstecken sich ja gern hinter solchen Namen. Ich werd ab und zu mal "nachscannen" und mit TCP Viewer gucken, ob da Pakete gesendet werden, die nicht sein sollten. Vielen Dank für eure Hilfe & fröhlichen Weihnachten !!!

cosinus 22.12.2011 20:26
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131