| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Probleme mit Trojaner/RootkitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.10.2011, 21:38
| #1 |
 |  Probleme mit Trojaner/Rootkit Hallo, erstmal großes Lob von mir ihr macht hier echt super Arbeit. Ja dann mal zu meinem Problem ich glaub ich habe mir auch son Trojaner oder so eingefangen. Hab hier auch schon den einen oder anderen beitrag gelesen aber bis auf die Scans sind sie ja dann doch sehr individuell. Hab deshalb bis jetzt auch nur die Scans mit Malwarebytes, Eset und Gdata(kann da keine logs finden) gemacht. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8020
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
25.10.2011 23:56:32
mbam-log-2011-10-25 (23-56-32).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 431644
Laufzeit: 50 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
c:\Users\Marucs\m-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> 4252 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Backdoor.IRCBot) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Marucs\m-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\Marucs\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZRCBCDVP\g[2].exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\Marucs\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZRCBCDVP\ok[1].exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\Marucs\AppData\Local\Temp\1405087.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Users\Marucs\AppData\Local\Temp\9230519.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=38f748c457b37d41b9ac920434c75fc4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-26 04:26:42
# local_time=2011-10-26 06:26:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=4096 16777215 100 0 67611652 67611652 0 0
# compatibility_mode=5893 16776573 100 94 19114 71210422 0 0
# compatibility_mode=8192 67108863 100 0 150 150 0 0
# scanned=341176
# found=0
# cleaned=0
# scan_time=22629
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=38f748c457b37d41b9ac920434c75fc4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-26 09:08:38
# local_time=2011-10-26 11:08:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=4096 16777215 100 0 67642456 67642456 0 0
# compatibility_mode=5893 16776573 100 94 309 71241226 0 0
# compatibility_mode=8192 67108863 100 0 30954 30954 0 0
# scanned=341223
# found=0
# cleaned=0
# scan_time=8741
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8020
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
26.10.2011 22:09:54
mbam-log-2011-10-26 (22-09-54).txt
Art des Suchlaufs: Vollständiger Suchlauf (N:\|)
Durchsuchte Objekte: 239718
Laufzeit: 24 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
danke gruß marcus Guten morgen! Hab jetzt auch nochmal versucht selber etwas schlauer zu werden. Kann aber überhaupt nicht einschätzen wie groß mein problem überhaupt ist. hab aber jetzt schon mal alle pw von nem anderen rechner geändert. und ein scan mit Kaspersky ausführt hier der log dazu. Code:
ATTFilter 10:29:14.0490 3120 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
10:29:14.0646 3120 ============================================================
10:29:14.0646 3120 Current date / time: 2011/10/27 10:29:14.0646
10:29:14.0646 3120 SystemInfo:
10:29:14.0646 3120
10:29:14.0646 3120 OS Version: 6.1.7600 ServicePack: 0.0
10:29:14.0646 3120 Product type: Workstation
10:29:14.0646 3120 ComputerName: MARUCS-PC
10:29:14.0646 3120 UserName: Marucs
10:29:14.0646 3120 Windows directory: C:\Windows
10:29:14.0646 3120 System windows directory: C:\Windows
10:29:14.0646 3120 Running under WOW64
10:29:14.0646 3120 Processor architecture: Intel x64
10:29:14.0646 3120 Number of processors: 4
10:29:14.0646 3120 Page size: 0x1000
10:29:14.0646 3120 Boot type: Normal boot
10:29:14.0646 3120 ============================================================
10:29:15.0161 3120 Initialize success
10:29:19.0233 3016 ============================================================
10:29:19.0233 3016 Scan started
10:29:19.0233 3016 Mode: Manual;
10:29:19.0233 3016 ============================================================
10:29:19.0592 3016 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:29:19.0592 3016 1394ohci - ok
10:29:19.0623 3016 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:29:19.0638 3016 ACPI - ok
10:29:19.0654 3016 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:29:19.0654 3016 AcpiPmi - ok
10:29:19.0685 3016 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:29:19.0685 3016 adp94xx - ok
10:29:19.0701 3016 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:29:19.0716 3016 adpahci - ok
10:29:19.0732 3016 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:29:19.0732 3016 adpu320 - ok
10:29:19.0748 3016 Afc - ok
10:29:19.0794 3016 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
10:29:19.0810 3016 AFD - ok
10:29:19.0826 3016 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:29:19.0826 3016 agp440 - ok
10:29:19.0857 3016 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:29:19.0857 3016 aliide - ok
10:29:19.0888 3016 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:29:19.0888 3016 amdide - ok
10:29:19.0904 3016 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:29:19.0904 3016 AmdK8 - ok
10:29:19.0919 3016 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:29:19.0919 3016 AmdPPM - ok
10:29:19.0935 3016 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
10:29:19.0935 3016 amdsata - ok
10:29:19.0950 3016 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:29:19.0966 3016 amdsbs - ok
10:29:19.0997 3016 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
10:29:19.0997 3016 amdxata - ok
10:29:20.0013 3016 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:29:20.0013 3016 AppID - ok
10:29:20.0060 3016 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:29:20.0060 3016 arc - ok
10:29:20.0075 3016 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:29:20.0075 3016 arcsas - ok
10:29:20.0106 3016 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:20.0106 3016 AsyncMac - ok
10:29:20.0138 3016 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:29:20.0138 3016 atapi - ok
10:29:20.0184 3016 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
10:29:20.0200 3016 atksgt - ok
10:29:20.0262 3016 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
10:29:20.0262 3016 avmeject - ok
10:29:20.0309 3016 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:29:20.0309 3016 b06bdrv - ok
10:29:20.0340 3016 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:29:20.0356 3016 b57nd60a - ok
10:29:20.0372 3016 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:29:20.0372 3016 Beep - ok
10:29:20.0418 3016 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:29:20.0418 3016 blbdrive - ok
10:29:20.0465 3016 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:29:20.0465 3016 bowser - ok
10:29:20.0481 3016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:29:20.0481 3016 BrFiltLo - ok
10:29:20.0496 3016 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:29:20.0496 3016 BrFiltUp - ok
10:29:20.0528 3016 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:29:20.0543 3016 Brserid - ok
10:29:20.0543 3016 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:29:20.0543 3016 BrSerWdm - ok
10:29:20.0559 3016 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:29:20.0559 3016 BrUsbMdm - ok
10:29:20.0574 3016 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:29:20.0574 3016 BrUsbSer - ok
10:29:20.0590 3016 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:29:20.0590 3016 BTHMODEM - ok
10:29:20.0621 3016 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:29:20.0621 3016 cdfs - ok
10:29:20.0652 3016 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:29:20.0652 3016 cdrom - ok
10:29:20.0668 3016 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:29:20.0668 3016 circlass - ok
10:29:20.0699 3016 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:29:20.0699 3016 CLFS - ok
10:29:20.0746 3016 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:29:20.0746 3016 CmBatt - ok
10:29:20.0762 3016 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:29:20.0762 3016 cmdide - ok
10:29:20.0777 3016 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
10:29:20.0793 3016 CNG - ok
10:29:20.0808 3016 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:29:20.0808 3016 Compbatt - ok
10:29:20.0824 3016 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:29:20.0824 3016 CompositeBus - ok
10:29:20.0840 3016 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:29:20.0840 3016 crcdisk - ok
10:29:20.0886 3016 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:29:20.0886 3016 DfsC - ok
10:29:20.0933 3016 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:29:20.0933 3016 discache - ok
10:29:20.0964 3016 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:29:20.0964 3016 Disk - ok
10:29:20.0996 3016 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:29:20.0996 3016 drmkaud - ok
10:29:21.0042 3016 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:29:21.0058 3016 DXGKrnl - ok
10:29:21.0074 3016 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
10:29:21.0074 3016 e1yexpress - ok
10:29:21.0152 3016 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:29:21.0214 3016 ebdrv - ok
10:29:21.0276 3016 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:29:21.0276 3016 elxstor - ok
10:29:21.0292 3016 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:29:21.0292 3016 ErrDev - ok
10:29:21.0323 3016 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:29:21.0323 3016 exfat - ok
10:29:21.0354 3016 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:29:21.0354 3016 fastfat - ok
10:29:21.0354 3016 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:29:21.0370 3016 fdc - ok
10:29:21.0401 3016 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:29:21.0401 3016 FileInfo - ok
10:29:21.0417 3016 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:29:21.0417 3016 Filetrace - ok
10:29:21.0417 3016 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:29:21.0432 3016 flpydisk - ok
10:29:21.0448 3016 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:29:21.0464 3016 FltMgr - ok
10:29:21.0479 3016 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:29:21.0510 3016 FsDepends - ok
10:29:21.0526 3016 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:29:21.0526 3016 Fs_Rec - ok
10:29:21.0557 3016 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:29:21.0557 3016 fvevol - ok
10:29:21.0604 3016 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
10:29:21.0604 3016 FWLANUSB - ok
10:29:21.0635 3016 fwlanusbn (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
10:29:21.0651 3016 fwlanusbn - ok
10:29:21.0666 3016 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:29:21.0666 3016 gagp30kx - ok
10:29:21.0713 3016 GDBehave (98c64a79d282a6d043d8c9447ce0ad8c) C:\Windows\system32\drivers\GDBehave.sys
10:29:21.0713 3016 GDBehave - ok
10:29:21.0744 3016 GDMnIcpt (001d282b8a56c0fb94d14033f5f94eed) C:\Windows\system32\drivers\MiniIcpt.sys
10:29:21.0760 3016 GDMnIcpt - ok
10:29:21.0776 3016 gdwfpcd (fc9b3d24e18d08200f31aa3bace42f6a) C:\Windows\system32\DRIVERS\gdwfpcd64.sys
10:29:21.0776 3016 gdwfpcd - ok
10:29:21.0791 3016 GearAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\drivers\GEARAspiWDM.sys
10:29:21.0791 3016 GearAspiWDM - ok
10:29:21.0838 3016 GRD (ffa07d1d1d7f16d5a08846a28aff59ef) C:\Windows\system32\drivers\GRD.sys
10:29:21.0838 3016 GRD - ok
10:29:21.0916 3016 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
10:29:21.0947 3016 HCW85BDA - ok
10:29:21.0963 3016 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:29:21.0963 3016 hcw85cir - ok
10:29:21.0994 3016 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:29:21.0994 3016 HdAudAddService - ok
10:29:22.0025 3016 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:29:22.0025 3016 HDAudBus - ok
10:29:22.0025 3016 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:29:22.0025 3016 HidBatt - ok
10:29:22.0041 3016 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:29:22.0041 3016 HidBth - ok
10:29:22.0056 3016 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:29:22.0056 3016 HidIr - ok
10:29:22.0088 3016 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:29:22.0088 3016 HidUsb - ok
10:29:22.0103 3016 HookCentre (3440d5c74edd0792a6aa943d1be985e2) C:\Windows\system32\drivers\HookCentre.sys
10:29:22.0103 3016 HookCentre - ok
10:29:22.0119 3016 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:29:22.0134 3016 HpSAMD - ok
10:29:22.0166 3016 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:29:22.0166 3016 HTTP - ok
10:29:22.0197 3016 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:29:22.0197 3016 hwpolicy - ok
10:29:22.0212 3016 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:29:22.0212 3016 i8042prt - ok
10:29:22.0244 3016 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:29:22.0244 3016 iaStor - ok
10:29:22.0290 3016 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:29:22.0290 3016 iaStorV - ok
10:29:22.0384 3016 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:29:22.0493 3016 igfx - ok
10:29:22.0524 3016 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:29:22.0524 3016 iirsp - ok
10:29:22.0587 3016 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
10:29:22.0602 3016 IntcAzAudAddService - ok
10:29:22.0634 3016 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:29:22.0634 3016 intelide - ok
10:29:22.0649 3016 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:29:22.0649 3016 intelppm - ok
10:29:22.0665 3016 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:29:22.0665 3016 IpFilterDriver - ok
10:29:22.0680 3016 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:29:22.0680 3016 IPMIDRV - ok
10:29:22.0696 3016 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:29:22.0696 3016 IPNAT - ok
10:29:22.0727 3016 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:29:22.0743 3016 IRENUM - ok
10:29:22.0758 3016 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:29:22.0758 3016 isapnp - ok
10:29:22.0774 3016 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:29:22.0774 3016 iScsiPrt - ok
10:29:22.0805 3016 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:29:22.0805 3016 kbdclass - ok
10:29:22.0821 3016 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:29:22.0821 3016 kbdhid - ok
10:29:22.0868 3016 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
10:29:22.0868 3016 KSecDD - ok
10:29:22.0899 3016 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
10:29:22.0899 3016 KSecPkg - ok
10:29:22.0914 3016 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:29:22.0914 3016 ksthunk - ok
10:29:22.0961 3016 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
10:29:22.0961 3016 lirsgt - ok
10:29:22.0992 3016 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:29:22.0992 3016 lltdio - ok
10:29:23.0008 3016 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:29:23.0024 3016 LSI_FC - ok
10:29:23.0024 3016 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:29:23.0039 3016 LSI_SAS - ok
10:29:23.0039 3016 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:29:23.0055 3016 LSI_SAS2 - ok
10:29:23.0070 3016 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:29:23.0086 3016 LSI_SCSI - ok
10:29:23.0086 3016 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:29:23.0102 3016 luafv - ok
10:29:23.0133 3016 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:29:23.0133 3016 megasas - ok
10:29:23.0148 3016 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:29:23.0164 3016 MegaSR - ok
10:29:23.0180 3016 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:29:23.0180 3016 Modem - ok
10:29:23.0211 3016 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:29:23.0211 3016 monitor - ok
10:29:23.0226 3016 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:29:23.0226 3016 mouclass - ok
10:29:23.0258 3016 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:29:23.0258 3016 mouhid - ok
10:29:23.0289 3016 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:29:23.0289 3016 mountmgr - ok
10:29:23.0304 3016 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:29:23.0304 3016 mpio - ok
10:29:23.0320 3016 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:29:23.0320 3016 mpsdrv - ok
10:29:23.0351 3016 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:29:23.0351 3016 MRxDAV - ok
10:29:23.0382 3016 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:29:23.0382 3016 mrxsmb - ok
10:29:23.0398 3016 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:29:23.0414 3016 mrxsmb10 - ok
10:29:23.0429 3016 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:29:23.0429 3016 mrxsmb20 - ok
10:29:23.0445 3016 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:29:23.0445 3016 msahci - ok
10:29:23.0460 3016 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:29:23.0460 3016 msdsm - ok
10:29:23.0492 3016 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:29:23.0492 3016 Msfs - ok
10:29:23.0507 3016 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:29:23.0507 3016 mshidkmdf - ok
10:29:23.0523 3016 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:29:23.0523 3016 msisadrv - ok
10:29:23.0554 3016 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:29:23.0554 3016 MSKSSRV - ok
10:29:23.0570 3016 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:29:23.0570 3016 MSPCLOCK - ok
10:29:23.0585 3016 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:29:23.0601 3016 MSPQM - ok
10:29:23.0616 3016 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:29:23.0616 3016 MsRPC - ok
10:29:23.0648 3016 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:29:23.0648 3016 mssmbios - ok
10:29:23.0663 3016 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:29:23.0663 3016 MSTEE - ok
10:29:23.0679 3016 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:29:23.0679 3016 MTConfig - ok
10:29:23.0694 3016 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:29:23.0694 3016 Mup - ok
10:29:23.0741 3016 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:29:23.0741 3016 mwlPSDFilter - ok
10:29:23.0757 3016 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:29:23.0757 3016 mwlPSDNServ - ok
10:29:23.0772 3016 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:29:23.0772 3016 mwlPSDVDisk - ok
10:29:23.0804 3016 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:29:23.0804 3016 NativeWifiP - ok
10:29:23.0835 3016 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:29:23.0850 3016 NDIS - ok
10:29:23.0866 3016 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:29:23.0866 3016 NdisCap - ok
10:29:23.0882 3016 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:29:23.0882 3016 NdisTapi - ok
10:29:23.0913 3016 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:29:23.0913 3016 Ndisuio - ok
10:29:23.0913 3016 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:29:23.0928 3016 NdisWan - ok
10:29:23.0975 3016 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:29:23.0975 3016 NDProxy - ok
10:29:24.0006 3016 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:29:24.0006 3016 NetBIOS - ok
10:29:24.0022 3016 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:29:24.0038 3016 NetBT - ok
10:29:24.0084 3016 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:29:24.0084 3016 nfrd960 - ok
10:29:24.0100 3016 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:29:24.0100 3016 Npfs - ok
10:29:24.0116 3016 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:29:24.0116 3016 nsiproxy - ok
10:29:24.0178 3016 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:29:24.0209 3016 Ntfs - ok
10:29:24.0225 3016 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:29:24.0225 3016 Null - ok
10:29:24.0256 3016 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
10:29:24.0272 3016 NVHDA - ok
10:29:24.0428 3016 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:29:24.0490 3016 nvlddmkm - ok
10:29:24.0521 3016 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:29:24.0537 3016 nvraid - ok
10:29:24.0552 3016 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:29:24.0568 3016 nvstor - ok
10:29:24.0599 3016 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:29:24.0599 3016 nv_agp - ok
10:29:24.0615 3016 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:29:24.0615 3016 ohci1394 - ok
10:29:24.0662 3016 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:29:24.0662 3016 Parport - ok
10:29:24.0693 3016 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:29:24.0693 3016 partmgr - ok
10:29:24.0708 3016 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:29:24.0708 3016 pci - ok
10:29:24.0724 3016 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:29:24.0724 3016 pciide - ok
10:29:24.0755 3016 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:29:24.0755 3016 pcmcia - ok
10:29:24.0771 3016 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:29:24.0771 3016 pcw - ok
10:29:24.0786 3016 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:29:24.0802 3016 PEAUTH - ok
10:29:24.0833 3016 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:29:24.0833 3016 PptpMiniport - ok
10:29:24.0864 3016 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:29:24.0864 3016 Processor - ok
10:29:24.0911 3016 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:29:24.0911 3016 Psched - ok
10:29:24.0958 3016 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:29:24.0974 3016 ql2300 - ok
10:29:25.0005 3016 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:29:25.0005 3016 ql40xx - ok
10:29:25.0020 3016 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:29:25.0020 3016 QWAVEdrv - ok
10:29:25.0052 3016 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:29:25.0052 3016 RasAcd - ok
10:29:25.0067 3016 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:29:25.0067 3016 RasAgileVpn - ok
10:29:25.0083 3016 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:25.0098 3016 Rasl2tp - ok
10:29:25.0114 3016 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:25.0114 3016 RasPppoe - ok
10:29:25.0130 3016 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:29:25.0130 3016 RasSstp - ok
10:29:25.0145 3016 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:29:25.0161 3016 rdbss - ok
10:29:25.0176 3016 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:29:25.0176 3016 rdpbus - ok
10:29:25.0192 3016 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:25.0192 3016 RDPCDD - ok
10:29:25.0208 3016 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:29:25.0208 3016 RDPENCDD - ok
10:29:25.0223 3016 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:29:25.0223 3016 RDPREFMP - ok
10:29:25.0239 3016 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:29:25.0239 3016 RDPWD - ok
10:29:25.0301 3016 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:29:25.0301 3016 rdyboost - ok
10:29:25.0348 3016 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:29:25.0348 3016 rspndr - ok
10:29:25.0379 3016 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:29:25.0379 3016 sbp2port - ok
10:29:25.0395 3016 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:29:25.0395 3016 scfilter - ok
10:29:25.0410 3016 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:29:25.0410 3016 secdrv - ok
10:29:25.0442 3016 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:29:25.0442 3016 Serenum - ok
10:29:25.0457 3016 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:29:25.0457 3016 Serial - ok
10:29:25.0473 3016 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:29:25.0488 3016 sermouse - ok
10:29:25.0504 3016 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:29:25.0504 3016 sffdisk - ok
10:29:25.0504 3016 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:29:25.0504 3016 sffp_mmc - ok
10:29:25.0520 3016 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:29:25.0520 3016 sffp_sd - ok
10:29:25.0535 3016 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:29:25.0535 3016 sfloppy - ok
10:29:25.0566 3016 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:29:25.0566 3016 SiSRaid2 - ok
10:29:25.0582 3016 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:29:25.0582 3016 SiSRaid4 - ok
10:29:25.0598 3016 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:29:25.0598 3016 Smb - ok
10:29:25.0629 3016 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:29:25.0629 3016 spldr - ok
10:29:25.0691 3016 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
10:29:25.0691 3016 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
10:29:25.0691 3016 sptd ( LockedFile.Multi.Generic ) - warning
10:29:25.0691 3016 sptd - detected LockedFile.Multi.Generic (1)
10:29:25.0722 3016 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:29:25.0722 3016 srv - ok
10:29:25.0754 3016 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:29:25.0769 3016 srv2 - ok
10:29:25.0800 3016 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:29:25.0800 3016 srvnet - ok
10:29:25.0832 3016 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:29:25.0832 3016 stexstor - ok
10:29:25.0847 3016 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:29:25.0847 3016 swenum - ok
10:29:25.0925 3016 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
10:29:25.0956 3016 Tcpip - ok
10:29:26.0003 3016 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
10:29:26.0003 3016 TCPIP6 - ok
10:29:26.0019 3016 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:29:26.0019 3016 tcpipreg - ok
10:29:26.0050 3016 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:29:26.0050 3016 TDPIPE - ok
10:29:26.0066 3016 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:29:26.0066 3016 TDTCP - ok
10:29:26.0097 3016 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:29:26.0097 3016 tdx - ok
10:29:26.0112 3016 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:29:26.0112 3016 TermDD - ok
10:29:26.0144 3016 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:29:26.0144 3016 tssecsrv - ok
10:29:26.0159 3016 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:29:26.0175 3016 tunnel - ok
10:29:26.0175 3016 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:29:26.0175 3016 uagp35 - ok
10:29:26.0206 3016 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:29:26.0206 3016 udfs - ok
10:29:26.0237 3016 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:29:26.0237 3016 uliagpkx - ok
10:29:26.0253 3016 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:29:26.0253 3016 umbus - ok
10:29:26.0268 3016 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:29:26.0268 3016 UmPass - ok
10:29:26.0315 3016 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
10:29:26.0315 3016 USBAAPL64 - ok
10:29:26.0346 3016 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:29:26.0346 3016 usbaudio - ok
10:29:26.0378 3016 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
10:29:26.0378 3016 usbccgp - ok
10:29:26.0393 3016 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:29:26.0393 3016 usbcir - ok
10:29:26.0424 3016 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
10:29:26.0424 3016 usbehci - ok
10:29:26.0456 3016 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
10:29:26.0456 3016 usbhub - ok
10:29:26.0487 3016 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
10:29:26.0487 3016 usbohci - ok
10:29:26.0518 3016 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:29:26.0518 3016 usbprint - ok
10:29:26.0549 3016 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:29:26.0549 3016 USBSTOR - ok
10:29:26.0565 3016 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:29:26.0565 3016 usbuhci - ok
10:29:26.0612 3016 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
10:29:26.0612 3016 usbvideo - ok
10:29:26.0627 3016 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:29:26.0643 3016 vdrvroot - ok
10:29:26.0658 3016 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:29:26.0658 3016 vga - ok
10:29:26.0690 3016 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:29:26.0690 3016 VgaSave - ok
10:29:26.0705 3016 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:29:26.0705 3016 vhdmp - ok
10:29:26.0721 3016 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:29:26.0721 3016 viaide - ok
10:29:26.0752 3016 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:29:26.0752 3016 volmgr - ok
10:29:26.0768 3016 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:29:26.0783 3016 volmgrx - ok
10:29:26.0799 3016 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:29:26.0799 3016 volsnap - ok
10:29:26.0830 3016 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:29:26.0830 3016 vsmraid - ok
10:29:26.0846 3016 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:29:26.0846 3016 vwifibus - ok
10:29:26.0861 3016 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:29:26.0861 3016 WacomPen - ok
10:29:26.0892 3016 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:26.0892 3016 WANARP - ok
10:29:26.0892 3016 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:26.0892 3016 Wanarpv6 - ok
10:29:26.0939 3016 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:29:26.0939 3016 Wd - ok
10:29:26.0970 3016 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:29:26.0986 3016 Wdf01000 - ok
10:29:27.0017 3016 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:29:27.0017 3016 WfpLwf - ok
10:29:27.0033 3016 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:29:27.0033 3016 WIMMount - ok
10:29:27.0080 3016 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:29:27.0080 3016 WinUsb - ok
10:29:27.0111 3016 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:29:27.0111 3016 WmiAcpi - ok
10:29:27.0126 3016 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:29:27.0142 3016 ws2ifsl - ok
10:29:27.0158 3016 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:29:27.0158 3016 WudfPf - ok
10:29:27.0189 3016 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:29:27.0189 3016 WUDFRd - ok
10:29:27.0251 3016 X6va005 - ok
10:29:27.0298 3016 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
10:29:27.0298 3016 xusb21 - ok
10:29:27.0314 3016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:29:27.0329 3016 \Device\Harddisk0\DR0 - ok
10:29:27.0329 3016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
10:29:36.0065 3016 \Device\Harddisk6\DR6 - ok
10:29:36.0065 3016 Boot (0x1200) (a6c80b6233b05ecc62d5daa114d7bcb7) \Device\Harddisk0\DR0\Partition0
10:29:36.0065 3016 \Device\Harddisk0\DR0\Partition0 - ok
10:29:36.0096 3016 Boot (0x1200) (6ce03dc9539c9cf4b1c20652d1784b46) \Device\Harddisk0\DR0\Partition1
10:29:36.0096 3016 \Device\Harddisk0\DR0\Partition1 - ok
10:29:36.0128 3016 Boot (0x1200) (6e5027ad1699582a47c20c13eefd8599) \Device\Harddisk0\DR0\Partition2
10:29:36.0128 3016 \Device\Harddisk0\DR0\Partition2 - ok
10:29:36.0128 3016 Boot (0x1200) (2dc841509509d9182077ba8670f111ed) \Device\Harddisk6\DR6\Partition0
10:29:36.0128 3016 \Device\Harddisk6\DR6\Partition0 - ok
10:29:36.0128 3016 ============================================================
10:29:36.0128 3016 Scan finished
10:29:36.0128 3016 ============================================================
10:29:36.0143 0440 Detected object count: 1
10:29:36.0143 0440 Actual detected object count: 1
10:31:16.0140 0440 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:31:16.0140 0440 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:32:46.0355 0428 ============================================================
10:32:46.0355 0428 Scan started
10:32:46.0355 0428 Mode: Manual; SigCheck; TDLFS;
10:32:46.0355 0428 ============================================================
10:32:46.0511 0428 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:32:46.0621 0428 1394ohci - ok
10:32:46.0667 0428 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:32:46.0683 0428 ACPI - ok
10:32:46.0699 0428 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:32:46.0792 0428 AcpiPmi - ok
10:32:46.0839 0428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:32:46.0855 0428 adp94xx - ok
10:32:46.0870 0428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:32:46.0886 0428 adpahci - ok
10:32:46.0901 0428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:32:46.0917 0428 adpu320 - ok
10:32:46.0933 0428 Afc - ok
10:32:46.0964 0428 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
10:32:47.0042 0428 AFD - ok
10:32:47.0057 0428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:32:47.0057 0428 agp440 - ok
10:32:47.0089 0428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:32:47.0104 0428 aliide - ok
10:32:47.0120 0428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:32:47.0120 0428 amdide - ok
10:32:47.0182 0428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:32:47.0229 0428 AmdK8 - ok
10:32:47.0260 0428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:32:47.0307 0428 AmdPPM - ok
10:32:47.0354 0428 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
10:32:47.0354 0428 amdsata - ok
10:32:47.0369 0428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:32:47.0385 0428 amdsbs - ok
10:32:47.0416 0428 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
10:32:47.0432 0428 amdxata - ok
10:32:47.0447 0428 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:32:47.0525 0428 AppID - ok
10:32:47.0557 0428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:32:47.0572 0428 arc - ok
10:32:47.0588 0428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:32:47.0603 0428 arcsas - ok
10:32:47.0619 0428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:32:47.0744 0428 AsyncMac - ok
10:32:47.0759 0428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:32:47.0775 0428 atapi - ok
10:32:47.0822 0428 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
10:32:47.0853 0428 atksgt - ok
10:32:47.0915 0428 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
10:32:47.0915 0428 avmeject - ok
10:32:47.0947 0428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:32:48.0009 0428 b06bdrv - ok
10:32:48.0040 0428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:32:48.0056 0428 b57nd60a - ok
10:32:48.0071 0428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:32:48.0134 0428 Beep - ok
10:32:48.0165 0428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:32:48.0212 0428 blbdrive - ok
10:32:48.0243 0428 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:32:48.0321 0428 bowser - ok
10:32:48.0337 0428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:32:48.0368 0428 BrFiltLo - ok
10:32:48.0368 0428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:32:48.0415 0428 BrFiltUp - ok
10:32:48.0446 0428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:32:48.0477 0428 Brserid - ok
10:32:48.0477 0428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:32:48.0539 0428 BrSerWdm - ok
10:32:48.0539 0428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:32:48.0586 0428 BrUsbMdm - ok
10:32:48.0617 0428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:32:48.0633 0428 BrUsbSer - ok
10:32:48.0649 0428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:32:48.0695 0428 BTHMODEM - ok
10:32:48.0727 0428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:32:48.0773 0428 cdfs - ok
10:32:48.0805 0428 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:32:48.0836 0428 cdrom - ok
10:32:48.0867 0428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:32:48.0883 0428 circlass - ok
10:32:48.0914 0428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:32:48.0929 0428 CLFS - ok
10:32:48.0961 0428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:32:48.0976 0428 CmBatt - ok
10:32:48.0992 0428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:32:49.0007 0428 cmdide - ok
10:32:49.0023 0428 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
10:32:49.0039 0428 CNG - ok
10:32:49.0054 0428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:32:49.0070 0428 Compbatt - ok
10:32:49.0085 0428 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:32:49.0101 0428 CompositeBus - ok
10:32:49.0132 0428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:32:49.0132 0428 crcdisk - ok
10:32:49.0179 0428 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:32:49.0226 0428 DfsC - ok
10:32:49.0257 0428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:32:49.0304 0428 discache - ok
10:32:49.0335 0428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:32:49.0351 0428 Disk - ok
10:32:49.0382 0428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:32:49.0413 0428 drmkaud - ok
10:32:49.0444 0428 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:32:49.0475 0428 DXGKrnl - ok
10:32:49.0507 0428 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
10:32:49.0507 0428 e1yexpress - ok
10:32:49.0585 0428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:32:49.0631 0428 ebdrv - ok
10:32:49.0678 0428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:32:49.0694 0428 elxstor - ok
10:32:49.0709 0428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:32:49.0772 0428 ErrDev - ok
10:32:49.0803 0428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:32:49.0850 0428 exfat - ok
10:32:49.0881 0428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:32:49.0943 0428 fastfat - ok
10:32:49.0959 0428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:32:49.0975 0428 fdc - ok
10:32:50.0006 0428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:32:50.0021 0428 FileInfo - ok
10:32:50.0021 0428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:32:50.0115 0428 Filetrace - ok
10:32:50.0131 0428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:32:50.0177 0428 flpydisk - ok
10:32:50.0209 0428 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:32:50.0224 0428 FltMgr - ok
10:32:50.0240 0428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:32:50.0255 0428 FsDepends - ok
10:32:50.0271 0428 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:32:50.0287 0428 Fs_Rec - ok
10:32:50.0318 0428 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:32:50.0333 0428 fvevol - ok
10:32:50.0365 0428 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
10:32:50.0396 0428 FWLANUSB ( UnsignedFile.Multi.Generic ) - warning
10:32:50.0396 0428 FWLANUSB - detected UnsignedFile.Multi.Generic (1)
10:32:50.0427 0428 fwlanusbn (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
10:32:50.0505 0428 fwlanusbn - ok
10:32:50.0521 0428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:32:50.0536 0428 gagp30kx - ok
10:32:50.0552 0428 GDBehave (98c64a79d282a6d043d8c9447ce0ad8c) C:\Windows\system32\drivers\GDBehave.sys
10:32:50.0567 0428 GDBehave - ok
10:32:50.0583 0428 GDMnIcpt (001d282b8a56c0fb94d14033f5f94eed) C:\Windows\system32\drivers\MiniIcpt.sys
10:32:50.0599 0428 GDMnIcpt - ok
10:32:50.0614 0428 gdwfpcd (fc9b3d24e18d08200f31aa3bace42f6a) C:\Windows\system32\DRIVERS\gdwfpcd64.sys
10:32:50.0614 0428 gdwfpcd - ok
10:32:50.0645 0428 GearAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\drivers\GEARAspiWDM.sys
10:32:50.0645 0428 GearAspiWDM - ok
10:32:50.0677 0428 GRD (ffa07d1d1d7f16d5a08846a28aff59ef) C:\Windows\system32\drivers\GRD.sys
10:32:50.0692 0428 GRD - ok
10:32:50.0739 0428 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
10:32:50.0786 0428 HCW85BDA - ok
10:32:50.0801 0428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:32:50.0864 0428 hcw85cir - ok
10:32:50.0895 0428 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:32:50.0926 0428 HdAudAddService - ok
10:32:50.0957 0428 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:32:51.0004 0428 HDAudBus - ok
10:32:51.0020 0428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:32:51.0035 0428 HidBatt - ok
10:32:51.0035 0428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:32:51.0067 0428 HidBth - ok
10:32:51.0082 0428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:32:51.0098 0428 HidIr - ok
10:32:51.0113 0428 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:32:51.0160 0428 HidUsb - ok
10:32:51.0207 0428 HookCentre (3440d5c74edd0792a6aa943d1be985e2) C:\Windows\system32\drivers\HookCentre.sys
10:32:51.0207 0428 HookCentre - ok
10:32:51.0238 0428 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:32:51.0238 0428 HpSAMD - ok
10:32:51.0269 0428 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:32:51.0301 0428 HTTP - ok
10:32:51.0316 0428 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:32:51.0332 0428 hwpolicy - ok
10:32:51.0347 0428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:32:51.0347 0428 i8042prt - ok
10:32:51.0394 0428 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:32:51.0410 0428 iaStor - ok
10:32:51.0441 0428 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:32:51.0457 0428 iaStorV - ok
10:32:51.0550 0428 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:32:51.0644 0428 igfx - ok
10:32:51.0691 0428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:32:51.0691 0428 iirsp - ok
10:32:51.0753 0428 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
10:32:51.0784 0428 IntcAzAudAddService - ok
10:32:51.0800 0428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:32:51.0815 0428 intelide - ok
10:32:51.0831 0428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:32:51.0862 0428 intelppm - ok
10:32:51.0893 0428 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:32:51.0956 0428 IpFilterDriver - ok
10:32:51.0971 0428 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:32:51.0987 0428 IPMIDRV - ok
10:32:52.0003 0428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:32:52.0049 0428 IPNAT - ok
10:32:52.0081 0428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:32:52.0096 0428 IRENUM - ok
10:32:52.0127 0428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:32:52.0127 0428 isapnp - ok
10:32:52.0159 0428 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:32:52.0174 0428 iScsiPrt - ok
10:32:52.0190 0428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:32:52.0205 0428 kbdclass - ok
10:32:52.0221 0428 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:32:52.0252 0428 kbdhid - ok
10:32:52.0268 0428 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
10:32:52.0283 0428 KSecDD - ok
10:32:52.0315 0428 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
10:32:52.0315 0428 KSecPkg - ok
10:32:52.0330 0428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:32:52.0361 0428 ksthunk - ok
10:32:52.0393 0428 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
10:32:52.0408 0428 lirsgt - ok
10:32:52.0408 0428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:32:52.0471 0428 lltdio - ok
10:32:52.0517 0428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:32:52.0533 0428 LSI_FC - ok
10:32:52.0549 0428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:32:52.0564 0428 LSI_SAS - ok
10:32:52.0580 0428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:32:52.0595 0428 LSI_SAS2 - ok
10:32:52.0611 0428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:32:52.0627 0428 LSI_SCSI - ok
10:32:52.0627 0428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:32:52.0673 0428 luafv - ok
10:32:52.0689 0428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:32:52.0689 0428 megasas - ok
10:32:52.0720 0428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:32:52.0736 0428 MegaSR - ok
10:32:52.0751 0428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:32:52.0814 0428 Modem - ok
10:32:52.0845 0428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:32:52.0892 0428 monitor - ok
10:32:52.0923 0428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:32:52.0923 0428 mouclass - ok
10:32:52.0939 0428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:32:52.0985 0428 mouhid - ok
10:32:53.0017 0428 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:32:53.0032 0428 mountmgr - ok
10:32:53.0048 0428 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:32:53.0063 0428 mpio - ok
10:32:53.0063 0428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:32:53.0126 0428 mpsdrv - ok
10:32:53.0173 0428 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:32:53.0204 0428 MRxDAV - ok
10:32:53.0235 0428 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:32:53.0266 0428 mrxsmb - ok
10:32:53.0282 0428 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:32:53.0329 0428 mrxsmb10 - ok
10:32:53.0360 0428 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:32:53.0391 0428 mrxsmb20 - ok
10:32:53.0422 0428 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:32:53.0438 0428 msahci - ok
10:32:53.0438 0428 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:32:53.0453 0428 msdsm - ok
10:32:53.0485 0428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:32:53.0531 0428 Msfs - ok
10:32:53.0563 0428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:32:53.0625 0428 mshidkmdf - ok
10:32:53.0656 0428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:32:53.0672 0428 msisadrv - ok
10:32:53.0687 0428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:32:53.0750 0428 MSKSSRV - ok
10:32:53.0781 0428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:32:53.0843 0428 MSPCLOCK - ok
10:32:53.0875 0428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:32:53.0921 0428 MSPQM - ok
10:32:53.0968 0428 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:32:53.0984 0428 MsRPC - ok
10:32:53.0999 0428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:32:54.0015 0428 mssmbios - ok
10:32:54.0031 0428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:32:54.0062 0428 MSTEE - ok
10:32:54.0077 0428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:32:54.0109 0428 MTConfig - ok
10:32:54.0140 0428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:32:54.0140 0428 Mup - ok
10:32:54.0171 0428 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:32:54.0187 0428 mwlPSDFilter - ok
10:32:54.0187 0428 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:32:54.0202 0428 mwlPSDNServ - ok
10:32:54.0218 0428 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:32:54.0233 0428 mwlPSDVDisk - ok
10:32:54.0265 0428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:32:54.0296 0428 NativeWifiP - ok
10:32:54.0343 0428 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:32:54.0358 0428 NDIS - ok
10:32:54.0389 0428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:32:54.0421 0428 NdisCap - ok
10:32:54.0436 0428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:32:54.0467 0428 NdisTapi - ok
10:32:54.0483 0428 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:32:54.0530 0428 Ndisuio - ok
10:32:54.0545 0428 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:32:54.0592 0428 NdisWan - ok
10:32:54.0608 0428 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:32:54.0670 0428 NDProxy - ok
10:32:54.0701 0428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:32:54.0764 0428 NetBIOS - ok
10:32:54.0795 0428 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:32:54.0842 0428 NetBT - ok
10:32:54.0857 0428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:32:54.0873 0428 nfrd960 - ok
10:32:54.0873 0428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:32:54.0920 0428 Npfs - ok
10:32:54.0951 0428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:32:54.0998 0428 nsiproxy - ok
10:32:55.0060 0428 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:32:55.0091 0428 Ntfs - ok
10:32:55.0107 0428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:32:55.0154 0428 Null - ok
10:32:55.0185 0428 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
10:32:55.0185 0428 NVHDA - ok
10:32:55.0357 0428 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:32:55.0513 0428 nvlddmkm - ok
10:32:55.0544 0428 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:32:55.0559 0428 nvraid - ok
10:32:55.0575 0428 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:32:55.0591 0428 nvstor - ok
10:32:55.0606 0428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:32:55.0622 0428 nv_agp - ok
10:32:55.0637 0428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:32:55.0669 0428 ohci1394 - ok
10:32:55.0700 0428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:32:55.0747 0428 Parport - ok
10:32:55.0778 0428 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:32:55.0793 0428 partmgr - ok
10:32:55.0809 0428 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:32:55.0825 0428 pci - ok
10:32:55.0825 0428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:32:55.0840 0428 pciide - ok
10:32:55.0856 0428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:32:55.0871 0428 pcmcia - ok
10:32:55.0887 0428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:32:55.0903 0428 pcw - ok
10:32:55.0918 0428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:32:55.0981 0428 PEAUTH - ok
10:32:56.0043 0428 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:32:56.0137 0428 PptpMiniport - ok
10:32:56.0168 0428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:32:56.0199 0428 Processor - ok
10:32:56.0246 0428 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:32:56.0277 0428 Psched - ok
10:32:56.0308 0428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:32:56.0339 0428 ql2300 - ok
10:32:56.0355 0428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:32:56.0371 0428 ql40xx - ok
10:32:56.0386 0428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:32:56.0402 0428 QWAVEdrv - ok
10:32:56.0417 0428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:32:56.0449 0428 RasAcd - ok
10:32:56.0464 0428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:32:56.0495 0428 RasAgileVpn - ok
10:32:56.0511 0428 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:32:56.0573 0428 Rasl2tp - ok
10:32:56.0605 0428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:32:56.0667 0428 RasPppoe - ok
10:32:56.0698 0428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:32:56.0729 0428 RasSstp - ok
10:32:56.0745 0428 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:32:56.0807 0428 rdbss - ok
10:32:56.0839 0428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:32:56.0870 0428 rdpbus - ok
10:32:56.0901 0428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:32:56.0932 0428 RDPCDD - ok
10:32:56.0963 0428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:32:56.0995 0428 RDPENCDD - ok
10:32:57.0010 0428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:32:57.0041 0428 RDPREFMP - ok
10:32:57.0057 0428 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:32:57.0104 0428 RDPWD - ok
10:32:57.0119 0428 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:32:57.0135 0428 rdyboost - ok
10:32:57.0166 0428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:32:57.0213 0428 rspndr - ok
10:32:57.0260 0428 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:32:57.0275 0428 sbp2port - ok
10:32:57.0275 0428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:32:57.0338 0428 scfilter - ok
10:32:57.0353 0428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:32:57.0385 0428 secdrv - ok
10:32:57.0431 0428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:32:57.0447 0428 Serenum - ok
10:32:57.0463 0428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:32:57.0509 0428 Serial - ok
10:32:57.0525 0428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:32:57.0572 0428 sermouse - ok
10:32:57.0587 0428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:32:57.0619 0428 sffdisk - ok
10:32:57.0634 0428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:32:57.0665 0428 sffp_mmc - ok
10:32:57.0665 0428 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:32:57.0712 0428 sffp_sd - ok
10:32:57.0712 0428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:32:57.0743 0428 sfloppy - ok
10:32:57.0775 0428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:32:57.0790 0428 SiSRaid2 - ok
10:32:57.0806 0428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:32:57.0821 0428 SiSRaid4 - ok
10:32:57.0821 0428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:32:57.0884 0428 Smb - ok
10:32:57.0899 0428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:32:57.0915 0428 spldr - ok
10:32:57.0962 0428 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
10:32:57.0962 0428 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
10:32:57.0962 0428 sptd ( LockedFile.Multi.Generic ) - warning
10:32:57.0962 0428 sptd - detected LockedFile.Multi.Generic (1)
10:32:57.0993 0428 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:32:58.0040 0428 srv - ok
10:32:58.0071 0428 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:32:58.0102 0428 srv2 - ok
10:32:58.0149 0428 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:32:58.0165 0428 srvnet - ok
10:32:58.0196 0428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:32:58.0196 0428 stexstor - ok
10:32:58.0243 0428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:32:58.0243 0428 swenum - ok
10:32:58.0305 0428 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
10:32:58.0336 0428 Tcpip - ok
10:32:58.0383 0428 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
10:32:58.0414 0428 TCPIP6 - ok
10:32:58.0430 0428 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:32:58.0492 0428 tcpipreg - ok
10:32:58.0523 0428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:32:58.0586 0428 TDPIPE - ok
10:32:58.0617 0428 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:32:58.0648 0428 TDTCP - ok
10:32:58.0679 0428 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:32:58.0711 0428 tdx - ok
10:32:58.0711 0428 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:32:58.0726 0428 TermDD - ok
10:32:58.0757 0428 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:32:58.0820 0428 tssecsrv - ok
10:32:58.0851 0428 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:32:58.0882 0428 tunnel - ok
10:32:58.0913 0428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:32:58.0929 0428 uagp35 - ok
10:32:58.0945 0428 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:32:58.0991 0428 udfs - ok
10:32:59.0007 0428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:32:59.0023 0428 uliagpkx - ok
10:32:59.0038 0428 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:32:59.0054 0428 umbus - ok
10:32:59.0069 0428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:32:59.0085 0428 UmPass - ok
10:32:59.0116 0428 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
10:32:59.0179 0428 USBAAPL64 - ok
10:32:59.0194 0428 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:32:59.0225 0428 usbaudio - ok
10:32:59.0257 0428 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
10:32:59.0303 0428 usbccgp - ok
10:32:59.0319 0428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:32:59.0335 0428 usbcir - ok
10:32:59.0350 0428 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
10:32:59.0397 0428 usbehci - ok
10:32:59.0428 0428 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
10:32:59.0444 0428 usbhub - ok
10:32:59.0475 0428 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
10:32:59.0506 0428 usbohci - ok
10:32:59.0537 0428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:32:59.0569 0428 usbprint - ok
10:32:59.0615 0428 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:32:59.0647 0428 USBSTOR - ok
10:32:59.0647 0428 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:32:59.0693 0428 usbuhci - ok
10:32:59.0725 0428 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
10:32:59.0787 0428 usbvideo - ok
10:32:59.0803 0428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:32:59.0818 0428 vdrvroot - ok
10:32:59.0834 0428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:32:59.0849 0428 vga - ok
10:32:59.0865 0428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:32:59.0896 0428 VgaSave - ok
10:32:59.0912 0428 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:32:59.0927 0428 vhdmp - ok
10:32:59.0943 0428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:32:59.0959 0428 viaide - ok
10:32:59.0974 0428 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:32:59.0990 0428 volmgr - ok
10:33:00.0005 0428 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:33:00.0021 0428 volmgrx - ok
10:33:00.0052 0428 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:33:00.0068 0428 volsnap - ok
10:33:00.0083 0428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:33:00.0099 0428 vsmraid - ok
10:33:00.0099 0428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:33:00.0130 0428 vwifibus - ok
10:33:00.0161 0428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:33:00.0177 0428 WacomPen - ok
10:33:00.0208 0428 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:33:00.0239 0428 WANARP - ok
10:33:00.0239 0428 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:33:00.0271 0428 Wanarpv6 - ok
10:33:00.0302 0428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:33:00.0317 0428 Wd - ok
10:33:00.0349 0428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:33:00.0364 0428 Wdf01000 - ok
10:33:00.0380 0428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:33:00.0411 0428 WfpLwf - ok
10:33:00.0442 0428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:33:00.0458 0428 WIMMount - ok
10:33:00.0489 0428 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:33:00.0505 0428 WinUsb - ok
10:33:00.0520 0428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:33:00.0551 0428 WmiAcpi - ok
10:33:00.0583 0428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:33:00.0614 0428 ws2ifsl - ok
10:33:00.0661 0428 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:33:00.0692 0428 WudfPf - ok
10:33:00.0707 0428 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:33:00.0754 0428 WUDFRd - ok
10:33:00.0801 0428 X6va005 - ok
10:33:00.0832 0428 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
10:33:00.0895 0428 xusb21 - ok
10:33:00.0910 0428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:33:01.0004 0428 \Device\Harddisk0\DR0 - ok
10:33:01.0019 0428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
10:33:09.0880 0428 \Device\Harddisk6\DR6 - ok
10:33:09.0880 0428 Boot (0x1200) (a6c80b6233b05ecc62d5daa114d7bcb7) \Device\Harddisk0\DR0\Partition0
10:33:09.0880 0428 \Device\Harddisk0\DR0\Partition0 - ok
10:33:09.0911 0428 Boot (0x1200) (6ce03dc9539c9cf4b1c20652d1784b46) \Device\Harddisk0\DR0\Partition1
10:33:09.0911 0428 \Device\Harddisk0\DR0\Partition1 - ok
10:33:09.0927 0428 Boot (0x1200) (6e5027ad1699582a47c20c13eefd8599) \Device\Harddisk0\DR0\Partition2
10:33:09.0943 0428 \Device\Harddisk0\DR0\Partition2 - ok
10:33:09.0943 0428 Boot (0x1200) (2dc841509509d9182077ba8670f111ed) \Device\Harddisk6\DR6\Partition0
10:33:09.0943 0428 \Device\Harddisk6\DR6\Partition0 - ok
10:33:09.0943 0428 ============================================================
10:33:09.0943 0428 Scan finished
10:33:09.0943 0428 ============================================================
10:33:09.0943 4012 Detected object count: 2
10:33:09.0943 4012 Actual detected object count: 2
10:36:37.0797 4012 FWLANUSB ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:37.0797 4012 FWLANUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:37.0797 4012 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:36:37.0797 4012 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
gruß marcus |
|
27.10.2011, 15:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme mit Trojaner/Rootkit CustomScan mit OTL
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
27.10.2011, 17:24
| #3 |
| | Probleme mit Trojaner/Rootkit Hallo Arne schön das du mir hilfst.
__________________hier der log. Code:
ATTFilter OTL logfile created on: 27.10.2011 18:15:17 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marucs\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 75,66% Memory free 12,00 Gb Paging File | 10,27 Gb Available in Paging File | 85,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,95 Gb Total Space | 116,19 Gb Free Space | 16,82% Space Free | Partition Type: NTFS Drive D: | 691,21 Gb Total Space | 415,65 Gb Free Space | 60,13% Space Free | Partition Type: NTFS Drive N: | 465,65 Gb Total Space | 43,61 Gb Free Space | 9,37% Space Free | Partition Type: FAT32 Computer Name: MARUCS-PC | User Name: Marucs | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.27 18:01:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marucs\Desktop\OTL.exe PRC - [2011.09.05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe PRC - [2009.09.18 15:49:08 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe ========== Modules (No Company Name) ========== MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ========== Win32 Services (SafeList) ========== SRV - [2011.10.27 13:30:42 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.09.05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.11.25 03:07:32 | 001,731,504 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.04.27 21:45:36 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2009.12.24 18:24:14 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.12.24 18:10:25 | 000,034,760 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2009.12.23 14:03:44 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2009.12.20 15:00:40 | 000,074,184 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2009.12.20 15:00:38 | 000,042,952 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2009.12.19 00:44:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2009.12.19 00:44:00 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 10:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.26 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.06.12 12:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2009.03.20 02:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV - [2011.02.16 21:25:12 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973d54kj58h892jv77 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973d54kj58h892jv77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973d54kj58h892jv77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.25 18:48:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.04 18:32:52 | 000,000,000 | ---D | M] [2010.06.07 22:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marucs\AppData\Roaming\mozilla\Extensions [2011.10.27 09:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marucs\AppData\Roaming\mozilla\Firefox\Profiles\qjmcquc9.default\extensions [2011.10.27 09:55:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marucs\AppData\Roaming\mozilla\Firefox\Profiles\qjmcquc9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.10.25 18:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.04.29 22:35:41 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.08.01 12:28:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.04 21:36:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.07 21:55:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.23 18:06:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.25 18:56:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MARUCS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QJMCQUC9.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\MARUCS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QJMCQUC9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MARUCS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QJMCQUC9.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C2EE7A-AD2C-45F2-AECB-866D401A5243}: DhcpNameServer = 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF7874E6-2DF9-4703-96E9-8349A4D83BBA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{8200f7ef-ebf2-11de-9b80-0025115a6362}\Shell - "" = AutoRun O33 - MountPoints2\{8200f7ef-ebf2-11de-9b80-0025115a6362}\Shell\AutoRun\command - "" = K:\pushinst.exe O33 - MountPoints2\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\Shell - "" = AutoRun O33 - MountPoints2\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\Shell - "" = AutoRun O33 - MountPoints2\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\Shell\AutoRun\command - "" = K:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: EKIJ5000StatusMonitor - hkey= - key= - C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft) MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.27 18:01:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marucs\Desktop\OTL.exe [2011.10.27 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\Marucs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011.10.27 13:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.10.27 13:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.10.27 13:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.10.27 10:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.10.27 10:21:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Marucs\Desktop\esetsmartinstaller_enu(2).exe [2011.10.27 10:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} [2011.10.27 09:58:40 | 000,000,000 | ---D | C] -- C:\Users\Marucs\AppData\Local\PackageAware [2011.10.26 23:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.10.26 23:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.10.25 23:00:16 | 000,000,000 | ---D | C] -- C:\Users\Marucs\AppData\Roaming\Malwarebytes [2011.10.25 22:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.25 22:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.25 22:57:37 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.10.25 22:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.10.25 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.10.17 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Marucs\Tracing [2011.10.16 19:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.10.16 19:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.10.16 19:26:48 | 000,000,000 | RHSD | C] -- C:\Users\Marucs\M-1-52-5782-8752-5245 [2011.10.02 20:36:54 | 000,000,000 | ---D | C] -- C:\Users\Marucs\AppData\Roaming\TeraCopy [2011.10.02 20:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2011.10.02 20:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy [2009.09.03 10:44:43 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.27 18:01:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marucs\Desktop\OTL.exe [2011.10.27 17:36:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.27 13:33:14 | 000,000,221 | ---- | M] () -- C:\Users\Marucs\Desktop\Call of Duty Black Ops.url [2011.10.27 13:29:10 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011.10.27 10:21:33 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Marucs\Desktop\esetsmartinstaller_enu(2).exe [2011.10.27 10:15:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.27 10:15:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.27 10:08:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.27 10:08:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.27 10:07:45 | 536,195,071 | -HS- | M] () -- C:\hiberfil.sys [2011.10.27 09:16:14 | 000,247,176 | ---- | M] () -- C:\Users\Marucs\Documents\cc_20111027_091558.reg [2011.10.26 23:09:04 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.25 22:57:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.25 22:38:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.25 22:38:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.25 22:38:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.25 22:38:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.25 22:38:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.25 18:47:30 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.10.13 03:24:17 | 000,363,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.27 13:33:13 | 000,000,221 | ---- | C] () -- C:\Users\Marucs\Desktop\Call of Duty Black Ops.url [2011.10.27 13:29:10 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011.10.27 09:16:03 | 000,247,176 | ---- | C] () -- C:\Users\Marucs\Documents\cc_20111027_091558.reg [2011.10.26 23:09:04 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.10.25 22:57:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.24 20:03:58 | 000,000,352 | ---- | C] () -- C:\Users\Marucs\AppData\Roaming\wklnhst.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.10 19:07:30 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2010.01.10 18:40:08 | 000,000,123 | ---- | C] () -- C:\Windows\wininit.ini [2009.12.19 02:17:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.03 10:51:30 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.09.03 10:51:29 | 000,007,283 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2003.04.09 11:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe [2003.04.09 11:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Marucs\AppData\Roaming\MafiaSetup.exe ========== LOP Check ========== [2009.12.21 20:34:09 | 000,000,000 | -HSD | M] -- C:\Users\Marucs\AppData\Roaming\.# [2011.10.26 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\DAEMON Tools Lite [2009.12.20 01:09:47 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\GameConsole [2011.09.27 23:11:15 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\ICQ [2010.08.01 12:30:42 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\OpenOffice.org [2011.09.13 21:10:10 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Temp [2011.08.24 20:04:10 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Template [2011.10.25 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\TeraCopy [2010.08.01 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Thunderbird [2011.10.26 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\TS3Client [2011.06.18 09:19:14 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Ubisoft [2011.09.25 02:52:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.12.21 20:34:09 | 000,000,000 | -HSD | M] -- C:\Users\Marucs\AppData\Roaming\.# [2010.02.14 16:22:09 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Adobe [2011.03.04 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Apple Computer [2011.10.26 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\DAEMON Tools Lite [2010.11.10 23:17:39 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\DivX [2009.12.20 01:09:47 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\GameConsole [2009.12.18 20:01:38 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Google [2011.09.27 23:11:15 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\ICQ [2009.12.18 18:21:06 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Identities [2010.12.16 23:37:22 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\InstallShield [2009.12.18 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Macromedia [2011.10.25 23:00:16 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Media Center Programs [2011.10.17 21:00:22 | 000,000,000 | --SD | M] -- C:\Users\Marucs\AppData\Roaming\Microsoft [2010.08.01 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Mozilla [2010.03.07 23:59:01 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Nero [2010.08.01 12:30:42 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\OpenOffice.org [2009.12.18 22:41:09 | 000,000,000 | RH-D | M] -- C:\Users\Marucs\AppData\Roaming\SecuROM [2011.10.02 12:24:00 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Skype [2011.09.13 21:10:10 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Temp [2011.08.24 20:04:10 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Template [2011.10.25 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\TeraCopy [2010.08.01 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Thunderbird [2011.10.26 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\TS3Client [2011.06.18 09:19:14 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Ubisoft [2009.12.26 02:01:05 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\vlc [2011.10.26 23:11:47 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\Winamp [2010.01.10 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Marucs\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2003.04.09 11:28:44 | 000,233,472 | R--- | M] () -- C:\Users\Marucs\AppData\Roaming\MafiaSetup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\OEM\Preload\Autorun\DRV\Intel Storage Generic Driver\IaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys [2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 < End of report > gruß marcus |
|
27.10.2011, 18:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Trojaner/Rootkit Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973d54kj58h892jv77
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973d54kj58h892jv77
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973d54kj58h892jv77
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C2EE7A-AD2C-45F2-AECB-866D401A5243}: DhcpNameServer = 168.95.1.1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8200f7ef-ebf2-11de-9b80-0025115a6362}\Shell - "" = AutoRun
O33 - MountPoints2\{8200f7ef-ebf2-11de-9b80-0025115a6362}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\Shell - "" = AutoRun
O33 - MountPoints2\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\Shell - "" = AutoRun
O33 - MountPoints2\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\Shell\AutoRun\command - "" = K:\Setup.exe
[2011.10.27 10:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011.10.16 19:26:48 | 000,000,000 | RHSD | C] -- C:\Users\Marucs\M-1-52-5782-8752-5245
[2009.09.03 10:44:43 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009.12.21 20:34:09 | 000,000,000 | -HSD | M] -- C:\Users\Marucs\AppData\Roaming\.#
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.10.2011, 19:18
| #5 |
| | Probleme mit Trojaner/Rootkit das ist der log nach dem neustart Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
C:\Program Files (x86)\G Data\AntiVirus\Webfilter\AVKWebIEx64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05C2EE7A-AD2C-45F2-AECB-866D401A5243}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8200f7ef-ebf2-11de-9b80-0025115a6362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8200f7ef-ebf2-11de-9b80-0025115a6362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8200f7ef-ebf2-11de-9b80-0025115a6362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8200f7ef-ebf2-11de-9b80-0025115a6362}\ not found.
File K:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5265161-d00f-11e0-8c5d-001f3f0a91aa}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17533d9-f0a8-11de-b044-001f3f0a91aa}\ not found.
File K:\Setup.exe not found.
C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.
C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} folder moved successfully.
C:\Users\Marucs\M-1-52-5782-8752-5245 folder moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\Marucs\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marucs
->Temp folder emptied: 29428774 bytes
->Temporary Internet Files folder emptied: 4372756 bytes
->Java cache emptied: 618215 bytes
->FireFox cache emptied: 74559284 bytes
->Flash cache emptied: 891 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 3238240 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 108,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 10272011_201803
Files\Folders moved on Reboot...
C:\Users\Marucs\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
gruß marcus |
|
27.10.2011, 19:35
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Trojaner/Rootkit Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Probleme mit Trojaner/Rootkit |
|
27.10.2011, 19:48
| #7 |
| | Probleme mit Trojaner/RootkitCode:
ATTFilter 20:51:38.0092 2476 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:51:38.0263 2476 ============================================================
20:51:38.0263 2476 Current date / time: 2011/10/27 20:51:38.0263
20:51:38.0263 2476 SystemInfo:
20:51:38.0263 2476
20:51:38.0263 2476 OS Version: 6.1.7600 ServicePack: 0.0
20:51:38.0263 2476 Product type: Workstation
20:51:38.0263 2476 ComputerName: MARUCS-PC
20:51:38.0263 2476 UserName: Marucs
20:51:38.0263 2476 Windows directory: C:\Windows
20:51:38.0263 2476 System windows directory: C:\Windows
20:51:38.0263 2476 Running under WOW64
20:51:38.0263 2476 Processor architecture: Intel x64
20:51:38.0263 2476 Number of processors: 4
20:51:38.0263 2476 Page size: 0x1000
20:51:38.0263 2476 Boot type: Normal boot
20:51:38.0263 2476 ============================================================
20:51:38.0825 2476 Initialize success
20:51:48.0856 5016 ============================================================
20:51:48.0856 5016 Scan started
20:51:48.0856 5016 Mode: Manual; SigCheck; TDLFS;
20:51:48.0856 5016 ============================================================
20:51:49.0105 5016 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:51:49.0215 5016 1394ohci - ok
20:51:49.0277 5016 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:51:49.0308 5016 ACPI - ok
20:51:49.0339 5016 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:51:49.0386 5016 AcpiPmi - ok
20:51:49.0433 5016 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:51:49.0480 5016 adp94xx - ok
20:51:49.0495 5016 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:51:49.0542 5016 adpahci - ok
20:51:49.0558 5016 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:51:49.0589 5016 adpu320 - ok
20:51:49.0605 5016 Afc - ok
20:51:49.0651 5016 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:51:49.0729 5016 AFD - ok
20:51:49.0761 5016 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:51:49.0792 5016 agp440 - ok
20:51:49.0823 5016 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:51:49.0839 5016 aliide - ok
20:51:49.0854 5016 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:51:49.0870 5016 amdide - ok
20:51:49.0901 5016 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:51:49.0917 5016 AmdK8 - ok
20:51:49.0948 5016 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:51:49.0979 5016 AmdPPM - ok
20:51:50.0026 5016 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:51:50.0041 5016 amdsata - ok
20:51:50.0088 5016 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:51:50.0119 5016 amdsbs - ok
20:51:50.0135 5016 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:51:50.0151 5016 amdxata - ok
20:51:50.0182 5016 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:51:50.0213 5016 AppID - ok
20:51:50.0229 5016 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:51:50.0260 5016 arc - ok
20:51:50.0275 5016 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:51:50.0307 5016 arcsas - ok
20:51:50.0322 5016 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:50.0400 5016 AsyncMac - ok
20:51:50.0431 5016 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:51:50.0447 5016 atapi - ok
20:51:50.0494 5016 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:51:50.0556 5016 atksgt - ok
20:51:50.0634 5016 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
20:51:50.0634 5016 avmeject - ok
20:51:50.0665 5016 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:51:50.0806 5016 b06bdrv - ok
20:51:50.0821 5016 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:51:50.0853 5016 b57nd60a - ok
20:51:50.0884 5016 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:51:50.0946 5016 Beep - ok
20:51:50.0993 5016 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:51:51.0040 5016 blbdrive - ok
20:51:51.0071 5016 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:51:51.0133 5016 bowser - ok
20:51:51.0133 5016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:51:51.0180 5016 BrFiltLo - ok
20:51:51.0180 5016 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:51:51.0227 5016 BrFiltUp - ok
20:51:51.0258 5016 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:51:51.0305 5016 Brserid - ok
20:51:51.0305 5016 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:51:51.0367 5016 BrSerWdm - ok
20:51:51.0383 5016 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:51:51.0430 5016 BrUsbMdm - ok
20:51:51.0461 5016 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:51:51.0477 5016 BrUsbSer - ok
20:51:51.0492 5016 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:51:51.0523 5016 BTHMODEM - ok
20:51:51.0570 5016 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:51:51.0633 5016 cdfs - ok
20:51:51.0664 5016 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:51:51.0711 5016 cdrom - ok
20:51:51.0742 5016 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:51:51.0757 5016 circlass - ok
20:51:51.0789 5016 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:51:51.0820 5016 CLFS - ok
20:51:51.0867 5016 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:51:51.0898 5016 CmBatt - ok
20:51:51.0913 5016 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:51:51.0929 5016 cmdide - ok
20:51:51.0945 5016 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:51:51.0991 5016 CNG - ok
20:51:52.0007 5016 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:51:52.0023 5016 Compbatt - ok
20:51:52.0054 5016 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:51:52.0085 5016 CompositeBus - ok
20:51:52.0101 5016 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:51:52.0132 5016 crcdisk - ok
20:51:52.0163 5016 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:51:52.0210 5016 DfsC - ok
20:51:52.0241 5016 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:51:52.0303 5016 discache - ok
20:51:52.0335 5016 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:51:52.0366 5016 Disk - ok
20:51:52.0397 5016 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:51:52.0413 5016 drmkaud - ok
20:51:52.0459 5016 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:51:52.0522 5016 DXGKrnl - ok
20:51:52.0537 5016 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
20:51:52.0569 5016 e1yexpress - ok
20:51:52.0647 5016 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:51:52.0756 5016 ebdrv - ok
20:51:52.0803 5016 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:51:52.0849 5016 elxstor - ok
20:51:52.0865 5016 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:51:52.0912 5016 ErrDev - ok
20:51:52.0959 5016 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:51:53.0021 5016 exfat - ok
20:51:53.0052 5016 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:51:53.0115 5016 fastfat - ok
20:51:53.0161 5016 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:51:53.0177 5016 fdc - ok
20:51:53.0208 5016 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:51:53.0224 5016 FileInfo - ok
20:51:53.0239 5016 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:51:53.0317 5016 Filetrace - ok
20:51:53.0333 5016 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:51:53.0380 5016 flpydisk - ok
20:51:53.0411 5016 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:51:53.0442 5016 FltMgr - ok
20:51:53.0473 5016 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:51:53.0489 5016 FsDepends - ok
20:51:53.0505 5016 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:51:53.0520 5016 Fs_Rec - ok
20:51:53.0551 5016 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:51:53.0583 5016 fvevol - ok
20:51:53.0614 5016 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
20:51:53.0676 5016 FWLANUSB ( UnsignedFile.Multi.Generic ) - warning
20:51:53.0676 5016 FWLANUSB - detected UnsignedFile.Multi.Generic (1)
20:51:53.0723 5016 fwlanusbn (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
20:51:53.0801 5016 fwlanusbn - ok
20:51:53.0832 5016 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:51:53.0848 5016 gagp30kx - ok
20:51:53.0910 5016 GDBehave (98c64a79d282a6d043d8c9447ce0ad8c) C:\Windows\system32\drivers\GDBehave.sys
20:51:53.0926 5016 GDBehave - ok
20:51:53.0957 5016 GDMnIcpt (001d282b8a56c0fb94d14033f5f94eed) C:\Windows\system32\drivers\MiniIcpt.sys
20:51:53.0973 5016 GDMnIcpt - ok
20:51:53.0988 5016 gdwfpcd (fc9b3d24e18d08200f31aa3bace42f6a) C:\Windows\system32\DRIVERS\gdwfpcd64.sys
20:51:54.0004 5016 gdwfpcd - ok
20:51:54.0035 5016 GearAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\drivers\GEARAspiWDM.sys
20:51:54.0051 5016 GearAspiWDM - ok
20:51:54.0082 5016 GRD (ffa07d1d1d7f16d5a08846a28aff59ef) C:\Windows\system32\drivers\GRD.sys
20:51:54.0097 5016 GRD - ok
20:51:54.0175 5016 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
20:51:54.0269 5016 HCW85BDA - ok
20:51:54.0285 5016 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:51:54.0347 5016 hcw85cir - ok
20:51:54.0378 5016 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:51:54.0425 5016 HdAudAddService - ok
20:51:54.0472 5016 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:51:54.0534 5016 HDAudBus - ok
20:51:54.0534 5016 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:51:54.0550 5016 HidBatt - ok
20:51:54.0565 5016 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:51:54.0612 5016 HidBth - ok
20:51:54.0612 5016 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:51:54.0643 5016 HidIr - ok
20:51:54.0675 5016 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:51:54.0721 5016 HidUsb - ok
20:51:54.0768 5016 HookCentre (3440d5c74edd0792a6aa943d1be985e2) C:\Windows\system32\drivers\HookCentre.sys
20:51:54.0784 5016 HookCentre - ok
20:51:54.0799 5016 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:51:54.0815 5016 HpSAMD - ok
20:51:54.0846 5016 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:51:54.0940 5016 HTTP - ok
20:51:54.0940 5016 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:51:54.0955 5016 hwpolicy - ok
20:51:55.0002 5016 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:51:55.0018 5016 i8042prt - ok
20:51:55.0065 5016 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:51:55.0096 5016 iaStor - ok
20:51:55.0127 5016 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:51:55.0174 5016 iaStorV - ok
20:51:55.0267 5016 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:51:55.0470 5016 igfx - ok
20:51:55.0501 5016 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:51:55.0517 5016 iirsp - ok
20:51:55.0595 5016 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
20:51:55.0673 5016 IntcAzAudAddService - ok
20:51:55.0689 5016 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:51:55.0704 5016 intelide - ok
20:51:55.0720 5016 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:51:55.0767 5016 intelppm - ok
20:51:55.0798 5016 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:51:55.0860 5016 IpFilterDriver - ok
20:51:55.0876 5016 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:51:55.0907 5016 IPMIDRV - ok
20:51:55.0907 5016 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:51:55.0969 5016 IPNAT - ok
20:51:56.0032 5016 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:51:56.0047 5016 IRENUM - ok
20:51:56.0079 5016 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:51:56.0094 5016 isapnp - ok
20:51:56.0125 5016 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:51:56.0141 5016 iScsiPrt - ok
20:51:56.0172 5016 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:51:56.0188 5016 kbdclass - ok
20:51:56.0219 5016 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:51:56.0250 5016 kbdhid - ok
20:51:56.0297 5016 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:51:56.0328 5016 KSecDD - ok
20:51:56.0344 5016 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:51:56.0375 5016 KSecPkg - ok
20:51:56.0391 5016 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:51:56.0437 5016 ksthunk - ok
20:51:56.0500 5016 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:51:56.0515 5016 lirsgt - ok
20:51:56.0547 5016 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:51:56.0609 5016 lltdio - ok
20:51:56.0640 5016 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:51:56.0656 5016 LSI_FC - ok
20:51:56.0671 5016 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:51:56.0703 5016 LSI_SAS - ok
20:51:56.0718 5016 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:51:56.0734 5016 LSI_SAS2 - ok
20:51:56.0765 5016 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:51:56.0796 5016 LSI_SCSI - ok
20:51:56.0827 5016 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:51:56.0890 5016 luafv - ok
20:51:56.0937 5016 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:51:56.0952 5016 megasas - ok
20:51:56.0968 5016 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:51:56.0999 5016 MegaSR - ok
20:51:57.0030 5016 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:51:57.0093 5016 Modem - ok
20:51:57.0108 5016 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:51:57.0155 5016 monitor - ok
20:51:57.0186 5016 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:51:57.0202 5016 mouclass - ok
20:51:57.0217 5016 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:51:57.0264 5016 mouhid - ok
20:51:57.0295 5016 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:51:57.0327 5016 mountmgr - ok
20:51:57.0342 5016 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:51:57.0373 5016 mpio - ok
20:51:57.0389 5016 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:51:57.0436 5016 mpsdrv - ok
20:51:57.0483 5016 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:51:57.0529 5016 MRxDAV - ok
20:51:57.0561 5016 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:51:57.0592 5016 mrxsmb - ok
20:51:57.0623 5016 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:51:57.0670 5016 mrxsmb10 - ok
20:51:57.0717 5016 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:51:57.0763 5016 mrxsmb20 - ok
20:51:57.0795 5016 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:51:57.0810 5016 msahci - ok
20:51:57.0826 5016 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:51:57.0857 5016 msdsm - ok
20:51:57.0888 5016 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:51:57.0951 5016 Msfs - ok
20:51:57.0982 5016 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:51:58.0029 5016 mshidkmdf - ok
20:51:58.0044 5016 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:51:58.0060 5016 msisadrv - ok
20:51:58.0091 5016 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:51:58.0153 5016 MSKSSRV - ok
20:51:58.0185 5016 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:51:58.0247 5016 MSPCLOCK - ok
20:51:58.0278 5016 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:51:58.0341 5016 MSPQM - ok
20:51:58.0372 5016 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:51:58.0419 5016 MsRPC - ok
20:51:58.0434 5016 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:51:58.0450 5016 mssmbios - ok
20:51:58.0465 5016 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:51:58.0497 5016 MSTEE - ok
20:51:58.0512 5016 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:51:58.0528 5016 MTConfig - ok
20:51:58.0559 5016 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:51:58.0590 5016 Mup - ok
20:51:58.0621 5016 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:51:58.0637 5016 mwlPSDFilter - ok
20:51:58.0637 5016 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:51:58.0653 5016 mwlPSDNServ - ok
20:51:58.0668 5016 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:51:58.0684 5016 mwlPSDVDisk - ok
20:51:58.0731 5016 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:51:58.0793 5016 NativeWifiP - ok
20:51:58.0840 5016 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:51:58.0918 5016 NDIS - ok
20:51:58.0933 5016 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:51:58.0980 5016 NdisCap - ok
20:51:58.0996 5016 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:51:59.0027 5016 NdisTapi - ok
20:51:59.0058 5016 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:51:59.0105 5016 Ndisuio - ok
20:51:59.0121 5016 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:51:59.0183 5016 NdisWan - ok
20:51:59.0199 5016 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:51:59.0245 5016 NDProxy - ok
20:51:59.0292 5016 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:51:59.0339 5016 NetBIOS - ok
20:51:59.0355 5016 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:51:59.0401 5016 NetBT - ok
20:51:59.0448 5016 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:51:59.0464 5016 nfrd960 - ok
20:51:59.0479 5016 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:51:59.0511 5016 Npfs - ok
20:51:59.0526 5016 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:51:59.0589 5016 nsiproxy - ok
20:51:59.0651 5016 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:51:59.0760 5016 Ntfs - ok
20:51:59.0776 5016 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:51:59.0823 5016 Null - ok
20:51:59.0869 5016 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
20:51:59.0885 5016 NVHDA - ok
20:52:00.0057 5016 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:52:00.0244 5016 nvlddmkm - ok
20:52:00.0291 5016 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:52:00.0322 5016 nvraid - ok
20:52:00.0353 5016 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:52:00.0384 5016 nvstor - ok
20:52:00.0415 5016 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:52:00.0431 5016 nv_agp - ok
20:52:00.0447 5016 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:52:00.0493 5016 ohci1394 - ok
20:52:00.0556 5016 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:52:00.0603 5016 Parport - ok
20:52:00.0634 5016 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:52:00.0649 5016 partmgr - ok
20:52:00.0665 5016 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:52:00.0696 5016 pci - ok
20:52:00.0712 5016 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:52:00.0727 5016 pciide - ok
20:52:00.0743 5016 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:52:00.0774 5016 pcmcia - ok
20:52:00.0790 5016 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:52:00.0805 5016 pcw - ok
20:52:00.0821 5016 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:52:00.0915 5016 PEAUTH - ok
20:52:00.0977 5016 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:52:01.0071 5016 PptpMiniport - ok
20:52:01.0102 5016 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:52:01.0133 5016 Processor - ok
20:52:01.0180 5016 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:52:01.0227 5016 Psched - ok
20:52:01.0273 5016 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:52:01.0351 5016 ql2300 - ok
20:52:01.0383 5016 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:52:01.0398 5016 ql40xx - ok
20:52:01.0414 5016 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:52:01.0429 5016 QWAVEdrv - ok
20:52:01.0461 5016 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:52:01.0492 5016 RasAcd - ok
20:52:01.0523 5016 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:01.0570 5016 RasAgileVpn - ok
20:52:01.0585 5016 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:01.0648 5016 Rasl2tp - ok
20:52:01.0695 5016 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:01.0757 5016 RasPppoe - ok
20:52:01.0788 5016 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:52:01.0819 5016 RasSstp - ok
20:52:01.0851 5016 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:52:01.0929 5016 rdbss - ok
20:52:01.0944 5016 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:52:01.0991 5016 rdpbus - ok
20:52:02.0038 5016 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:02.0069 5016 RDPCDD - ok
20:52:02.0085 5016 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:52:02.0131 5016 RDPENCDD - ok
20:52:02.0147 5016 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:52:02.0178 5016 RDPREFMP - ok
20:52:02.0209 5016 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:52:02.0272 5016 RDPWD - ok
20:52:02.0272 5016 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:52:02.0303 5016 rdyboost - ok
20:52:02.0350 5016 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:52:02.0412 5016 rspndr - ok
20:52:02.0443 5016 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:52:02.0459 5016 sbp2port - ok
20:52:02.0475 5016 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:52:02.0537 5016 scfilter - ok
20:52:02.0553 5016 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:52:02.0599 5016 secdrv - ok
20:52:02.0646 5016 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:52:02.0662 5016 Serenum - ok
20:52:02.0693 5016 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:52:02.0740 5016 Serial - ok
20:52:02.0787 5016 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:52:02.0818 5016 sermouse - ok
20:52:02.0880 5016 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:52:02.0927 5016 sffdisk - ok
20:52:02.0927 5016 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:52:02.0974 5016 sffp_mmc - ok
20:52:02.0989 5016 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:52:03.0036 5016 sffp_sd - ok
20:52:03.0036 5016 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:52:03.0067 5016 sfloppy - ok
20:52:03.0114 5016 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:52:03.0130 5016 SiSRaid2 - ok
20:52:03.0145 5016 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:52:03.0161 5016 SiSRaid4 - ok
20:52:03.0192 5016 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:52:03.0239 5016 Smb - ok
20:52:03.0270 5016 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:52:03.0286 5016 spldr - ok
20:52:03.0333 5016 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
20:52:03.0333 5016 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
20:52:03.0348 5016 sptd ( LockedFile.Multi.Generic ) - warning
20:52:03.0348 5016 sptd - detected LockedFile.Multi.Generic (1)
20:52:03.0364 5016 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:52:03.0442 5016 srv - ok
20:52:03.0489 5016 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:52:03.0535 5016 srv2 - ok
20:52:03.0567 5016 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:52:03.0613 5016 srvnet - ok
20:52:03.0660 5016 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:52:03.0676 5016 stexstor - ok
20:52:03.0707 5016 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:52:03.0707 5016 swenum - ok
20:52:03.0785 5016 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
20:52:03.0894 5016 Tcpip - ok
20:52:03.0941 5016 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
20:52:04.0035 5016 TCPIP6 - ok
20:52:04.0050 5016 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:52:04.0113 5016 tcpipreg - ok
20:52:04.0144 5016 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:52:04.0191 5016 TDPIPE - ok
20:52:04.0222 5016 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:52:04.0284 5016 TDTCP - ok
20:52:04.0300 5016 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:52:04.0347 5016 tdx - ok
20:52:04.0362 5016 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:52:04.0393 5016 TermDD - ok
20:52:04.0409 5016 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:04.0471 5016 tssecsrv - ok
20:52:04.0534 5016 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:52:04.0581 5016 tunnel - ok
20:52:04.0596 5016 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:52:04.0612 5016 uagp35 - ok
20:52:04.0627 5016 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:52:04.0705 5016 udfs - ok
20:52:04.0721 5016 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:52:04.0737 5016 uliagpkx - ok
20:52:04.0768 5016 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:52:04.0799 5016 umbus - ok
20:52:04.0815 5016 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:52:04.0830 5016 UmPass - ok
20:52:04.0877 5016 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
20:52:04.0939 5016 USBAAPL64 - ok
20:52:04.0986 5016 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:52:05.0017 5016 usbaudio - ok
20:52:05.0049 5016 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:05.0080 5016 usbccgp - ok
20:52:05.0127 5016 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:52:05.0142 5016 usbcir - ok
20:52:05.0173 5016 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
20:52:05.0205 5016 usbehci - ok
20:52:05.0251 5016 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:52:05.0283 5016 usbhub - ok
20:52:05.0314 5016 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
20:52:05.0345 5016 usbohci - ok
20:52:05.0392 5016 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:52:05.0439 5016 usbprint - ok
20:52:05.0485 5016 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:05.0548 5016 USBSTOR - ok
20:52:05.0563 5016 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:52:05.0610 5016 usbuhci - ok
20:52:05.0673 5016 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
20:52:05.0735 5016 usbvideo - ok
20:52:05.0766 5016 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:52:05.0782 5016 vdrvroot - ok
20:52:05.0829 5016 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:05.0844 5016 vga - ok
20:52:05.0860 5016 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:52:05.0907 5016 VgaSave - ok
20:52:05.0938 5016 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:52:05.0969 5016 vhdmp - ok
20:52:05.0985 5016 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:52:06.0000 5016 viaide - ok
20:52:06.0016 5016 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:52:06.0047 5016 volmgr - ok
20:52:06.0063 5016 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:52:06.0109 5016 volmgrx - ok
20:52:06.0125 5016 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:52:06.0156 5016 volsnap - ok
20:52:06.0187 5016 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:52:06.0219 5016 vsmraid - ok
20:52:06.0234 5016 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:52:06.0281 5016 vwifibus - ok
20:52:06.0312 5016 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:52:06.0343 5016 WacomPen - ok
20:52:06.0359 5016 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:06.0406 5016 WANARP - ok
20:52:06.0406 5016 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:52:06.0453 5016 Wanarpv6 - ok
20:52:06.0499 5016 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:52:06.0515 5016 Wd - ok
20:52:06.0546 5016 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:52:06.0593 5016 Wdf01000 - ok
20:52:06.0624 5016 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:06.0671 5016 WfpLwf - ok
20:52:06.0687 5016 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:52:06.0702 5016 WIMMount - ok
20:52:06.0749 5016 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:52:06.0780 5016 WinUsb - ok
20:52:06.0796 5016 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:52:06.0843 5016 WmiAcpi - ok
20:52:06.0874 5016 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:52:06.0936 5016 ws2ifsl - ok
20:52:06.0983 5016 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:52:07.0014 5016 WudfPf - ok
20:52:07.0077 5016 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:07.0123 5016 WUDFRd - ok
20:52:07.0217 5016 X6va005 - ok
20:52:07.0248 5016 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:52:07.0295 5016 xusb21 - ok
20:52:07.0311 5016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:52:07.0404 5016 \Device\Harddisk0\DR0 - ok
20:52:07.0404 5016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:52:16.0281 5016 \Device\Harddisk1\DR1 - ok
20:52:16.0281 5016 Boot (0x1200) (a6c80b6233b05ecc62d5daa114d7bcb7) \Device\Harddisk0\DR0\Partition0
20:52:16.0281 5016 \Device\Harddisk0\DR0\Partition0 - ok
20:52:16.0296 5016 Boot (0x1200) (6ce03dc9539c9cf4b1c20652d1784b46) \Device\Harddisk0\DR0\Partition1
20:52:16.0296 5016 \Device\Harddisk0\DR0\Partition1 - ok
20:52:16.0312 5016 Boot (0x1200) (6e5027ad1699582a47c20c13eefd8599) \Device\Harddisk0\DR0\Partition2
20:52:16.0312 5016 \Device\Harddisk0\DR0\Partition2 - ok
20:52:16.0312 5016 Boot (0x1200) (8caf8e06f5f63cb3bf6eccbf0ac6386d) \Device\Harddisk1\DR1\Partition0
20:52:16.0312 5016 \Device\Harddisk1\DR1\Partition0 - ok
20:52:16.0327 5016 ============================================================
20:52:16.0327 5016 Scan finished
20:52:16.0327 5016 ============================================================
20:52:16.0327 2788 Detected object count: 2
20:52:16.0327 2788 Actual detected object count: 2
20:52:25.0594 2788 FWLANUSB ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:25.0594 2788 FWLANUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:25.0594 2788 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:52:25.0594 2788 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
27.10.2011, 20:23
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Trojaner/Rootkit Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 20:54
| #9 |
| | Probleme mit Trojaner/Rootkit danke danke für die schnellen antworten Code:
ATTFilter ComboFix 11-10-27.05 - Marucs 27.10.2011 21:45:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.6143.4840 [GMT 2:00]
ausgeführt von:: c:\users\Marucs\Desktop\ComboFix.exe
AV: G Data AntiVirus 2010 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\ui
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-27 bis 2011-10-27 ))))))))))))))))))))))))))))))
.
.
2011-10-27 19:50 . 2011-10-27 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-27 18:18 . 2011-10-27 18:18 -------- d-----w- C:\_OTL
2011-10-27 17:06 . 2011-10-27 17:06 -------- d-----w- c:\users\Marucs\AppData\Local\Activision
2011-10-27 11:29 . 2011-10-27 16:30 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-10-27 11:29 . 2011-10-27 19:52 -------- d-----w- c:\program files (x86)\Steam
2011-10-27 08:21 . 2011-10-27 08:21 -------- d-----w- c:\program files (x86)\ESET
2011-10-27 07:58 . 2011-10-27 07:58 -------- d-----w- c:\users\Marucs\AppData\Local\PackageAware
2011-10-26 21:09 . 2011-10-26 21:09 -------- d-----w- c:\program files\CCleaner
2011-10-26 14:37 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 14:37 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-25 21:00 . 2011-10-25 21:00 -------- d-----w- c:\users\Marucs\AppData\Roaming\Malwarebytes
2011-10-25 20:57 . 2011-10-25 20:57 -------- d-----w- c:\programdata\Malwarebytes
2011-10-25 20:57 . 2011-10-25 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-25 20:57 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-25 16:59 . 2011-10-25 16:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-25 16:49 . 2011-10-25 16:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 16:15 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B9C784D-D9A1-47B1-BCEA-0CB56C22553F}\mpengine.dll
2011-10-17 19:00 . 2011-10-26 21:11 -------- d-----w- c:\users\Marucs\Tracing
2011-10-16 17:40 . 2011-10-26 21:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-16 17:40 . 2011-10-26 21:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-02 18:36 . 2011-10-25 20:04 -------- d-----w- c:\users\Marucs\AppData\Roaming\TeraCopy
2011-10-02 18:36 . 2011-10-02 18:36 -------- d-----w- c:\program files\TeraCopy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-08-01 10:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-10-27 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"G DATA AntiVirus Trayapplication"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2009-09-18 924232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-30 136176]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-30 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Marucs\AppData\Local\Temp\005E016.tmp [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-12-23 106224]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-12-07 1128008]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2009-08-08 397896]
S2 AVKWCtl;G Data Filesystem Monitor;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2009-11-25 1731504]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [2009-11-26 302152]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-30 16:57]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-30 16:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = fritz.box;*.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Marucs\AppData\Roaming\Mozilla\Firefox\Profiles\qjmcquc9.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Marucs\AppData\Local\Temp\005E016.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2654453199-4005105099-35965596-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,2a,41,19,08,6d,88,1e,67,72,30,1a,09,bc,34,e6,22,bd,42,b5,b1,
3f,a3,87,40,2f,6e,1a,e3,22,b6,2a,ce,a7,b6,8e,79,da,56,7a,09,ae,6c,ac,b9,13,\
"rkeysecu"=hex:b4,33,a6,2a,f5,c0,47,ae,75,62,42,59,de,23,4a,a4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-27 21:56:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-10-27 19:56
.
Vor Suchlauf: 10 Verzeichnis(se), 123.374.039.040 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 122.949.218.304 Bytes frei
.
- - End Of File - - 78863ECDC640899208A15B7A4787CAC0
|
|
27.10.2011, 21:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Trojaner/Rootkit Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 22:29
| #11 |
| | Probleme mit Trojaner/Rootkit hier ist der log wünsch dir ne gute nacht Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-27 23:18:53
-----------------------------
23:18:53.826 OS Version: Windows x64 6.1.7600
23:18:53.826 Number of processors: 4 586 0x170A
23:18:53.826 ComputerName: MARUCS-PC UserName: Marucs
23:18:56.447 Initialize success
23:20:57.954 AVAST engine defs: 11102701
23:21:27.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:21:27.984 Disk 0 Vendor: ST315003 CC4H Size: 1430799MB BusType: 8
23:21:27.984 Disk 0 MBR read error 0
23:21:27.984 Disk 0 MBR scan
23:21:27.984 Disk 0 unknown MBR code
23:21:27.984 MBR BIOS signature not found 0
23:21:28.000 Service scanning
23:21:28.515 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:21:29.092 Modules scanning
23:21:29.092 Disk 0 trace - called modules:
23:21:29.108 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys splz.sys hal.dll
23:21:29.108 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066b0060]
23:21:29.108 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c4050]
23:21:38.234 AVAST engine scan C:\Windows
23:22:13.615 AVAST engine scan C:\Windows\system32
23:22:23.677 AVAST engine scan C:\Windows\system32\drivers
23:22:33.739 AVAST engine scan C:\Users\Marucs
23:22:43.801 AVAST engine scan C:\ProgramData
23:22:43.801 Scan finished successfully
23:29:36.187 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
23:29:36.187 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR.txt"
gruß marcus |
|
28.10.2011, 10:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Trojaner/Rootkit Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2011, 10:56
| #13 |
| | Probleme mit Trojaner/Rootkit hi, war das so richtig? Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-28 11:53:13
-----------------------------
11:53:13.665 OS Version: Windows x64 6.1.7600
11:53:13.665 Number of processors: 4 586 0x170A
11:53:13.666 ComputerName: MARUCS-PC UserName: Marucs
11:53:15.594 Initialize success
11:53:19.235 AVAST engine defs: 11102701
11:53:36.264 Verifying
11:53:46.265 Disk 0 Windows 601 MBR fixed successfully
11:54:54.254 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
11:54:54.282 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR.txt"
11:56:19.999 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
11:56:20.000 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR55.txt"
Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-28 11:53:13
-----------------------------
11:53:13.665 OS Version: Windows x64 6.1.7600
11:53:13.665 Number of processors: 4 586 0x170A
11:53:13.666 ComputerName: MARUCS-PC UserName: Marucs
11:53:15.594 Initialize success
11:53:19.235 AVAST engine defs: 11102701
11:53:36.264 Verifying
11:53:46.265 Disk 0 Windows 601 MBR fixed successfully
11:54:54.254 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
11:54:54.282 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR.txt"
11:56:19.999 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
11:56:20.000 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR55.txt"
11:56:53.146 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:56:53.149 Disk 0 Vendor: ST315003 CC4H Size: 1430799MB BusType: 8
11:56:53.152 Disk 0 MBR read error 0
11:56:53.155 Disk 0 MBR scan
11:56:53.160 Disk 0 unknown MBR code
11:56:53.164 MBR BIOS signature not found 0
11:56:53.168 Service scanning
11:56:53.759 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:56:54.326 Modules scanning
11:56:54.331 Disk 0 trace - called modules:
11:56:54.359 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spos.sys hal.dll
11:56:54.364 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066d2060]
11:56:54.368 3 CLASSPNP.SYS[fffff88000db643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c5050]
11:56:55.844 AVAST engine scan C:\Windows
11:57:30.920 AVAST engine scan C:\Windows\system32
11:57:40.928 AVAST engine scan C:\Windows\system32\drivers
11:57:50.934 AVAST engine scan C:\Users\Marucs
11:58:00.939 AVAST engine scan C:\ProgramData
11:58:00.943 Scan finished successfully
11:58:24.118 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
11:58:24.123 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR6.txt"
hatte den neustart vergessen. hab jetzt nochmal ein neues log gemacht Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-28 12:16:29
-----------------------------
12:16:29.527 OS Version: Windows x64 6.1.7600
12:16:29.527 Number of processors: 4 586 0x170A
12:16:29.527 ComputerName: MARUCS-PC UserName: Marucs
12:16:31.837 Initialize success
12:16:35.947 AVAST engine defs: 11102701
12:16:38.067 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:16:38.067 Disk 0 Vendor: ST315003 CC4H Size: 1430799MB BusType: 8
12:16:38.077 Disk 0 MBR read error 0
12:16:38.077 Disk 0 MBR scan
12:16:38.077 Disk 0 unknown MBR code
12:16:38.077 MBR BIOS signature not found 0
12:16:38.087 Service scanning
12:16:40.277 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:16:40.907 Modules scanning
12:16:40.907 Disk 0 trace - called modules:
12:16:40.927 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spfo.sys hal.dll
12:16:40.927 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066d7060]
12:16:40.937 3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c2050]
12:16:44.657 AVAST engine scan C:\Windows
12:17:19.867 AVAST engine scan C:\Windows\system32
12:17:29.867 AVAST engine scan C:\Windows\system32\drivers
12:17:39.867 AVAST engine scan C:\Users\Marucs
12:17:49.867 AVAST engine scan C:\ProgramData
12:17:49.867 Scan finished successfully
12:18:10.857 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
12:18:10.867 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR7.txt"
Geändert von wawadadakwa (28.10.2011 um 11:17 Uhr) |
|
28.10.2011, 11:23
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Trojaner/Rootkit Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Win7 (64-Bit) installiert? Wenn nicht: Schau mal hier => RescueDisc-Win7-64-Bit Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten) Falls Du eine normale Win7-Installations-DVD (64-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Führe im normalen Windowsmodus MBRcheck bzw. aswmbr (je nachdem welches Tool ich dir vorhin aufgab) und poste das neue Log. Hinweis: Zwischen bootrec.exe und /fixmbr bzw. /fixboot ist ein Leerzeichen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2011, 12:26
| #15 |
| | Probleme mit Trojaner/Rootkit so habs dann doch noch geschafft XD Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-28 13:27:52
-----------------------------
13:27:52.878 OS Version: Windows x64 6.1.7600
13:27:52.878 Number of processors: 4 586 0x170A
13:27:52.878 ComputerName: MARUCS-PC UserName: Marucs
13:28:08.883 Initialize success
13:28:12.534 AVAST engine defs: 11102701
13:28:16.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:28:16.683 Disk 0 Vendor: ST315003 CC4H Size: 1430799MB BusType: 8
13:28:16.683 Disk 0 MBR read error 0
13:28:16.683 Disk 0 MBR scan
13:28:16.683 Disk 0 unknown MBR code
13:28:16.683 MBR BIOS signature not found 0
13:28:16.699 Service scanning
13:28:19.351 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:28:20.006 Modules scanning
13:28:20.006 Disk 0 trace - called modules:
13:28:20.053 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sphi.sys hal.dll
13:28:20.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066df060]
13:28:20.069 3 CLASSPNP.SYS[fffff8800123943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800638e050]
13:28:21.847 AVAST engine scan C:\Windows
13:28:56.869 AVAST engine scan C:\Windows\system32
13:29:06.931 AVAST engine scan C:\Windows\system32\drivers
13:29:16.993 AVAST engine scan C:\Users\Marucs
13:29:27.055 AVAST engine scan C:\ProgramData
13:29:27.055 Scan finished successfully
13:29:46.259 Disk 0 MBR has been saved successfully to "C:\Users\Marucs\Desktop\MBR.dat"
13:29:46.274 The log file has been saved successfully to "C:\Users\Marucs\Desktop\aswMBR8.txt"
|
|
| Themen zu Probleme mit Trojaner/Rootkit |
| anti-malware, appdata, code, dateien, downloader, dxgkrnl, escan, eset, explorer, externe festplatte, festplatte, files, found, gdata, großes, lockedfile.multi.generic, malwarebytes, microsoft, not, onlinescan, problem, probleme, sigcheck, software, super, suspicious file, trojaner, tunnel, unsignedfile.multi.generic, update, version, windows update |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
