Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: cmd.exe und mahmud.exe - Bundespolizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.11.2011, 23:22   #1
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hallo,

ich habe leider folgendes Problem bzw. Auffälligkeit:

ich hatte vor ungefähr zwei Wochen den Bundespolizei-Trojaner (das ucash-Ding) auf meinem Laptop. Eigentlich dachte ich, ich hätte das ganz gut in den Griff bekommen bzw. hab Antiviren/Malware-Programme drüberlaufen lassen (AntiVir, Malewarebytes und AdAware).

Seit dem hatte ich kein Problem mehr damit, allerdings startet in regelmäßigen Abständen jetzt immer die cmd.exe (windows/system32/cmd.exe) bzw. das Fenster blinkt für einen ganz kurzen Moment auf und verschwindet wieder (scheint aber nichts auszuführen, soweit ich das erkennen kann ist Fenster schwarz)

Bin mir jetzt aber nicht sicher ob ich nicht das gleich wie hier:

http://www.trojaner-board.de/105278-...r-ucash-2.html

habe (was dann wohl der trojan.banker wäre, wenn ich das richtig verstanden habe). Online-Banking habe ich seit längerer Zeit nicht mehr gemacht, allerdings letztens was bei amazon bestellt...


Vielen Dank für die Hilfe!!


PS: Habe die cmd.exe bei VirusTotal hochgeladen, wurde aber nicht als Maleware erkannt

Alt 01.12.2011, 07:43   #2
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hi,

schonmal geprüft ob da eine Task im Aufgabenmanager angelegt ist...?

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris
__________________

__________________

Alt 01.12.2011, 09:07   #3
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



erst mal vielen dank für die schnelle Antwort.

Bei dem OTL Scan kommt folgendes raus


Extra.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.12.2011 08:57:00 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mock\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,19% Memory free
6,07 Gb Paging File | 4,65 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,48 Gb Total Space | 39,93 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
 
Computer Name: MOCK | User Name: Mock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DB227C9-27B1-4C6B-999E-42C490BA7271}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{334B9019-922F-422F-AF7E-B6014A71AE67}" = lport=49486 | protocol=6 | dir=in | name=akamai netsession interface | 
"{3690EFC6-1EC0-4859-A728-5DAEB618229B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{3B34A9FF-9624-4C4D-9DD5-4979B7CE52ED}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 | 
"{3E5243D8-93E5-49FB-8DB9-9CF21B04F31A}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 | 
"{4D84FE09-4B53-4C78-849C-DB9CCE9DF133}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 | 
"{4F08216E-068D-4E9A-93AE-70ABEB9C003E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 | 
"{57F7DF3E-B431-4D18-A1E7-8AFDCBBBAA80}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{5E2B7684-E40F-45DC-BBD1-91EEED476B44}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{6D0B97FC-5272-4784-82D9-F7A655853670}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 | 
"{6E2CF416-FF24-4AA1-9DCB-578221E12106}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{73406CD2-6F7C-419C-AAF7-0DFDC15D90C9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8C2DA504-E276-4922-9958-439D35855557}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 | 
"{8E6D3953-9566-4A54-BE8E-C770516B4702}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D71E8B33-1C02-41A9-B976-4775641D4C87}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4316C2D-CFAA-48ED-B511-543E7ECC9DD7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{EACE51EF-E68E-4BBC-999A-9C45B98AF6A1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E276B88-932B-4D8D-948C-98F00244155D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{240F6ACE-ECAD-4725-91C7-45B933CB4794}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{4C893B30-5886-42A5-91BC-EAFCF4C4FDE9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{573E4573-75B6-4DA8-8FCD-546B2E0E0095}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7AD69C0B-449F-4ED2-B0FE-66DE8FEC6F38}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{88FD1923-9682-4250-8F19-EC4F3554FC23}" = protocol=6 | dir=in | app=c:\users\mock\appdata\local\akamai\netsession_win.exe | 
"{B374CD70-FFAC-4E0D-BB8F-E4D861EC8F8B}" = protocol=17 | dir=in | app=c:\users\mock\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B7D64ED8-AECC-45A8-9D01-52FFB7FF2F62}" = protocol=17 | dir=in | app=c:\users\mock\appdata\local\akamai\netsession_win.exe | 
"{D963AE34-AFB9-4F72-9F11-0030901D5BCE}" = protocol=6 | dir=in | app=c:\users\mock\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F74BDF39-B1CE-4A8D-8BF0-2817D2679DBC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F9C46D92-3DAE-4EDA-A1D2-C7EAD7068F51}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{5CF4B9ED-F6AF-4C94-BF79-153162F52E9E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{F6C3F5F0-8D73-44F1-8CC6-D7DBAF8ADF3A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3F16CD0B-DD34-446A-AF99-F9ABE8D5B570}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E8048E09-19A4-4E3C-95AD-33B4F0330CDB}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.3.0 Standard
"Adobe Acrobat  8 Standard - English, Français, Deutsch_830" = Adobe Acrobat 8.3.0 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"ASUS Skin" = ASUS Skin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"bxmig" = Favorit
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dt icon module" = 
"Eraser" = Eraser
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"gtfirstboot Setting Request" = 
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"LucasArts' TIE Fighter" = LucasArts' TIE Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MFU Module" = 
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.93
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"USB Scanner" = USB Scanner
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VLC media player" = VLC media player 1.1.7
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.11.2011 08:05:03 | Computer Name = Mock | Source = VSS | ID = 8194
Description = 
 
Error - 29.11.2011 08:07:26 | Computer Name = Mock | Source = Windows Search Service | ID = 3040
Description = 
 
Error - 29.11.2011 08:09:30 | Computer Name = Mock | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 29.11.2011 08:12:22 | Computer Name = Mock | Source = VSS | ID = 8194
Description = 
 
Error - 29.11.2011 08:29:25 | Computer Name = Mock | Source = VSS | ID = 8194
Description = 
 
Error - 30.11.2011 06:17:36 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2011 06:26:37 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2011 17:35:56 | Computer Name = Mock | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1300  Anfangszeit: 01ccafa7f1933750  Zeitpunkt der Beendigung:
 16
 
Error - 01.12.2011 02:42:35 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.12.2011 03:51:56 | Computer Name = Mock | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.11.2011 21:55:13 | Computer Name = Mock | Source = DCOM | ID = 10010
Description = 
 
Error - 30.11.2011 21:55:24 | Computer Name = Mock | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 01.12.2011 02:42:01 | Computer Name = Mock | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Mobile Intel(R) 45 Express Chipset Series PCI Express Root
 Port - 2A41" (PCI\VEN_8086&DEV_2A41&SUBSYS_9025104D&REV_07\3&21436425&0&08) wurde
 ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.12.2011 02:42:36 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 02:42:36 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 02:42:52 | Computer Name = Mock | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.12.2011 03:51:18 | Computer Name = Mock | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Mobile Intel(R) 45 Express Chipset Series PCI Express Root
 Port - 2A41" (PCI\VEN_8086&DEV_2A41&SUBSYS_9025104D&REV_07\3&21436425&0&08) wurde
 ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.12.2011 03:51:57 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 03:51:57 | Computer Name = Mock | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 03:51:57 | Computer Name = Mock | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---




_________________


und
OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.12.2011 08:57:00 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mock\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,19% Memory free
6,07 Gb Paging File | 4,65 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,48 Gb Total Space | 39,93 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
 
Computer Name: MOCK | User Name: Mock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mock\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Programme\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Nero BackItUp Scheduler 4.0) --  File not found
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_d768ebc.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PCToolsFirewallPlus) -- C:\Programme\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pctplfw) -- C:\Windows\System32\drivers\pctplfw.sys (PC Tools)
DRV - (pctNDIS) -- C:\Windows\System32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (PCTFW-DNS) -- C:\Windows\System32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (ZYXEL750) -- C:\Windows\System32\drivers\WLANUTG.SYS (Texas Instruments)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (VNUSB) -- C:\Windows\System32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "en.wikipedia.org/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.3
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.06.20 22:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\PROGRAM FILES\Mozilla Firefox\components [2010.05.31 12:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\PROGRAM FILES\Mozilla Firefox\plugins [2011.06.21 08:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 19:37:58 | 000,000,000 | ---D | M]
 
[2010.11.26 21:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mock\AppData\Roaming\mozilla\Extensions
[2010.11.26 21:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mock\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.30 11:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions
[2010.08.07 11:42:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.06 22:27:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.29 13:29:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Mock\AppData\Roaming\mozilla\Firefox\Profiles\0ad0zd7d.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.04.12 19:41:15 | 000,002,059 | ---- | M] () -- C:\Users\Mock\AppData\Roaming\Mozilla\Firefox\Profiles\0ad0zd7d.default\searchplugins\daemon-search.xml
[2011.11.17 10:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.13 00:29:35 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Programme\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.06.05 09:12:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.31 12:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.18 14:35:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 15:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.21 09:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.17 10:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010.06.05 09:12:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.31 12:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.18 14:35:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 15:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.21 09:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.17 10:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.11.27 05:56:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2008.11.27 05:56:37 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.11.27 05:56:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2008.11.27 05:56:37 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2008.11.27 05:56:37 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.25 17:04:34 | 000,000,762 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mock\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - Startup: C:\Users\Mock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mock\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52965E3B-500A-4AE9-B258-7897E0E4ED09}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Mock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell - "" = AutoRun
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell - "" = AutoRun
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.30 22:35:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mock\Desktop\OTL.exe
[2011.11.30 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\cmd
[2011.11.30 18:10:31 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\computerspiele entwickler werden - fragezeichen
[2011.11.29 13:03:03 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.11.29 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011.11.29 12:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011.11.29 12:57:17 | 002,617,176 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Mock\Desktop\revosetup193.exe
[2011.11.29 12:49:51 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.29 12:49:50 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.29 12:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.29 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\TuneUp Software
[2011.11.29 12:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.11.29 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.11.29 12:46:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.11.29 12:45:12 | 026,489,760 | ---- | C] (TuneUp Software) -- C:\Users\Mock\Desktop\TuneUpUtilities2012_de-DE.exe
[2011.11.29 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Local\PackageAware
[2011.11.27 21:28:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.11.26 18:59:48 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.11.26 18:58:33 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\Malwarebytes
[2011.11.26 18:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.26 18:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.26 18:58:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.26 18:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.26 18:51:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mock\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.24 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Roaming\Avira
[2011.11.24 12:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.24 12:05:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.11.24 12:05:35 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.24 12:05:35 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.24 12:05:35 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.11.24 12:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.24 12:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.11.17 10:34:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.11.17 10:34:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.11.17 10:34:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.11.11 14:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\League_of_Extraordinary_Gentlemen_V2
[2011.11.11 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\The_League_of_Extraordinary_Gentlemen_Vol_3_-__Century_1910
[2011.11.11 14:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mock\Desktop\The_League_of_Extraordinary_Gentlemen__-_The_Black_Dossier
[2011.11.11 10:29:59 | 000,000,000 | ---D | C] -- C:\Users\Mock\AppData\Local\Akamai
[2011.11.03 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\Mock\dwhelper
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.01 08:56:35 | 000,040,993 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.01 08:56:35 | 000,040,993 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.01 08:56:21 | 000,732,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.01 08:56:21 | 000,681,988 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.01 08:56:21 | 000,170,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.01 08:56:21 | 000,138,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.01 08:51:15 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 08:51:15 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 08:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.01 07:47:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.30 22:35:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mock\Desktop\OTL.exe
[2011.11.29 23:32:53 | 000,000,227 | ---- | M] () -- C:\Users\Mock\Desktop\good bad worse.rtf
[2011.11.29 19:02:47 | 004,031,101 | ---- | M] () -- C:\Users\Mock\Desktop\System der politischen Oekonomie.pdf
[2011.11.29 19:01:32 | 000,052,836 | ---- | M] () -- C:\Users\Mock\Desktop\Georg_Franck_Wien.pdf
[2011.11.29 13:09:26 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2011.11.29 12:57:23 | 002,617,176 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Mock\Desktop\revosetup193.exe
[2011.11.29 12:45:50 | 026,489,760 | ---- | M] (TuneUp Software) -- C:\Users\Mock\Desktop\TuneUpUtilities2012_de-DE.exe
[2011.11.28 16:12:12 | 000,000,853 | ---- | M] () -- C:\Users\Mock\Desktop\berliner staatsbib - werbung.rtf
[2011.11.27 13:34:41 | 000,003,805 | ---- | M] () -- C:\Users\Mock\Desktop\werner herzog.rtf
[2011.11.26 18:59:47 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.11.26 18:51:59 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mock\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.24 11:05:25 | 084,419,032 | ---- | M] () -- C:\Users\Mock\Desktop\avira_free_antivirus_de.exe
[2011.11.22 18:55:54 | 000,401,796 | ---- | M] () -- C:\Users\Mock\Desktop\Kreatives_Schreiben_M_Falkenberg.pdf
[2011.11.21 15:42:57 | 000,128,915 | ---- | M] () -- C:\Users\Mock\Desktop\das kapital - neu lesen.pdf
[2011.11.21 15:36:11 | 000,004,446 | ---- | M] () -- C:\Users\Mock\Desktop\kapital.rtf
[2011.11.18 14:13:54 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.11.18 14:13:54 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.11.13 11:11:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.07 23:41:35 | 000,002,735 | ---- | M] () -- C:\Users\Mock\Desktop\versprechen - krimi.rtf
[2011.11.06 14:43:37 | 000,648,692 | ---- | M] () -- C:\Users\Mock\Desktop\IJN_carrier_Amagi_capsized_off_Kure_in_1946.jpg
[2011.11.05 13:47:52 | 000,023,522 | ---- | M] () -- C:\Users\Mock\Desktop\alan moore - behind the painted smile.rtf
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.29 23:32:52 | 000,000,227 | ---- | C] () -- C:\Users\Mock\Desktop\good bad worse.rtf
[2011.11.29 19:02:47 | 004,031,101 | ---- | C] () -- C:\Users\Mock\Desktop\System der politischen Oekonomie.pdf
[2011.11.29 19:00:14 | 000,052,836 | ---- | C] () -- C:\Users\Mock\Desktop\Georg_Franck_Wien.pdf
[2011.11.29 13:06:38 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2011.11.29 12:49:41 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.28 16:12:12 | 000,000,853 | ---- | C] () -- C:\Users\Mock\Desktop\berliner staatsbib - werbung.rtf
[2011.11.27 13:01:01 | 000,003,805 | ---- | C] () -- C:\Users\Mock\Desktop\werner herzog.rtf
[2011.11.24 11:02:56 | 084,419,032 | ---- | C] () -- C:\Users\Mock\Desktop\avira_free_antivirus_de.exe
[2011.11.22 18:47:24 | 000,401,796 | ---- | C] () -- C:\Users\Mock\Desktop\Kreatives_Schreiben_M_Falkenberg.pdf
[2011.11.21 15:42:57 | 000,128,915 | ---- | C] () -- C:\Users\Mock\Desktop\das kapital - neu lesen.pdf
[2011.11.21 15:33:51 | 000,004,446 | ---- | C] () -- C:\Users\Mock\Desktop\kapital.rtf
[2011.11.07 23:40:06 | 000,002,735 | ---- | C] () -- C:\Users\Mock\Desktop\versprechen - krimi.rtf
[2011.11.06 14:43:37 | 000,648,692 | ---- | C] () -- C:\Users\Mock\Desktop\IJN_carrier_Amagi_capsized_off_Kure_in_1946.jpg
[2011.11.05 13:47:52 | 000,023,522 | ---- | C] () -- C:\Users\Mock\Desktop\alan moore - behind the painted smile.rtf
[2011.05.02 20:37:40 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.01.24 16:05:30 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.01.24 16:04:47 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.01.02 02:38:12 | 000,000,268 | RH-- | C] () -- C:\Users\Mock\AppData\Roaming\manual
[2011.01.02 02:38:12 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2011.01.02 02:38:12 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.01.02 02:35:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\vhosts
[2011.01.02 02:35:39 | 000,000,268 | RH-- | C] () -- C:\Users\Mock\AppData\Roaming\laserjet
[2011.01.02 02:35:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.09.25 23:11:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.09.08 15:44:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.03.16 15:59:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010.03.16 15:59:24 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.01.09 23:37:57 | 000,267,031 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_nav.dat
[2010.01.09 23:37:57 | 000,003,497 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub.dat
[2010.01.09 23:37:57 | 000,003,084 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_navps.dat
[2009.12.16 20:13:07 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.10.20 21:17:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.20 21:17:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 21:17:00 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.10.01 11:12:34 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2009.10.01 00:41:21 | 000,000,090 | ---- | C] () -- C:\Users\Mock\AppData\Local\yseqcc.bat
[2009.06.21 23:55:50 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.24 19:38:15 | 000,000,532 | ---- | C] () -- C:\Users\Mock\AppData\Roaming\wklnhst.dat
[2009.03.07 00:20:56 | 000,000,092 | ---- | C] () -- C:\Users\Mock\AppData\Local\fusioncache.dat
[2009.01.30 18:41:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.25 22:53:36 | 000,000,162 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.13 02:04:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.13 01:01:47 | 000,051,712 | ---- | C] () -- C:\Users\Mock\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 11:32:08 | 000,000,680 | ---- | C] () -- C:\Users\Mock\AppData\Local\d3d9caps.dat
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 22:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.05 08:02:20 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.08.05 07:49:27 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.07.09 09:29:34 | 000,040,993 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.09 09:29:34 | 000,040,993 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.09 08:42:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.25 01:07:22 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.06.25 01:07:02 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.06.25 01:06:56 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.01.21 09:31:48 | 000,732,432 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:31:48 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:31:48 | 000,170,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:31:48 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.30 09:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.04.16 02:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 002,509,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,681,988 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,138,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.04.17 09:14:00 | 000,097,388 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2000.08.29 08:40:10 | 000,006,137 | ---- | C] () -- C:\Windows\System32\E1.ini
[2000.08.02 14:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 172 bytes -> C:\Users\Mock\Desktop\Immatrikulationsbescheinigung.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
         
--- --- ---
__________________

Geändert von martin2und3 (01.12.2011 um 09:16 Uhr)

Alt 01.12.2011, 09:44   #4
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hi,

wir setzen doch nicht etwa nicht lizensierte SW ein?
O1 - Hosts: 127.0.0.1 activate.adobe.com

Bitte den Inhalt (nicht ausführen) von folgender Datei posten:
C:\Users\Mock\AppData\Local\yseqcc.bat


Dateien Online überprüfen lassen:
  • Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\RunUnDrv.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Reste einer alten Infektionsind auch noch drauf...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell - "" = AutoRun
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell - "" = AutoRun
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
[2010.01.09 23:37:57 | 000,267,031 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_nav.dat
[2010.01.09 23:37:57 | 000,003,497 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub.dat
[2010.01.09 23:37:57 | 000,003,084 | ---- | C] () -- C:\Users\Mock\AppData\Local\khlptqub_navps.dat
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C31F31E6

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 01.12.2011, 10:02   #5
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



okay, hier erst mal das Ergebnis von VT zur RunUnDrv.exe



0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
RunUnDrv.exe
Submission date:
2011-12-01 08:41:49 (UTC)
Current status:
queued queued analysing finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.30.00 2011.11.30 -
AntiVir 7.11.18.142 2011.12.01 -
Antiy-AVL 2.0.3.7 2011.12.01 -
Avast 6.0.1289.0 2011.11.30 -
AVG 10.0.0.1190 2011.11.30 -
BitDefender 7.2 2011.12.01 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.12.01 -
ClamAV 0.97.3.0 2011.12.01 -
Commtouch 5.3.2.6 2011.12.01 -
Comodo 10797 2011.12.01 -
DrWeb 5.0.2.03300 2011.12.01 -
Emsisoft 5.1.0.11 2011.12.01 -
eSafe 7.0.17.0 2011.11.30 Win32.Malware
eTrust-Vet 37.0.9596 2011.11.30 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.01 -
Fortinet 4.3.388.0 2011.12.01 -
GData 22.292/22.543 2011.12.01 -
Ikarus T3.1.1.109.0 2011.12.01 -
Jiangmin 13.0.900 2011.11.30 -
K7AntiVirus 9.119.5570 2011.11.30 -
Kaspersky 9.0.0.837 2011.12.01 -
McAfee 5.400.0.1158 2011.12.01 -
McAfee-GW-Edition 2010.1D 2011.12.01 -
Microsoft 1.7903 2011.12.01 -
NOD32 6668 2011.11.29 -
Norman 6.07.13 2011.11.30 -
nProtect 2011-12-01.01 2011.12.01 -
Panda 10.0.3.5 2011.11.30 -
PCTools 8.0.0.5 2011.12.01 -
Prevx 3.0 2011.12.01 -
Rising 23.86.03.01 2011.12.01 -
Sophos 4.71.0 2011.12.01 -
SUPERAntiSpyware 4.40.0.1006 2011.12.01 -
Symantec 20111.2.0.82 2011.12.01 -
TheHacker 6.7.0.1.352 2011.11.30 -
TrendMicro 9.500.0.1008 2011.12.01 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.01 -
VBA32 3.12.16.4 2011.12.01 -
VIPRE 11186 2011.12.01 -
ViRobot 2011.12.1.4802 2011.12.01 -
VirusBuster 14.1.93.0 2011.11.30 -
Additional information
Show all
MD5 : 36ed1e6cf0e94ff49c5dc8fcffedc7ea
SHA1 : 1eec6ed7292db8c8c9e1cf766b8f87c2fbfdab4b
SHA256: e84f8c7be8db133ebb7b063b14d6d7278daa5af4f6962e35806f5f7820e3b8ba
ssdeep: 384:8Zoc4n9T+TJKoDlU36dobGsudZ7R+4HvTZe3mgMz:8Zoc8+hKd7QPHvA3mg
File size : 26112 bytes
First seen: 2009-01-31 15:57:17
Last seen : 2011-12-01 08:41:49
TrID:
Win32 Executable MS Visual C++ (generic) (63.0%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: InstallShield 2000
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x18C0
timedatestamp....: 0x39881859 (Wed Aug 02 12:47:21 2000)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2F36, 0x3000, 6.38, c7585e40ff94551847bf9a5642e559ac
.rdata, 0x4000, 0x866, 0xA00, 4.68, 4995e5f32a7868a0e6ce1d7552ce9985
.data, 0x5000, 0x2C18, 0x2800, 0.80, 9691b26a510b127e9baf2d702d2aedcb

[[ 2 import(s) ]]
KERNEL32.dll: GetACP, DeleteFileA, CopyFileA, GetTempFileNameA, GetTempPathA, FreeLibrary, SetErrorMode, GetProcAddress, LoadLibraryA, MultiByteToWideChar, FreeEnvironmentStringsA, VirtualAlloc, HeapAlloc, GetLastError, GetFileAttributesA, ExitProcess, TerminateProcess, GetCurrentProcess, SetFileAttributesA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, GetCPInfo, GetPrivateProfileStringA, GetOEMCP, UnhandledExceptionFilter, GetModuleFileNameA, GetStringTypeW, HeapFree, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, WriteFile, LCMapStringA, LCMapStringW, GetStringTypeA
USER32.dll: GetTopWindow, MessageBoxA, wsprintfA
ExifTool:
file metadata
CodeSize: 12288
EntryPoint: 0x18c0
FileSize: 26 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 14336
LinkerVersion: 5.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2000:08:02 14:47:21+02:00
UninitializedDataSize: 0

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!





bin mir gerade nicht ganz sicher wie ich den Inhalt der yseqcc.bat posten soll ohne sie ausversehen auszuführen.. geht das irgendwie mit "öffnen mit" oder wie mache ich das? oder kann ich die einfach mit nem doppelklick öffnen?


Alt 01.12.2011, 10:11   #6
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



und hier noch das Ergebnis von OTL


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
File E:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cfe6009-c8fc-11df-a7a2-baa264f0f35a}\ not found.
File E:\Directx\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
File G:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba770ca-794c-11de-bc3d-001a80d630c1}\ not found.
File G:\Directx\dxsetup.exe not found.
C:\Users\Mock\AppData\Local\khlptqub_nav.dat moved successfully.
C:\Users\Mock\AppData\Local\khlptqub.dat moved successfully.
C:\Users\Mock\AppData\Local\khlptqub_navps.dat moved successfully.
ADS C:\ProgramData\TEMP:B606BA34 deleted successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 16498 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41818 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mock
->Temp folder emptied: 96621174 bytes
->Temporary Internet Files folder emptied: 9484700 bytes
->Java cache emptied: 10974745 bytes
->FireFox cache emptied: 97057368 bytes
->Flash cache emptied: 427749 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1249280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12040444 bytes
RecycleBin emptied: 871425696 bytes

Total Files Cleaned = 1.048,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mock
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12012011_100250

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 01.12.2011, 19:35   #7
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hi,

prüfen wir noch auf Rootkit...

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

aswMBR
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.
  • Doppelklick auf die aswMBR.exe.
  • Scan-Button anklicken
  • Bootsectoren (MBR) etc. werden nun untersucht.....
  • Log speichern und im Thread posten

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 02.12.2011, 00:21   #8
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hi,

hier der Report vom TDSS - Scan:



23:28:51.0274 5052 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
23:28:53.0317 5052 ============================================================
23:28:53.0317 5052 Current date / time: 2011/12/01 23:28:53.0317
23:28:53.0317 5052 SystemInfo:
23:28:53.0317 5052
23:28:53.0317 5052 OS Version: 6.0.6002 ServicePack: 2.0
23:28:53.0317 5052 Product type: Workstation
23:28:53.0317 5052 ComputerName: MOCK
23:28:53.0317 5052 UserName: Mock
23:28:53.0317 5052 Windows directory: C:\Windows
23:28:53.0317 5052 System windows directory: C:\Windows
23:28:53.0317 5052 Processor architecture: Intel x86
23:28:53.0317 5052 Number of processors: 2
23:28:53.0317 5052 Page size: 0x1000
23:28:53.0317 5052 Boot type: Normal boot
23:28:53.0317 5052 ============================================================
23:28:53.0770 5052 Initialize success
23:29:04.0050 5608 ============================================================
23:29:04.0050 5608 Scan started
23:29:04.0050 5608 Mode: Manual;
23:29:04.0050 5608 ============================================================
23:29:04.0518 5608 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:29:04.0518 5608 ACPI - ok
23:29:04.0658 5608 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
23:29:04.0674 5608 adfs - ok
23:29:04.0877 5608 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:29:04.0892 5608 adp94xx - ok
23:29:05.0033 5608 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:29:05.0048 5608 adpahci - ok
23:29:05.0080 5608 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:29:05.0095 5608 adpu160m - ok
23:29:05.0126 5608 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:29:05.0142 5608 adpu320 - ok
23:29:05.0267 5608 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:29:05.0298 5608 AFD - ok
23:29:05.0407 5608 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:29:05.0407 5608 agp440 - ok
23:29:05.0454 5608 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:29:05.0470 5608 aic78xx - ok
23:29:05.0641 5608 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:29:05.0657 5608 aliide - ok
23:29:05.0719 5608 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:29:05.0735 5608 amdagp - ok
23:29:05.0797 5608 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:29:05.0813 5608 amdide - ok
23:29:05.0891 5608 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:29:05.0906 5608 AmdK7 - ok
23:29:05.0984 5608 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:29:06.0000 5608 AmdK8 - ok
23:29:06.0094 5608 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:29:06.0109 5608 ApfiltrService - ok
23:29:06.0265 5608 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:29:06.0281 5608 arc - ok
23:29:06.0343 5608 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:29:06.0359 5608 arcsas - ok
23:29:06.0468 5608 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:29:06.0484 5608 AsyncMac - ok
23:29:06.0530 5608 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
23:29:06.0546 5608 atapi - ok
23:29:06.0624 5608 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
23:29:06.0624 5608 avgntflt - ok
23:29:06.0702 5608 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
23:29:06.0702 5608 avipbb - ok
23:29:06.0780 5608 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
23:29:06.0796 5608 avkmgr - ok
23:29:06.0874 5608 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:29:06.0889 5608 Beep - ok
23:29:06.0967 5608 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:29:06.0983 5608 blbdrive - ok
23:29:07.0061 5608 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:29:07.0061 5608 bowser - ok
23:29:07.0139 5608 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:29:07.0139 5608 BrFiltLo - ok
23:29:07.0186 5608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:29:07.0201 5608 BrFiltUp - ok
23:29:07.0248 5608 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:29:07.0264 5608 Brserid - ok
23:29:07.0310 5608 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:29:07.0326 5608 BrSerWdm - ok
23:29:07.0388 5608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:29:07.0388 5608 BrUsbMdm - ok
23:29:07.0420 5608 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:29:07.0420 5608 BrUsbSer - ok
23:29:07.0513 5608 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
23:29:07.0529 5608 BthEnum - ok
23:29:07.0591 5608 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
23:29:07.0591 5608 BTHMODEM - ok
23:29:07.0669 5608 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
23:29:07.0669 5608 BthPan - ok
23:29:07.0763 5608 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
23:29:07.0778 5608 BTHPORT - ok
23:29:07.0856 5608 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
23:29:07.0872 5608 BTHUSB - ok
23:29:07.0950 5608 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
23:29:07.0966 5608 btwaudio - ok
23:29:08.0075 5608 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
23:29:08.0090 5608 btwavdt - ok
23:29:08.0122 5608 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:29:08.0122 5608 btwl2cap - ok
23:29:08.0278 5608 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
23:29:08.0293 5608 btwrchid - ok
23:29:08.0340 5608 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:29:08.0340 5608 cdfs - ok
23:29:08.0449 5608 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:29:08.0465 5608 cdrom - ok
23:29:08.0496 5608 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:29:08.0512 5608 circlass - ok
23:29:08.0558 5608 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:29:08.0574 5608 CLFS - ok
23:29:08.0730 5608 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:29:08.0730 5608 CmBatt - ok
23:29:08.0761 5608 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:29:08.0777 5608 cmdide - ok
23:29:08.0792 5608 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:29:08.0808 5608 Compbatt - ok
23:29:08.0870 5608 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:29:08.0886 5608 crcdisk - ok
23:29:08.0917 5608 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:29:08.0933 5608 Crusoe - ok
23:29:09.0011 5608 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
23:29:09.0042 5608 CSC - ok
23:29:09.0151 5608 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
23:29:09.0151 5608 CVirtA - ok
23:29:09.0198 5608 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:29:09.0214 5608 DfsC - ok
23:29:09.0370 5608 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:29:09.0370 5608 disk - ok
23:29:09.0494 5608 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
23:29:09.0510 5608 DMICall - ok
23:29:09.0572 5608 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
23:29:09.0604 5608 DNE - ok
23:29:09.0713 5608 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:29:09.0728 5608 Dot4 - ok
23:29:09.0760 5608 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:29:09.0775 5608 Dot4Print - ok
23:29:09.0869 5608 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:29:09.0869 5608 dot4usb - ok
23:29:09.0931 5608 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:29:09.0947 5608 drmkaud - ok
23:29:10.0056 5608 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:29:10.0072 5608 DXGKrnl - ok
23:29:10.0181 5608 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:29:10.0196 5608 E1G60 - ok
23:29:10.0259 5608 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys
23:29:10.0274 5608 e1yexpress - ok
23:29:10.0384 5608 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:29:10.0399 5608 Ecache - ok
23:29:10.0477 5608 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:29:10.0493 5608 elxstor - ok
23:29:10.0602 5608 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:29:10.0618 5608 ErrDev - ok
23:29:10.0711 5608 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:29:10.0727 5608 exfat - ok
23:29:10.0805 5608 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:29:10.0820 5608 fastfat - ok
23:29:10.0914 5608 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:29:10.0914 5608 fdc - ok
23:29:11.0008 5608 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:29:11.0023 5608 FileInfo - ok
23:29:11.0070 5608 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:29:11.0086 5608 Filetrace - ok
23:29:11.0179 5608 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:29:11.0195 5608 flpydisk - ok
23:29:11.0273 5608 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:29:11.0288 5608 FltMgr - ok
23:29:11.0382 5608 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:29:11.0382 5608 Fs_Rec - ok
23:29:11.0444 5608 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:29:11.0460 5608 gagp30kx - ok
23:29:11.0491 5608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:29:11.0507 5608 GEARAspiWDM - ok
23:29:11.0600 5608 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:29:11.0616 5608 HdAudAddService - ok
23:29:11.0710 5608 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:29:11.0710 5608 HDAudBus - ok
23:29:11.0788 5608 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:29:11.0803 5608 HidBth - ok
23:29:11.0834 5608 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:29:11.0850 5608 HidIr - ok
23:29:11.0944 5608 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:29:11.0959 5608 HidUsb - ok
23:29:12.0022 5608 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:29:12.0037 5608 HpCISSs - ok
23:29:12.0162 5608 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:29:12.0178 5608 HSFHWAZL - ok
23:29:12.0271 5608 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:29:12.0318 5608 HSF_DPV - ok
23:29:12.0412 5608 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:29:12.0427 5608 HSXHWAZL - ok
23:29:12.0490 5608 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:29:12.0552 5608 HTTP - ok
23:29:12.0646 5608 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:29:12.0661 5608 i2omp - ok
23:29:12.0770 5608 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:29:12.0770 5608 i8042prt - ok
23:29:12.0817 5608 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
23:29:12.0833 5608 iaStor - ok
23:29:12.0958 5608 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:29:12.0973 5608 iaStorV - ok
23:29:13.0098 5608 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:29:13.0114 5608 iirsp - ok
23:29:13.0238 5608 IntcAzAudAddService (fbbe3f1697d393be685cd6192b1ec95a) C:\Windows\system32\drivers\RTKVHDA.sys
23:29:13.0316 5608 IntcAzAudAddService - ok
23:29:13.0426 5608 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:29:13.0426 5608 intelide - ok
23:29:13.0472 5608 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:29:13.0472 5608 intelppm - ok
23:29:13.0628 5608 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:29:13.0628 5608 IpFilterDriver - ok
23:29:13.0660 5608 IpInIp - ok
23:29:13.0691 5608 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:29:13.0691 5608 IPMIDRV - ok
23:29:13.0738 5608 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:29:13.0738 5608 IPNAT - ok
23:29:13.0878 5608 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:29:13.0894 5608 IRENUM - ok
23:29:13.0925 5608 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:29:13.0940 5608 isapnp - ok
23:29:13.0972 5608 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:29:13.0987 5608 iScsiPrt - ok
23:29:14.0081 5608 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:29:14.0081 5608 iteatapi - ok
23:29:14.0128 5608 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:29:14.0143 5608 iteraid - ok
23:29:14.0252 5608 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:29:14.0268 5608 kbdclass - ok
23:29:14.0284 5608 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:29:14.0284 5608 kbdhid - ok
23:29:14.0346 5608 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:29:14.0377 5608 KSecDD - ok
23:29:14.0502 5608 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:29:14.0518 5608 lltdio - ok
23:29:14.0580 5608 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:29:14.0580 5608 LSI_FC - ok
23:29:14.0627 5608 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:29:14.0642 5608 LSI_SAS - ok
23:29:14.0736 5608 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:29:14.0752 5608 LSI_SCSI - ok
23:29:14.0783 5608 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:29:14.0798 5608 luafv - ok
23:29:14.0845 5608 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
23:29:14.0845 5608 MBAMProtector - ok
23:29:14.0939 5608 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
23:29:14.0954 5608 mcdbus - ok
23:29:14.0986 5608 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:29:15.0001 5608 mdmxsdk - ok
23:29:15.0110 5608 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:29:15.0110 5608 megasas - ok
23:29:15.0173 5608 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:29:15.0188 5608 MegaSR - ok
23:29:15.0313 5608 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:29:15.0329 5608 Modem - ok
23:29:15.0344 5608 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:29:15.0344 5608 monitor - ok
23:29:15.0391 5608 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:29:15.0391 5608 mouclass - ok
23:29:15.0469 5608 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:29:15.0485 5608 mouhid - ok
23:29:15.0516 5608 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:29:15.0532 5608 MountMgr - ok
23:29:15.0594 5608 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:29:15.0610 5608 mpio - ok
23:29:15.0688 5608 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:29:15.0703 5608 mpsdrv - ok
23:29:15.0734 5608 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:29:15.0750 5608 Mraid35x - ok
23:29:15.0812 5608 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:29:15.0828 5608 MRxDAV - ok
23:29:15.0906 5608 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:29:15.0922 5608 mrxsmb - ok
23:29:15.0968 5608 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:29:15.0984 5608 mrxsmb10 - ok
23:29:16.0093 5608 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:29:16.0109 5608 mrxsmb20 - ok
23:29:16.0140 5608 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:29:16.0156 5608 msahci - ok
23:29:16.0249 5608 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:29:16.0265 5608 msdsm - ok
23:29:16.0327 5608 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:29:16.0343 5608 Msfs - ok
23:29:16.0436 5608 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:29:16.0436 5608 msisadrv - ok
23:29:16.0499 5608 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:29:16.0499 5608 MSKSSRV - ok
23:29:16.0530 5608 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:29:16.0530 5608 MSPCLOCK - ok
23:29:16.0561 5608 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:29:16.0577 5608 MSPQM - ok
23:29:16.0655 5608 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:29:16.0655 5608 MsRPC - ok
23:29:16.0717 5608 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:29:16.0717 5608 mssmbios - ok
23:29:16.0795 5608 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:29:16.0811 5608 MSTEE - ok
23:29:16.0904 5608 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
23:29:16.0920 5608 MTOnlPktAlyX - ok
23:29:17.0029 5608 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:29:17.0029 5608 Mup - ok
23:29:17.0107 5608 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:29:17.0123 5608 NativeWifiP - ok
23:29:17.0294 5608 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:29:17.0294 5608 NDIS - ok
23:29:17.0404 5608 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:29:17.0404 5608 NdisTapi - ok
23:29:17.0435 5608 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:29:17.0450 5608 Ndisuio - ok
23:29:17.0482 5608 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:29:17.0497 5608 NdisWan - ok
23:29:17.0591 5608 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:29:17.0591 5608 NDProxy - ok
23:29:17.0731 5608 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:29:17.0731 5608 NetBIOS - ok
23:29:17.0778 5608 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:29:17.0809 5608 netbt - ok
23:29:18.0059 5608 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
23:29:18.0215 5608 NETw5v32 - ok
23:29:18.0308 5608 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:29:18.0308 5608 nfrd960 - ok
23:29:18.0355 5608 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:29:18.0355 5608 Npfs - ok
23:29:18.0371 5608 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:29:18.0371 5608 nsiproxy - ok
23:29:18.0449 5608 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:29:18.0480 5608 Ntfs - ok
23:29:18.0574 5608 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:29:18.0574 5608 ntrigdigi - ok
23:29:18.0620 5608 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:29:18.0620 5608 Null - ok
23:29:18.0886 5608 nvlddmkm (aafafe8671c79859b68129a367f29ba7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:29:19.0135 5608 nvlddmkm - ok
23:29:19.0260 5608 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:29:19.0276 5608 nvraid - ok
23:29:19.0291 5608 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:29:19.0307 5608 nvstor - ok
23:29:19.0369 5608 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:29:19.0385 5608 nv_agp - ok
23:29:19.0432 5608 NwlnkFlt - ok
23:29:19.0447 5608 NwlnkFwd - ok
23:29:19.0494 5608 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:29:19.0510 5608 ohci1394 - ok
23:29:19.0572 5608 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:29:19.0572 5608 Parport - ok
23:29:19.0650 5608 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:29:19.0666 5608 partmgr - ok
23:29:19.0712 5608 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:29:19.0712 5608 Parvdm - ok
23:29:19.0790 5608 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:29:19.0806 5608 pci - ok
23:29:19.0868 5608 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:29:19.0884 5608 pciide - ok
23:29:19.0978 5608 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
23:29:19.0993 5608 pcmcia - ok
23:29:20.0056 5608 PCTAppEvent (cc174f32cc9c18ea3109c4b0fc2ca8df) C:\Windows\system32\drivers\PCTAppEvent.sys
23:29:20.0071 5608 PCTAppEvent - ok
23:29:20.0180 5608 PCTFW-DNS (0afd401e45033c6264080989647989d2) C:\Windows\system32\drivers\pctNdis-DNS.sys
23:29:20.0180 5608 PCTFW-DNS - ok
23:29:20.0305 5608 PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
23:29:20.0321 5608 PCTFW-PacketFilter - ok
23:29:20.0508 5608 pctgntdi (39e8623f9f29dbc9e053a696d85f8ac6) C:\Windows\System32\drivers\pctgntdi.sys
23:29:20.0524 5608 pctgntdi - ok
23:29:20.0648 5608 pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\Windows\system32\DRIVERS\pctNdis.sys
23:29:20.0664 5608 pctNDIS - ok
23:29:20.0742 5608 pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\Windows\System32\drivers\pctplfw.sys
23:29:20.0758 5608 pctplfw - ok
23:29:20.0898 5608 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:29:20.0945 5608 PEAUTH - ok
23:29:21.0148 5608 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:29:21.0148 5608 PptpMiniport - ok
23:29:21.0179 5608 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:29:21.0194 5608 Processor - ok
23:29:21.0241 5608 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:29:21.0241 5608 PSched - ok
23:29:21.0350 5608 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
23:29:21.0382 5608 PxHelp20 - ok
23:29:21.0460 5608 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:29:21.0506 5608 ql2300 - ok
23:29:21.0600 5608 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:29:21.0616 5608 ql40xx - ok
23:29:21.0647 5608 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:29:21.0662 5608 QWAVEdrv - ok
23:29:21.0772 5608 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:29:21.0787 5608 RasAcd - ok
23:29:21.0834 5608 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:29:21.0850 5608 Rasl2tp - ok
23:29:21.0943 5608 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:29:21.0943 5608 RasPppoe - ok
23:29:21.0990 5608 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:29:22.0006 5608 RasSstp - ok
23:29:22.0099 5608 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:29:22.0130 5608 rdbss - ok
23:29:22.0177 5608 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:29:22.0177 5608 RDPCDD - ok
23:29:22.0271 5608 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
23:29:22.0302 5608 rdpdr - ok
23:29:22.0318 5608 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:29:22.0318 5608 RDPENCDD - ok
23:29:22.0396 5608 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:29:22.0411 5608 RDPWD - ok
23:29:22.0505 5608 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
23:29:22.0505 5608 regi - ok
23:29:22.0583 5608 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
23:29:22.0598 5608 RFCOMM - ok
23:29:22.0708 5608 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:29:22.0723 5608 rimsptsk - ok
23:29:22.0739 5608 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
23:29:22.0754 5608 risdptsk - ok
23:29:22.0817 5608 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:29:22.0832 5608 rspndr - ok
23:29:23.0020 5608 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:29:23.0035 5608 sbp2port - ok
23:29:23.0191 5608 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
23:29:23.0207 5608 sdbus - ok
23:29:23.0254 5608 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:29:23.0254 5608 secdrv - ok
23:29:23.0394 5608 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:29:23.0410 5608 Serenum - ok
23:29:23.0472 5608 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
23:29:23.0488 5608 Serial - ok
23:29:23.0503 5608 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:29:23.0519 5608 sermouse - ok
23:29:23.0628 5608 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
23:29:23.0628 5608 SFEP - ok
23:29:23.0706 5608 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:29:23.0706 5608 sffdisk - ok
23:29:23.0831 5608 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:29:23.0831 5608 sffp_mmc - ok
23:29:23.0909 5608 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:29:23.0924 5608 sffp_sd - ok
23:29:23.0940 5608 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:29:23.0940 5608 sfloppy - ok
23:29:24.0049 5608 shpf (fd165f1309e8da2a969fbbb16635e459) C:\Windows\system32\DRIVERS\shpf.sys
23:29:24.0065 5608 shpf - ok
23:29:24.0112 5608 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:29:24.0127 5608 sisagp - ok
23:29:24.0190 5608 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:29:24.0205 5608 SiSRaid2 - ok
23:29:24.0252 5608 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:29:24.0252 5608 SiSRaid4 - ok
23:29:24.0346 5608 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:29:24.0346 5608 Smb - ok
23:29:24.0439 5608 SPI (225a17c6ad0207a058d728c0fa87e61d) C:\Windows\system32\DRIVERS\SonyPI.sys
23:29:24.0439 5608 SPI - ok
23:29:24.0486 5608 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:29:24.0486 5608 spldr - ok
23:29:24.0548 5608 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
23:29:24.0548 5608 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
23:29:24.0548 5608 sptd ( LockedFile.Multi.Generic ) - warning
23:29:24.0548 5608 sptd - detected LockedFile.Multi.Generic (1)
23:29:24.0658 5608 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:29:24.0673 5608 srv - ok
23:29:24.0720 5608 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:29:24.0736 5608 srv2 - ok
23:29:24.0814 5608 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:29:24.0814 5608 srvnet - ok
23:29:24.0892 5608 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:29:24.0907 5608 ssmdrv - ok
23:29:25.0048 5608 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:29:25.0048 5608 swenum - ok
23:29:25.0094 5608 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:29:25.0110 5608 Symc8xx - ok
23:29:25.0204 5608 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:29:25.0219 5608 Sym_hi - ok
23:29:25.0266 5608 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:29:25.0266 5608 Sym_u3 - ok
23:29:25.0422 5608 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:29:25.0469 5608 Tcpip - ok
23:29:25.0594 5608 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:29:25.0609 5608 Tcpip6 - ok
23:29:25.0703 5608 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:29:25.0718 5608 tcpipreg - ok
23:29:25.0750 5608 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
23:29:25.0765 5608 TcUsb - ok
23:29:25.0859 5608 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:29:25.0874 5608 TDPIPE - ok
23:29:25.0906 5608 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:29:25.0906 5608 TDTCP - ok
23:29:25.0952 5608 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:29:25.0952 5608 tdx - ok
23:29:26.0046 5608 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:29:26.0062 5608 TermDD - ok
23:29:26.0171 5608 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
23:29:26.0171 5608 TPM - ok
23:29:26.0264 5608 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:29:26.0264 5608 tssecsrv - ok
23:29:26.0358 5608 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
23:29:26.0358 5608 TuneUpUtilitiesDrv - ok
23:29:26.0452 5608 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:29:26.0452 5608 tunmp - ok
23:29:26.0530 5608 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:29:26.0530 5608 tunnel - ok
23:29:26.0608 5608 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:29:26.0623 5608 uagp35 - ok
23:29:26.0686 5608 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:29:26.0701 5608 udfs - ok
23:29:26.0764 5608 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:29:26.0779 5608 uliagpkx - ok
23:29:26.0842 5608 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:29:26.0857 5608 uliahci - ok
23:29:26.0920 5608 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:29:26.0935 5608 UlSata - ok
23:29:27.0013 5608 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:29:27.0029 5608 ulsata2 - ok
23:29:27.0091 5608 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:29:27.0107 5608 umbus - ok
23:29:27.0200 5608 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
23:29:27.0216 5608 USBAAPL - ok
23:29:27.0294 5608 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:29:27.0310 5608 usbccgp - ok
23:29:27.0388 5608 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:29:27.0419 5608 usbcir - ok
23:29:27.0481 5608 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:29:27.0481 5608 usbehci - ok
23:29:27.0559 5608 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:29:27.0590 5608 usbhub - ok
23:29:27.0653 5608 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:29:27.0668 5608 usbohci - ok
23:29:27.0746 5608 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:29:27.0746 5608 usbprint - ok
23:29:27.0840 5608 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:29:27.0840 5608 usbscan - ok
23:29:27.0918 5608 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:29:27.0918 5608 USBSTOR - ok
23:29:27.0996 5608 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:29:28.0012 5608 usbuhci - ok
23:29:28.0043 5608 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:29:28.0058 5608 usbvideo - ok
23:29:28.0105 5608 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
23:29:28.0105 5608 usb_rndisx - ok
23:29:28.0230 5608 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:29:28.0246 5608 vga - ok
23:29:28.0277 5608 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:29:28.0292 5608 VgaSave - ok
23:29:28.0370 5608 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:29:28.0386 5608 viaagp - ok
23:29:28.0417 5608 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:29:28.0433 5608 ViaC7 - ok
23:29:28.0480 5608 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:29:28.0495 5608 viaide - ok
23:29:28.0589 5608 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\Windows\system32\DRIVERS\VNUSB.sys
23:29:28.0604 5608 VNUSB - ok
23:29:28.0667 5608 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:29:28.0698 5608 volmgr - ok
23:29:28.0792 5608 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:29:28.0807 5608 volmgrx - ok
23:29:28.0885 5608 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:29:28.0901 5608 volsnap - ok
23:29:28.0979 5608 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:29:29.0010 5608 vsmraid - ok
23:29:29.0119 5608 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:29:29.0119 5608 WacomPen - ok
23:29:29.0197 5608 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:29:29.0213 5608 Wanarp - ok
23:29:29.0228 5608 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:29:29.0228 5608 Wanarpv6 - ok
23:29:29.0322 5608 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:29:29.0322 5608 Wd - ok
23:29:29.0416 5608 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:29:29.0447 5608 Wdf01000 - ok
23:29:29.0556 5608 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
23:29:29.0556 5608 WimFltr - ok
23:29:29.0650 5608 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:29:29.0696 5608 winachsf - ok
23:29:29.0806 5608 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:29:29.0821 5608 WmiAcpi - ok
23:29:29.0915 5608 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:29:29.0930 5608 ws2ifsl - ok
23:29:30.0024 5608 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:29:30.0040 5608 WUDFRd - ok
23:29:30.0118 5608 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
23:29:30.0118 5608 XAudio - ok
23:29:30.0196 5608 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
23:29:30.0227 5608 yukonwlh - ok
23:29:30.0336 5608 ZYXEL750 (1fd4be45f40f7534472b7b23fa223f6e) C:\Windows\system32\DRIVERS\WlanUTG.sys
23:29:30.0367 5608 ZYXEL750 - ok
23:29:30.0445 5608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:29:30.0476 5608 \Device\Harddisk0\DR0 - ok
23:29:30.0476 5608 Boot (0x1200) (cfb49b55e14d706fe9e9c2112c6a139c) \Device\Harddisk0\DR0\Partition0
23:29:30.0476 5608 \Device\Harddisk0\DR0\Partition0 - ok
23:29:30.0476 5608 ============================================================
23:29:30.0476 5608 Scan finished
23:29:30.0476 5608 ============================================================
23:29:30.0586 5120 Detected object count: 1
23:29:30.0586 5120 Actual detected object count: 1
23:30:19.0124 5120 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
23:30:19.0124 5120 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
23:30:23.0446 2224 ============================================================
23:30:23.0446 2224 Scan started
23:30:23.0446 2224 Mode: Manual;
23:30:23.0446 2224 ============================================================
23:30:23.0695 2224 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:30:23.0695 2224 ACPI - ok
23:30:23.0742 2224 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
23:30:23.0742 2224 adfs - ok
23:30:23.0851 2224 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:30:23.0867 2224 adp94xx - ok
23:30:23.0898 2224 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:30:23.0914 2224 adpahci - ok
23:30:24.0023 2224 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:30:24.0023 2224 adpu160m - ok
23:30:24.0054 2224 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:30:24.0054 2224 adpu320 - ok
23:30:24.0101 2224 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:30:24.0101 2224 AFD - ok
23:30:24.0210 2224 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:30:24.0210 2224 agp440 - ok
23:30:24.0257 2224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:30:24.0257 2224 aic78xx - ok
23:30:24.0304 2224 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:30:24.0304 2224 aliide - ok
23:30:24.0335 2224 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:30:24.0335 2224 amdagp - ok
23:30:24.0428 2224 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:30:24.0428 2224 amdide - ok
23:30:24.0460 2224 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:30:24.0460 2224 AmdK7 - ok
23:30:24.0491 2224 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:30:24.0491 2224 AmdK8 - ok
23:30:24.0600 2224 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:30:24.0600 2224 ApfiltrService - ok
23:30:24.0662 2224 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:30:24.0662 2224 arc - ok
23:30:24.0694 2224 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:30:24.0709 2224 arcsas - ok
23:30:24.0818 2224 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:24.0834 2224 AsyncMac - ok
23:30:24.0865 2224 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
23:30:24.0865 2224 atapi - ok
23:30:24.0912 2224 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
23:30:24.0912 2224 avgntflt - ok
23:30:25.0006 2224 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
23:30:25.0021 2224 avipbb - ok
23:30:25.0052 2224 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
23:30:25.0052 2224 avkmgr - ok
23:30:25.0099 2224 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:30:25.0099 2224 Beep - ok
23:30:25.0208 2224 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:30:25.0208 2224 blbdrive - ok
23:30:25.0255 2224 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:30:25.0255 2224 bowser - ok
23:30:25.0286 2224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:30:25.0286 2224 BrFiltLo - ok
23:30:25.0364 2224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:30:25.0364 2224 BrFiltUp - ok
23:30:25.0396 2224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:30:25.0396 2224 Brserid - ok
23:30:25.0427 2224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:30:25.0427 2224 BrSerWdm - ok
23:30:25.0474 2224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:30:25.0474 2224 BrUsbMdm - ok
23:30:25.0552 2224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:30:25.0567 2224 BrUsbSer - ok
23:30:25.0598 2224 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
23:30:25.0598 2224 BthEnum - ok
23:30:25.0630 2224 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:25.0645 2224 BTHMODEM - ok
23:30:25.0739 2224 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
23:30:25.0754 2224 BthPan - ok
23:30:25.0801 2224 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
23:30:25.0817 2224 BTHPORT - ok
23:30:25.0895 2224 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
23:30:25.0895 2224 BTHUSB - ok
23:30:25.0942 2224 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
23:30:25.0942 2224 btwaudio - ok
23:30:25.0973 2224 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
23:30:25.0973 2224 btwavdt - ok
23:30:26.0066 2224 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:30:26.0066 2224 btwl2cap - ok
23:30:26.0113 2224 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
23:30:26.0113 2224 btwrchid - ok
23:30:26.0160 2224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:30:26.0160 2224 cdfs - ok
23:30:26.0254 2224 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:30:26.0269 2224 cdrom - ok
23:30:26.0300 2224 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:30:26.0316 2224 circlass - ok
23:30:26.0410 2224 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:30:26.0410 2224 CLFS - ok
23:30:26.0456 2224 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:26.0456 2224 CmBatt - ok
23:30:26.0534 2224 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:30:26.0534 2224 cmdide - ok
23:30:26.0566 2224 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:30:26.0566 2224 Compbatt - ok
23:30:26.0581 2224 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:30:26.0581 2224 crcdisk - ok
23:30:26.0644 2224 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:30:26.0644 2224 Crusoe - ok
23:30:26.0753 2224 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
23:30:26.0753 2224 CSC - ok
23:30:26.0815 2224 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
23:30:26.0815 2224 CVirtA - ok
23:30:26.0909 2224 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:30:26.0924 2224 DfsC - ok
23:30:26.0971 2224 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:30:26.0971 2224 disk - ok
23:30:27.0018 2224 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
23:30:27.0034 2224 DMICall - ok
23:30:27.0112 2224 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
23:30:27.0112 2224 DNE - ok
23:30:27.0174 2224 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:30:27.0174 2224 Dot4 - ok
23:30:27.0221 2224 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:30:27.0221 2224 Dot4Print - ok
23:30:27.0299 2224 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:30:27.0299 2224 dot4usb - ok
23:30:27.0361 2224 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:30:27.0361 2224 drmkaud - ok
23:30:27.0455 2224 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:30:27.0470 2224 DXGKrnl - ok
23:30:27.0533 2224 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:30:27.0533 2224 E1G60 - ok
23:30:27.0595 2224 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys
23:30:27.0611 2224 e1yexpress - ok
23:30:27.0658 2224 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:30:27.0658 2224 Ecache - ok
23:30:27.0704 2224 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:30:27.0704 2224 elxstor - ok
23:30:27.0782 2224 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:30:27.0782 2224 ErrDev - ok
23:30:27.0860 2224 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:30:27.0860 2224 exfat - ok
23:30:27.0938 2224 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:30:27.0938 2224 fastfat - ok
23:30:28.0001 2224 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:30:28.0001 2224 fdc - ok
23:30:28.0063 2224 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:30:28.0063 2224 FileInfo - ok
23:30:28.0110 2224 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:30:28.0110 2224 Filetrace - ok
23:30:28.0188 2224 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:28.0188 2224 flpydisk - ok
23:30:28.0282 2224 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:30:28.0282 2224 FltMgr - ok
23:30:28.0344 2224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:30:28.0344 2224 Fs_Rec - ok
23:30:28.0406 2224 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:30:28.0406 2224 gagp30kx - ok
23:30:28.0438 2224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:30:28.0438 2224 GEARAspiWDM - ok
23:30:28.0531 2224 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:30:28.0531 2224 HdAudAddService - ok
23:30:28.0672 2224 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:30:28.0687 2224 HDAudBus - ok
23:30:28.0781 2224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:30:28.0781 2224 HidBth - ok
23:30:28.0828 2224 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:30:28.0828 2224 HidIr - ok
23:30:28.0937 2224 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:30:28.0937 2224 HidUsb - ok
23:30:28.0999 2224 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:30:29.0015 2224 HpCISSs - ok
23:30:29.0124 2224 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:30:29.0140 2224 HSFHWAZL - ok
23:30:29.0218 2224 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:30:29.0233 2224 HSF_DPV - ok
23:30:29.0327 2224 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:30:29.0327 2224 HSXHWAZL - ok
23:30:29.0405 2224 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:30:29.0405 2224 HTTP - ok
23:30:29.0498 2224 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:30:29.0498 2224 i2omp - ok
23:30:29.0545 2224 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:30:29.0545 2224 i8042prt - ok
23:30:29.0639 2224 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
23:30:29.0639 2224 iaStor - ok
23:30:29.0717 2224 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:30:29.0717 2224 iaStorV - ok
23:30:29.0826 2224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:30:29.0826 2224 iirsp - ok
23:30:29.0966 2224 IntcAzAudAddService (fbbe3f1697d393be685cd6192b1ec95a) C:\Windows\system32\drivers\RTKVHDA.sys
23:30:29.0998 2224 IntcAzAudAddService - ok
23:30:30.0076 2224 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:30:30.0076 2224 intelide - ok
23:30:30.0122 2224 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:30:30.0122 2224 intelppm - ok
23:30:30.0216 2224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:30.0216 2224 IpFilterDriver - ok
23:30:30.0247 2224 IpInIp - ok
23:30:30.0278 2224 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:30:30.0278 2224 IPMIDRV - ok
23:30:30.0325 2224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:30:30.0325 2224 IPNAT - ok
23:30:30.0419 2224 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:30:30.0419 2224 IRENUM - ok
23:30:30.0466 2224 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:30:30.0466 2224 isapnp - ok
23:30:30.0544 2224 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:30:30.0544 2224 iScsiPrt - ok
23:30:30.0590 2224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:30:30.0590 2224 iteatapi - ok
23:30:30.0668 2224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:30:30.0684 2224 iteraid - ok
23:30:30.0715 2224 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:30:30.0731 2224 kbdclass - ok
23:30:30.0762 2224 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:30:30.0762 2224 kbdhid - ok
23:30:30.0856 2224 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:30:30.0871 2224 KSecDD - ok
23:30:30.0934 2224 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:30:30.0934 2224 lltdio - ok
23:30:31.0027 2224 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:30:31.0027 2224 LSI_FC - ok
23:30:31.0074 2224 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:30:31.0074 2224 LSI_SAS - ok
23:30:31.0136 2224 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:30:31.0136 2224 LSI_SCSI - ok
23:30:31.0230 2224 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:30:31.0230 2224 luafv - ok
23:30:31.0261 2224 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
23:30:31.0277 2224 MBAMProtector - ok
23:30:31.0324 2224 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
23:30:31.0324 2224 mcdbus - ok
23:30:31.0402 2224 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:30:31.0417 2224 mdmxsdk - ok
23:30:31.0464 2224 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:30:31.0464 2224 megasas - ok
23:30:31.0542 2224 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:30:31.0558 2224 MegaSR - ok
23:30:31.0620 2224 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:30:31.0620 2224 Modem - ok
23:30:31.0682 2224 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:30:31.0682 2224 monitor - ok
23:30:31.0714 2224 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:30:31.0714 2224 mouclass - ok
23:30:31.0760 2224 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:30:31.0760 2224 mouhid - ok
23:30:31.0838 2224 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:30:31.0838 2224 MountMgr - ok
23:30:31.0885 2224 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:30:31.0885 2224 mpio - ok
23:30:31.0963 2224 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:30:31.0979 2224 mpsdrv - ok
23:30:32.0041 2224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:30:32.0041 2224 Mraid35x - ok
23:30:32.0135 2224 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:30:32.0135 2224 MRxDAV - ok
23:30:32.0166 2224 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:32.0166 2224 mrxsmb - ok
23:30:32.0244 2224 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:32.0244 2224 mrxsmb10 - ok
23:30:32.0353 2224 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:32.0353 2224 mrxsmb20 - ok
23:30:32.0400 2224 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:30:32.0400 2224 msahci - ok
23:30:32.0478 2224 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:30:32.0478 2224 msdsm - ok
23:30:32.0540 2224 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:30:32.0556 2224 Msfs - ok
23:30:32.0618 2224 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:30:32.0618 2224 msisadrv - ok
23:30:32.0650 2224 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:30:32.0650 2224 MSKSSRV - ok
23:30:32.0681 2224 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:32.0681 2224 MSPCLOCK - ok
23:30:32.0712 2224 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:30:32.0712 2224 MSPQM - ok
23:30:32.0806 2224 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:30:32.0821 2224 MsRPC - ok
23:30:32.0868 2224 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:30:32.0868 2224 mssmbios - ok
23:30:32.0962 2224 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:30:32.0962 2224 MSTEE - ok
23:30:33.0040 2224 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
23:30:33.0040 2224 MTOnlPktAlyX - ok
23:30:33.0118 2224 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:30:33.0118 2224 Mup - ok
23:30:33.0180 2224 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:30:33.0180 2224 NativeWifiP - ok
23:30:33.0414 2224 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:30:33.0430 2224 NDIS - ok
23:30:33.0601 2224 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:33.0601 2224 NdisTapi - ok
23:30:33.0773 2224 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:33.0773 2224 Ndisuio - ok
23:30:33.0929 2224 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:33.0929 2224 NdisWan - ok
23:30:34.0007 2224 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:30:34.0007 2224 NDProxy - ok
23:30:34.0085 2224 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:30:34.0085 2224 NetBIOS - ok
23:30:34.0132 2224 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:30:34.0132 2224 netbt - ok
23:30:34.0288 2224 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
23:30:34.0319 2224 NETw5v32 - ok
23:30:34.0428 2224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:30:34.0428 2224 nfrd960 - ok
23:30:34.0459 2224 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:30:34.0475 2224 Npfs - ok
23:30:34.0522 2224 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:30:34.0522 2224 nsiproxy - ok
23:30:34.0615 2224 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:30:34.0631 2224 Ntfs - ok
23:30:34.0724 2224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:30:34.0724 2224 ntrigdigi - ok
23:30:34.0771 2224 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:30:34.0771 2224 Null - ok
23:30:35.0052 2224 nvlddmkm (aafafe8671c79859b68129a367f29ba7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:30:35.0161 2224 nvlddmkm - ok
23:30:35.0317 2224 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:30:35.0317 2224 nvraid - ok
23:30:35.0333 2224 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:30:35.0333 2224 nvstor - ok
23:30:35.0364 2224 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:30:35.0364 2224 nv_agp - ok
23:30:35.0458 2224 NwlnkFlt - ok
23:30:35.0473 2224 NwlnkFwd - ok
23:30:35.0504 2224 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:30:35.0504 2224 ohci1394 - ok
23:30:35.0551 2224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:30:35.0551 2224 Parport - ok
23:30:35.0598 2224 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:30:35.0598 2224 partmgr - ok
23:30:35.0692 2224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:30:35.0692 2224 Parvdm - ok
23:30:35.0754 2224 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:30:35.0754 2224 pci - ok
23:30:35.0848 2224 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:30:35.0848 2224 pciide - ok
23:30:35.0910 2224 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:35.0910 2224 pcmcia - ok
23:30:35.0988 2224 PCTAppEvent (cc174f32cc9c18ea3109c4b0fc2ca8df) C:\Windows\system32\drivers\PCTAppEvent.sys
23:30:35.0988 2224 PCTAppEvent - ok
23:30:36.0019 2224 PCTFW-DNS (0afd401e45033c6264080989647989d2) C:\Windows\system32\drivers\pctNdis-DNS.sys
23:30:36.0035 2224 PCTFW-DNS - ok
23:30:36.0082 2224 PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
23:30:36.0082 2224 PCTFW-PacketFilter - ok
23:30:36.0128 2224 pctgntdi (39e8623f9f29dbc9e053a696d85f8ac6) C:\Windows\System32\drivers\pctgntdi.sys
23:30:36.0128 2224 pctgntdi - ok
23:30:36.0206 2224 pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\Windows\system32\DRIVERS\pctNdis.sys
23:30:36.0206 2224 pctNDIS - ok
23:30:36.0269 2224 pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\Windows\System32\drivers\pctplfw.sys
23:30:36.0269 2224 pctplfw - ok
23:30:36.0362 2224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:30:36.0378 2224 PEAUTH - ok
23:30:36.0472 2224 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:30:36.0487 2224 PptpMiniport - ok
23:30:36.0550 2224 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:30:36.0550 2224 Processor - ok
23:30:36.0581 2224 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:30:36.0596 2224 PSched - ok
23:30:36.0659 2224 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
23:30:36.0659 2224 PxHelp20 - ok
23:30:36.0799 2224 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:30:36.0815 2224 ql2300 - ok
23:30:36.0893 2224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:30:36.0893 2224 ql40xx - ok
23:30:36.0940 2224 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:30:36.0955 2224 QWAVEdrv - ok
23:30:36.0986 2224 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:30:36.0986 2224 RasAcd - ok
23:30:37.0080 2224 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:37.0080 2224 Rasl2tp - ok
23:30:37.0142 2224 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:30:37.0158 2224 RasPppoe - ok
23:30:37.0236 2224 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:30:37.0236 2224 RasSstp - ok
23:30:37.0314 2224 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:30:37.0314 2224 rdbss - ok
23:30:37.0423 2224 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:30:37.0423 2224 RDPCDD - ok
23:30:37.0470 2224 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
23:30:37.0470 2224 rdpdr - ok
23:30:37.0579 2224 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:30:37.0579 2224 RDPENCDD - ok
23:30:37.0626 2224 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:30:37.0626 2224 RDPWD - ok
23:30:37.0735 2224 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
23:30:37.0735 2224 regi - ok
23:30:37.0813 2224 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
23:30:37.0813 2224 RFCOMM - ok
23:30:37.0907 2224 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:30:37.0907 2224 rimsptsk - ok
23:30:37.0938 2224 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
23:30:37.0938 2224 risdptsk - ok
23:30:37.0985 2224 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:30:37.0985 2224 rspndr - ok
23:30:38.0078 2224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:30:38.0078 2224 sbp2port - ok
23:30:38.0125 2224 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
23:30:38.0125 2224 sdbus - ok
23:30:38.0172 2224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:30:38.0172 2224 secdrv - ok
23:30:38.0203 2224 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:30:38.0203 2224 Serenum - ok
23:30:38.0297 2224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
23:30:38.0297 2224 Serial - ok
23:30:38.0312 2224 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:30:38.0312 2224 sermouse - ok
23:30:38.0359 2224 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
23:30:38.0359 2224 SFEP - ok
23:30:38.0390 2224 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:30:38.0406 2224 sffdisk - ok
23:30:38.0484 2224 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:30:38.0484 2224 sffp_mmc - ok
23:30:38.0500 2224 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:30:38.0500 2224 sffp_sd - ok
23:30:38.0515 2224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:30:38.0515 2224 sfloppy - ok
23:30:38.0562 2224 shpf (fd165f1309e8da2a969fbbb16635e459) C:\Windows\system32\DRIVERS\shpf.sys
23:30:38.0578 2224 shpf - ok
23:30:38.0671 2224 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:30:38.0671 2224 sisagp - ok
23:30:38.0702 2224 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:30:38.0702 2224 SiSRaid2 - ok
23:30:38.0734 2224 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:30:38.0734 2224 SiSRaid4 - ok
23:30:38.0843 2224 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:30:38.0843 2224 Smb - ok
23:30:38.0890 2224 SPI (225a17c6ad0207a058d728c0fa87e61d) C:\Windows\system32\DRIVERS\SonyPI.sys
23:30:38.0890 2224 SPI - ok
23:30:38.0921 2224 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:30:38.0921 2224 spldr - ok
23:30:39.0030 2224 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
23:30:39.0030 2224 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
23:30:39.0046 2224 sptd ( LockedFile.Multi.Generic ) - warning
23:30:39.0046 2224 sptd - detected LockedFile.Multi.Generic (1)
23:30:39.0139 2224 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:30:39.0139 2224 srv - ok
23:30:39.0217 2224 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:30:39.0217 2224 srv2 - ok
23:30:39.0295 2224 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:30:39.0295 2224 srvnet - ok
23:30:39.0358 2224 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:30:39.0358 2224 ssmdrv - ok
23:30:39.0467 2224 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:30:39.0467 2224 swenum - ok
23:30:39.0514 2224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:30:39.0514 2224 Symc8xx - ok
23:30:39.0607 2224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:30:39.0607 2224 Sym_hi - ok
23:30:39.0638 2224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:30:39.0638 2224 Sym_u3 - ok
23:30:39.0794 2224 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:30:39.0810 2224 Tcpip - ok
23:30:39.0935 2224 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:30:39.0950 2224 Tcpip6 - ok
23:30:40.0044 2224 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:30:40.0044 2224 tcpipreg - ok
23:30:40.0091 2224 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
23:30:40.0091 2224 TcUsb - ok
23:30:40.0122 2224 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:30:40.0122 2224 TDPIPE - ok
23:30:40.0216 2224 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:30:40.0216 2224 TDTCP - ok
23:30:40.0262 2224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:30:40.0278 2224 tdx - ok
23:30:40.0309 2224 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:30:40.0309 2224 TermDD - ok
23:30:40.0434 2224 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
23:30:40.0434 2224 TPM - ok
23:30:40.0496 2224 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:30:40.0496 2224 tssecsrv - ok
23:30:40.0590 2224 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
23:30:40.0590 2224 TuneUpUtilitiesDrv - ok
23:30:40.0668 2224 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:30:40.0668 2224 tunmp - ok
23:30:40.0730 2224 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:30:40.0730 2224 tunnel - ok
23:30:40.0808 2224 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:30:40.0808 2224 uagp35 - ok
23:30:40.0871 2224 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:30:40.0871 2224 udfs - ok
23:30:40.0949 2224 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:30:40.0949 2224 uliagpkx - ok
23:30:41.0027 2224 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:30:41.0027 2224 uliahci - ok
23:30:41.0089 2224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:30:41.0089 2224 UlSata - ok
23:30:41.0167 2224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:30:41.0167 2224 ulsata2 - ok
23:30:41.0230 2224 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:30:41.0230 2224 umbus - ok
23:30:41.0292 2224 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
23:30:41.0292 2224 USBAAPL - ok
23:30:41.0386 2224 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:30:41.0386 2224 usbccgp - ok
23:30:41.0448 2224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:30:41.0448 2224 usbcir - ok
23:30:41.0510 2224 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:30:41.0526 2224 usbehci - ok
23:30:41.0573 2224 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:30:41.0573 2224 usbhub - ok
23:30:41.0635 2224 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:30:41.0635 2224 usbohci - ok
23:30:41.0713 2224 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:30:41.0713 2224 usbprint - ok
23:30:41.0776 2224 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:30:41.0776 2224 usbscan - ok
23:30:41.0854 2224 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:30:41.0854 2224 USBSTOR - ok
23:30:41.0885 2224 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:30:41.0900 2224 usbuhci - ok
23:30:41.0932 2224 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:30:41.0932 2224 usbvideo - ok
23:30:42.0010 2224 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
23:30:42.0010 2224 usb_rndisx - ok
23:30:42.0103 2224 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:30:42.0103 2224 vga - ok
23:30:42.0166 2224 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:30:42.0166 2224 VgaSave - ok
23:30:42.0212 2224 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:30:42.0212 2224 viaagp - ok
23:30:42.0290 2224 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:30:42.0290 2224 ViaC7 - ok
23:30:42.0353 2224 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:30:42.0353 2224 viaide - ok
23:30:42.0431 2224 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\Windows\system32\DRIVERS\VNUSB.sys
23:30:42.0446 2224 VNUSB - ok
23:30:42.0493 2224 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:30:42.0509 2224 volmgr - ok
23:30:42.0602 2224 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:30:42.0602 2224 volmgrx - ok
23:30:42.0665 2224 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:30:42.0665 2224 volsnap - ok
23:30:42.0758 2224 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:30:42.0758 2224 vsmraid - ok
23:30:42.0836 2224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:30:42.0836 2224 WacomPen - ok
23:30:42.0930 2224 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:30:42.0946 2224 Wanarp - ok
23:30:42.0946 2224 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:30:42.0946 2224 Wanarpv6 - ok
23:30:43.0039 2224 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:30:43.0039 2224 Wd - ok
23:30:43.0133 2224 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:30:43.0148 2224 Wdf01000 - ok
23:30:43.0242 2224 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
23:30:43.0242 2224 WimFltr - ok
23:30:43.0336 2224 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:30:43.0351 2224 winachsf - ok
23:30:43.0523 2224 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:30:43.0523 2224 WmiAcpi - ok
23:30:43.0601 2224 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:30:43.0601 2224 ws2ifsl - ok
23:30:43.0694 2224 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:30:43.0694 2224 WUDFRd - ok
23:30:43.0757 2224 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
23:30:43.0757 2224 XAudio - ok
23:30:43.0835 2224 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
23:30:43.0835 2224 yukonwlh - ok
23:30:43.0944 2224 ZYXEL750 (1fd4be45f40f7534472b7b23fa223f6e) C:\Windows\system32\DRIVERS\WlanUTG.sys
23:30:43.0944 2224 ZYXEL750 - ok
23:30:44.0022 2224 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:30:44.0053 2224 \Device\Harddisk0\DR0 - ok
23:30:44.0053 2224 Boot (0x1200) (cfb49b55e14d706fe9e9c2112c6a139c) \Device\Harddisk0\DR0\Partition0
23:30:44.0069 2224 \Device\Harddisk0\DR0\Partition0 - ok
23:30:44.0069 2224 ============================================================
23:30:44.0069 2224 Scan finished
23:30:44.0069 2224 ============================================================
23:30:44.0084 4536 Detected object count: 1
23:30:44.0084 4536 Actual detected object count: 1
23:30:52.0430 4536 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
23:30:52.0446 4536 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine





____________________

und hier das aswMBR Log:


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-01 23:34:37
-----------------------------
23:34:37.829 OS Version: Windows 6.0.6002 Service Pack 2
23:34:37.829 Number of processors: 2 586 0x1706
23:34:37.829 ComputerName: MOCK UserName: Mock
23:34:38.640 Initialize success
23:34:42.961 AVAST engine defs: 11120101
23:34:45.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:34:45.145 Disk 0 Vendor: TOSHIBA_ LB01 Size: 190782MB BusType: 3
23:34:47.204 Disk 0 MBR read successfully
23:34:47.204 Disk 0 MBR scan
23:34:47.235 Disk 0 Windows VISTA default MBR code
23:34:47.251 Disk 0 scanning sectors +390719920
23:34:47.360 Disk 0 scanning C:\Windows\system32\drivers
23:35:04.364 Service scanning
23:35:05.285 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:35:05.893 Modules scanning
23:35:15.425 Disk 0 trace - called modules:
23:35:15.471 ntkrnlpa.exe CLASSPNP.SYS disk.sys shpf.sys acpi.sys hal.dll iaStor.sys sphm.sys >>UNKNOWN [0x85878938]<<
23:35:15.471 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86aca6e0]
23:35:15.487 3 CLASSPNP.SYS[8a7a38b3] -> nt!IofCallDriver -> [0x86acac38]
23:35:15.503 5 shpf.sys[8a753cdd] -> nt!IofCallDriver -> [0x85f33408]
23:35:15.518 7 acpi.sys[807b76bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85969028]
23:35:16.423 AVAST engine scan C:\Windows
23:35:20.697 AVAST engine scan C:\Windows\system32
23:38:45.806 AVAST engine scan C:\Windows\system32\drivers
23:39:01.921 AVAST engine scan C:\Users\Mock
00:08:17.234 AVAST engine scan C:\ProgramData
00:12:40.209 Scan finished successfully
00:21:04.151 Disk 0 MBR has been saved successfully to "C:\Users\Mock\Desktop\MBR.dat"
00:21:04.151 The log file has been saved successfully to "C:\Users\Mock\Desktop\aswMBR.txt"

Alt 02.12.2011, 07:24   #9
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hi,

SPTD.SYS entfernen
Normalerweise gehört die Datei sptd.sys zu Daemontools bzw. Alcohol180, wird aber bei deren deinstallation nicht mit entfernt, daher:
Zur vollautomatischen Deinstallation von SPTD.SYS kannst Du ein SPTD Entfernungstool (http://www.duplexsecure.com/en/downloads) nutzen.
Beachte die unterschiedlichen Versionen für 32bit und 64bit Systeme.
Starte die Datei und wählen Uninstall aus. Anschließend neu booten. Eventuell muss dann Nero neu installiert bzw. repariert werden.

Bitte den MBR nochmal prüfen (wenn kein 64-Bit System)...
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

Danach nochmal den TDSS-Killer ausführen und Log posten...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (02.12.2011 um 07:31 Uhr)

Alt 02.12.2011, 10:30   #10
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



hi,

hier der Report von MBRChreck


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: INSYDE
System Manufacturer: Sony Corporation
System Product Name: VGN-Z11MN_B
Logical Drives Mask: 0x00000004

Kernel Drivers (total 163):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827BA000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047E000 \SystemRoot\system32\PSHED.dll
0x8048F000 \SystemRoot\system32\BOOTVID.dll
0x80497000 \SystemRoot\system32\CLFS.SYS
0x804D8000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80726000 \SystemRoot\system32\drivers\volmgr.sys
0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807AC000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AD6000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B08000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B22000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A20E000 \SystemRoot\system32\drivers\ndis.sys
0x8A319000 \SystemRoot\system32\drivers\msrpc.sys
0x8A344000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A40E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A51E000 \SystemRoot\system32\drivers\volsnap.sys
0x8A557000 \SystemRoot\System32\Drivers\spldr.sys
0x8A55F000 \SystemRoot\system32\DRIVERS\shpf.sys
0x8A563000 \SystemRoot\System32\Drivers\mup.sys
0x8A572000 \SystemRoot\System32\drivers\ecache.sys
0x8A599000 \SystemRoot\system32\drivers\disk.sys
0x8A5AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5CB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8DED3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8DEDE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DEE7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DEF6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E208000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E94B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8EC03000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F2E7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F387000 \SystemRoot\System32\drivers\watchdog.sys
0x8F393000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x8F3CD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E94D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DEFA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F60E000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8FA21000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FA34000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FA3F000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8FA6B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FA76000 \SystemRoot\system32\DRIVERS\SonyPI.sys
0x8FA7A000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8FA7D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FA86000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FAB5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FAF6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FB01000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FB18000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FB23000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FB46000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FB55000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FB69000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FC0E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8FC97000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FCA7000 \SystemRoot\system32\DRIVERS\pctNdis.sys
0x8FCB4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FCB6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FCE0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FCEA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FCF7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FD2C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90206000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9040F000 \SystemRoot\system32\drivers\portcls.sys
0x9043C000 \SystemRoot\system32\drivers\drmk.sys
0x90479000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90482000 \SystemRoot\System32\Drivers\Null.SYS
0x90489000 \SystemRoot\System32\Drivers\Beep.SYS
0x90490000 \SystemRoot\System32\drivers\vga.sys
0x9049C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x904BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x904C5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x904CD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x904D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x904E6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x904EF000 \SystemRoot\System32\drivers\tcpip.sys
0x905D9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90461000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FD3D000 \??\C:\Windows\System32\drivers\pctgntdi.sys
0x8FD74000 \ArcName\multi(0)disk(0)rdisk(0)partition(2)\Windows\system32\drivers\PctWfpFilter.sys
0x8FD91000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FDA5000 \SystemRoot\system32\drivers\afd.sys
0x8FB7E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FBB0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FDED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBC6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x905F4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E98B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FC00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x905FA000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x8DF87000 \SystemRoot\system32\drivers\csc.sys
0x8FBD9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FBF0000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x8F3E7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x905FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E9C7000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8A37F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F600000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DE00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8E9EC000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9940B000 \SystemRoot\System32\Drivers\bthport.sys
0x97850000 \SystemRoot\System32\win32k.sys
0x9948B000 \SystemRoot\System32\drivers\Dxapi.sys
0x99495000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x994BE000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x994C8000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x994E2000 \SystemRoot\system32\drivers\btwavdt.sys
0x99553000 \SystemRoot\system32\drivers\btwaudio.sys
0x995D3000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x995DD000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x995E0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x995F0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DFE2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97A70000 \SystemRoot\System32\TSDDD.dll
0x97A90000 \SystemRoot\System32\cdd.dll
0x97AA0000 \SystemRoot\System32\ATMFD.DLL
0x8A5E1000 \SystemRoot\system32\drivers\luafv.sys
0x8A3A0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAC80C000 \SystemRoot\system32\drivers\spsys.sys
0xAC8BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAC8CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAC8F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC900000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAC913000 \SystemRoot\system32\drivers\HTTP.sys
0xAC980000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAC99D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAC9B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAC9CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8A3B9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x82B93000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82BAB000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAF804000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF86B000 \SystemRoot\System32\Drivers\adfs.SYS
0xAF87C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAF880000 \??\C:\Windows\system32\drivers\PCTAppEvent.sys
0xAF894000 \SystemRoot\system32\drivers\peauth.sys
0xAF972000 \SystemRoot\system32\drivers\regi.sys
0xAF974000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAF97E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAF98A000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAF992000 \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
0xAF9A2000 \??\C:\Windows\System32\drivers\pctplfw.sys
0xAF9BD000 \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
0xAF9BE000 \SystemRoot\System32\Drivers\PxHelp20.sys
0xAF9E0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xAF9E6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAF9FC000 \??\C:\Windows\system32\drivers\mbam.sys
0x773D0000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
512 C:\Windows\System32\smss.exe
648 csrss.exe
704 C:\Windows\System32\wininit.exe
712 csrss.exe
748 C:\Windows\System32\services.exe
760 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\winlogon.exe
984 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\nvvsvc.exe
1064 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\audiodg.exe
1396 C:\Windows\System32\SLsvc.exe
1504 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\rundll32.exe
1616 C:\Windows\RTKAUDIOSERVICE.EXE
1796 C:\Windows\System32\svchost.exe
1932 C:\Windows\System32\wlanext.exe
2036 C:\Windows\System32\spoolsv.exe
292 C:\Program Files\Avira\AntiVir Desktop\sched.exe
328 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\svchost.exe
1784 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
316 C:\Windows\System32\dwm.exe
2076 C:\Windows\explorer.exe
2096 C:\Windows\System32\taskeng.exe
2108 C:\Windows\System32\svchost.exe
2148 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2440 C:\Program Files\Windows Defender\MSASCui.exe
2488 C:\Program Files\Apoint\Apoint.exe
2496 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2584 C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
2600 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2608 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2880 C:\Windows\System32\svchost.exe
2916 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3008 C:\Windows\System32\svchost.exe
3036 C:\Program Files\PC Tools Firewall Plus\FWService.exe
3068 C:\Windows\System32\svchost.exe
3096 C:\Windows\System32\svchost.exe
3316 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3332 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3348 C:\Windows\System32\svchost.exe
3472 C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
3508 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
3532 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
3596 C:\Windows\System32\svchost.exe
3616 C:\Windows\System32\drivers\XAudio.exe
3728 dllhost.exe
3944 C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
4004 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
1712 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
1304 dllhost.exe
2636 igfxext.exe
2752 igfxsrvc.exe
2840 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3212 C:\Program Files\Common Files\Akamai\installer_no_upload_silent.exe
1352 WmiPrvSE.exe
2244 C:\Program Files\Apoint\ApMsgFwd.exe
4224 C:\Program Files\Apoint\ApntEx.exe
4260 C:\Windows\System32\msiexec.exe
4296 C:\Windows\System32\msiexec.exe
4356 C:\Windows\System32\msiexec.exe
4592 C:\Users\Mock\AppData\Local\Akamai\netsession_win.exe
4608 C:\Windows\System32\taskeng.exe
4616 C:\Users\Mock\AppData\Local\Akamai\netsession_win.exe
5172 C:\Windows\System32\wbem\WMIADAP.exe
5340 C:\Windows\System32\taskeng.exe
5388 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
5640 WmiPrvSE.exe
5700 C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
4132 C:\Windows\System32\svchost.exe
4156 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1876 C:\Windows\System32\svchost.exe
2688 C:\Program Files\Mozilla Firefox\firefox.exe
5844 dllhost.exe
4440 dllhost.exe
2252 C:\Users\Mock\Desktop\MBRCheck.exe
4888 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b5000000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2546GSX_200, Rev: LB012Q

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

_____________________



und hier das TDSS Log (hat jetzt nichts mehr gefunden):



10:25:44.0864 1576 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:25:45.0192 1576 ============================================================
10:25:45.0192 1576 Current date / time: 2011/12/02 10:25:45.0192
10:25:45.0192 1576 SystemInfo:
10:25:45.0192 1576
10:25:45.0192 1576 OS Version: 6.0.6002 ServicePack: 2.0
10:25:45.0192 1576 Product type: Workstation
10:25:45.0192 1576 ComputerName: MOCK
10:25:45.0192 1576 UserName: Mock
10:25:45.0192 1576 Windows directory: C:\Windows
10:25:45.0192 1576 System windows directory: C:\Windows
10:25:45.0192 1576 Processor architecture: Intel x86
10:25:45.0192 1576 Number of processors: 2
10:25:45.0192 1576 Page size: 0x1000
10:25:45.0192 1576 Boot type: Normal boot
10:25:45.0192 1576 ============================================================
10:25:57.0984 1576 Initialize success
10:26:08.0358 1528 ============================================================
10:26:08.0358 1528 Scan started
10:26:08.0358 1528 Mode: Manual;
10:26:08.0358 1528 ============================================================
10:26:09.0153 1528 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:26:09.0153 1528 ACPI - ok
10:26:09.0621 1528 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
10:26:09.0652 1528 adfs - ok
10:26:09.0949 1528 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:26:09.0964 1528 adp94xx - ok
10:26:10.0089 1528 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:26:10.0089 1528 adpahci - ok
10:26:10.0167 1528 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:26:10.0167 1528 adpu160m - ok
10:26:10.0292 1528 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:26:10.0308 1528 adpu320 - ok
10:26:10.0386 1528 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:26:10.0417 1528 AFD - ok
10:26:10.0588 1528 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:26:10.0588 1528 agp440 - ok
10:26:10.0635 1528 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:26:10.0651 1528 aic78xx - ok
10:26:10.0760 1528 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:26:10.0776 1528 aliide - ok
10:26:10.0838 1528 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:26:10.0838 1528 amdagp - ok
10:26:10.0869 1528 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:26:10.0885 1528 amdide - ok
10:26:10.0963 1528 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:26:10.0978 1528 AmdK7 - ok
10:26:11.0025 1528 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:26:11.0041 1528 AmdK8 - ok
10:26:11.0150 1528 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:26:11.0166 1528 ApfiltrService - ok
10:26:11.0337 1528 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:26:11.0353 1528 arc - ok
10:26:11.0400 1528 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:26:11.0415 1528 arcsas - ok
10:26:11.0649 1528 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:26:11.0665 1528 AsyncMac - ok
10:26:11.0868 1528 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
10:26:11.0868 1528 atapi - ok
10:26:12.0180 1528 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
10:26:12.0195 1528 avgntflt - ok
10:26:12.0351 1528 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
10:26:12.0367 1528 avipbb - ok
10:26:12.0476 1528 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:26:12.0492 1528 avkmgr - ok
10:26:12.0632 1528 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:26:12.0648 1528 Beep - ok
10:26:12.0757 1528 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:26:12.0757 1528 blbdrive - ok
10:26:12.0897 1528 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:26:12.0913 1528 bowser - ok
10:26:12.0975 1528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:26:12.0975 1528 BrFiltLo - ok
10:26:13.0084 1528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:26:13.0194 1528 BrFiltUp - ok
10:26:13.0318 1528 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:26:13.0318 1528 Brserid - ok
10:26:13.0350 1528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:26:13.0350 1528 BrSerWdm - ok
10:26:13.0459 1528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:26:13.0474 1528 BrUsbMdm - ok
10:26:13.0552 1528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:26:13.0568 1528 BrUsbSer - ok
10:26:13.0724 1528 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:26:13.0740 1528 BthEnum - ok
10:26:13.0833 1528 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
10:26:13.0849 1528 BTHMODEM - ok
10:26:13.0958 1528 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:26:13.0958 1528 BthPan - ok
10:26:14.0067 1528 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:26:14.0098 1528 BTHPORT - ok
10:26:14.0161 1528 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:26:14.0176 1528 BTHUSB - ok
10:26:14.0301 1528 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
10:26:14.0301 1528 btwaudio - ok
10:26:14.0395 1528 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
10:26:14.0410 1528 btwavdt - ok
10:26:14.0473 1528 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:26:14.0488 1528 btwl2cap - ok
10:26:14.0644 1528 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
10:26:14.0660 1528 btwrchid - ok
10:26:14.0769 1528 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:26:14.0785 1528 cdfs - ok
10:26:14.0847 1528 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:26:14.0847 1528 cdrom - ok
10:26:14.0988 1528 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:26:15.0034 1528 circlass - ok
10:26:15.0144 1528 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:26:15.0159 1528 CLFS - ok
10:26:15.0346 1528 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:26:15.0424 1528 CmBatt - ok
10:26:15.0565 1528 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:26:15.0565 1528 cmdide - ok
10:26:15.0736 1528 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:26:15.0752 1528 Compbatt - ok
10:26:15.0846 1528 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:26:15.0861 1528 crcdisk - ok
10:26:15.0892 1528 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:26:15.0908 1528 Crusoe - ok
10:26:16.0080 1528 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
10:26:16.0111 1528 CSC - ok
10:26:16.0220 1528 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:26:16.0236 1528 CVirtA - ok
10:26:16.0298 1528 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:26:16.0314 1528 DfsC - ok
10:26:16.0454 1528 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:26:16.0470 1528 disk - ok
10:26:16.0641 1528 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
10:26:16.0657 1528 DMICall - ok
10:26:16.0766 1528 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
10:26:16.0797 1528 DNE - ok
10:26:16.0875 1528 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:26:16.0891 1528 Dot4 - ok
10:26:16.0984 1528 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:26:17.0000 1528 Dot4Print - ok
10:26:17.0140 1528 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:26:17.0156 1528 dot4usb - ok
10:26:17.0234 1528 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:26:17.0234 1528 drmkaud - ok
10:26:17.0406 1528 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:26:17.0421 1528 DXGKrnl - ok
10:26:17.0562 1528 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:26:17.0577 1528 E1G60 - ok
10:26:17.0686 1528 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys
10:26:17.0702 1528 e1yexpress - ok
10:26:17.0842 1528 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:26:17.0858 1528 Ecache - ok
10:26:18.0076 1528 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:26:18.0139 1528 elxstor - ok
10:26:18.0326 1528 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:26:18.0342 1528 ErrDev - ok
10:26:18.0654 1528 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:26:18.0669 1528 exfat - ok
10:26:18.0732 1528 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:26:18.0732 1528 fastfat - ok
10:26:18.0841 1528 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:26:18.0841 1528 fdc - ok
10:26:18.0903 1528 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:26:18.0919 1528 FileInfo - ok
10:26:18.0997 1528 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:26:18.0997 1528 Filetrace - ok
10:26:19.0122 1528 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:26:19.0137 1528 flpydisk - ok
10:26:19.0184 1528 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:26:19.0200 1528 FltMgr - ok
10:26:19.0309 1528 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:26:19.0324 1528 Fs_Rec - ok
10:26:19.0356 1528 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:26:19.0371 1528 gagp30kx - ok
10:26:19.0418 1528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:26:19.0418 1528 GEARAspiWDM - ok
10:26:19.0714 1528 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:26:19.0730 1528 HdAudAddService - ok
10:26:19.0902 1528 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:26:19.0917 1528 HDAudBus - ok
10:26:20.0089 1528 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:26:20.0104 1528 HidBth - ok
10:26:20.0182 1528 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:26:20.0182 1528 HidIr - ok
10:26:20.0245 1528 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:26:20.0245 1528 HidUsb - ok
10:26:20.0307 1528 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:26:20.0323 1528 HpCISSs - ok
10:26:20.0557 1528 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:26:20.0619 1528 HSFHWAZL - ok
10:26:20.0869 1528 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:26:20.0931 1528 HSF_DPV - ok
10:26:21.0352 1528 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:26:21.0368 1528 HSXHWAZL - ok
10:26:21.0571 1528 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:26:21.0602 1528 HTTP - ok
10:26:21.0805 1528 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:26:21.0820 1528 i2omp - ok
10:26:21.0945 1528 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:26:21.0961 1528 i8042prt - ok
10:26:22.0023 1528 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
10:26:22.0023 1528 iaStor - ok
10:26:22.0148 1528 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:26:22.0164 1528 iaStorV - ok
10:26:22.0226 1528 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:26:22.0226 1528 iirsp - ok
10:26:22.0444 1528 IntcAzAudAddService (fbbe3f1697d393be685cd6192b1ec95a) C:\Windows\system32\drivers\RTKVHDA.sys
10:26:22.0491 1528 IntcAzAudAddService - ok
10:26:22.0616 1528 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:26:22.0616 1528 intelide - ok
10:26:22.0710 1528 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:26:22.0710 1528 intelppm - ok
10:26:22.0819 1528 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:26:22.0819 1528 IpFilterDriver - ok
10:26:22.0912 1528 IpInIp - ok
10:26:23.0022 1528 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:26:23.0037 1528 IPMIDRV - ok
10:26:23.0084 1528 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:26:23.0100 1528 IPNAT - ok
10:26:23.0240 1528 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:26:23.0240 1528 IRENUM - ok
10:26:23.0287 1528 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:26:23.0302 1528 isapnp - ok
10:26:23.0334 1528 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:26:23.0334 1528 iScsiPrt - ok
10:26:23.0474 1528 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:26:23.0490 1528 iteatapi - ok
10:26:23.0552 1528 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:26:23.0583 1528 iteraid - ok
10:26:23.0677 1528 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:26:23.0692 1528 kbdclass - ok
10:26:23.0755 1528 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
10:26:23.0755 1528 kbdhid - ok
10:26:23.0864 1528 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:26:23.0880 1528 KSecDD - ok
10:26:23.0942 1528 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:26:23.0942 1528 lltdio - ok
10:26:24.0036 1528 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:26:24.0051 1528 LSI_FC - ok
10:26:24.0082 1528 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:26:24.0082 1528 LSI_SAS - ok
10:26:24.0145 1528 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:26:24.0145 1528 LSI_SCSI - ok
10:26:24.0285 1528 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:26:24.0316 1528 luafv - ok
10:26:24.0379 1528 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
10:26:24.0379 1528 MBAMProtector - ok
10:26:24.0472 1528 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
10:26:24.0488 1528 mcdbus - ok
10:26:24.0566 1528 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:26:24.0566 1528 mdmxsdk - ok
10:26:24.0660 1528 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:26:24.0769 1528 megasas - ok
10:26:24.0878 1528 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:26:25.0050 1528 MegaSR - ok
10:26:25.0440 1528 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:26:25.0455 1528 Modem - ok
10:26:25.0533 1528 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:26:25.0533 1528 monitor - ok
10:26:25.0549 1528 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:26:25.0564 1528 mouclass - ok
10:26:25.0674 1528 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:26:25.0674 1528 mouhid - ok
10:26:25.0970 1528 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:26:25.0970 1528 MountMgr - ok
10:26:26.0032 1528 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:26:26.0048 1528 mpio - ok
10:26:26.0157 1528 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:26:26.0173 1528 mpsdrv - ok
10:26:26.0391 1528 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:26:26.0422 1528 Mraid35x - ok
10:26:26.0578 1528 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:26:26.0594 1528 MRxDAV - ok
10:26:26.0703 1528 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:26:26.0703 1528 mrxsmb - ok
10:26:26.0953 1528 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:26:26.0968 1528 mrxsmb10 - ok
10:26:27.0249 1528 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:26:27.0265 1528 mrxsmb20 - ok
10:26:27.0436 1528 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:26:27.0452 1528 msahci - ok
10:26:27.0577 1528 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:26:27.0592 1528 msdsm - ok
10:26:27.0733 1528 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:26:27.0733 1528 Msfs - ok
10:26:27.0811 1528 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:26:27.0826 1528 msisadrv - ok
10:26:27.0998 1528 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:26:28.0014 1528 MSKSSRV - ok
10:26:28.0544 1528 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:26:28.0560 1528 MSPCLOCK - ok
10:26:28.0638 1528 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:26:28.0653 1528 MSPQM - ok
10:26:28.0700 1528 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:26:28.0716 1528 MsRPC - ok
10:26:28.0840 1528 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:26:28.0840 1528 mssmbios - ok
10:26:28.0965 1528 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:26:28.0981 1528 MSTEE - ok
10:26:29.0184 1528 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
10:26:29.0199 1528 MTOnlPktAlyX - ok
10:26:29.0324 1528 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:26:29.0340 1528 Mup - ok
10:26:29.0464 1528 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:26:29.0480 1528 NativeWifiP - ok
10:26:29.0574 1528 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:26:29.0589 1528 NDIS - ok
10:26:29.0808 1528 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:26:29.0823 1528 NdisTapi - ok
10:26:29.0917 1528 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:26:29.0932 1528 Ndisuio - ok
10:26:29.0979 1528 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:26:29.0995 1528 NdisWan - ok
10:26:30.0088 1528 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:26:30.0104 1528 NDProxy - ok
10:26:30.0229 1528 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:26:30.0244 1528 NetBIOS - ok
10:26:30.0291 1528 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:26:30.0322 1528 netbt - ok
10:26:30.0806 1528 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
10:26:31.0009 1528 NETw5v32 - ok
10:26:31.0118 1528 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:26:31.0118 1528 nfrd960 - ok
10:26:31.0165 1528 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:26:31.0165 1528 Npfs - ok
10:26:31.0305 1528 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:26:31.0321 1528 nsiproxy - ok
10:26:31.0492 1528 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:26:31.0539 1528 Ntfs - ok
10:26:31.0648 1528 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:26:31.0664 1528 ntrigdigi - ok
10:26:31.0820 1528 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:26:31.0836 1528 Null - ok
10:26:32.0787 1528 nvlddmkm (aafafe8671c79859b68129a367f29ba7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:26:33.0021 1528 nvlddmkm - ok
10:26:33.0240 1528 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:26:33.0255 1528 nvraid - ok
10:26:33.0427 1528 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:26:33.0427 1528 nvstor - ok
10:26:33.0520 1528 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:26:33.0552 1528 nv_agp - ok
10:26:33.0567 1528 NwlnkFlt - ok
10:26:33.0598 1528 NwlnkFwd - ok
10:26:33.0786 1528 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:26:33.0786 1528 ohci1394 - ok
10:26:33.0848 1528 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:26:33.0864 1528 Parport - ok
10:26:34.0066 1528 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:26:34.0082 1528 partmgr - ok
10:26:34.0534 1528 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:26:34.0550 1528 Parvdm - ok
10:26:34.0644 1528 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:26:34.0659 1528 pci - ok
10:26:34.0706 1528 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:26:34.0722 1528 pciide - ok
10:26:34.0956 1528 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
10:26:34.0987 1528 pcmcia - ok
10:26:35.0127 1528 PCTAppEvent (cc174f32cc9c18ea3109c4b0fc2ca8df) C:\Windows\system32\drivers\PCTAppEvent.sys
10:26:35.0143 1528 PCTAppEvent - ok
10:26:35.0408 1528 PCTFW-DNS (0afd401e45033c6264080989647989d2) C:\Windows\system32\drivers\pctNdis-DNS.sys
10:26:35.0424 1528 PCTFW-DNS - ok
10:26:35.0517 1528 PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
10:26:35.0533 1528 PCTFW-PacketFilter - ok
10:26:35.0611 1528 pctgntdi (39e8623f9f29dbc9e053a696d85f8ac6) C:\Windows\System32\drivers\pctgntdi.sys
10:26:35.0626 1528 pctgntdi - ok
10:26:35.0767 1528 pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\Windows\system32\DRIVERS\pctNdis.sys
10:26:35.0782 1528 pctNDIS - ok
10:26:35.0907 1528 pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\Windows\System32\drivers\pctplfw.sys
10:26:35.0923 1528 pctplfw - ok
10:26:36.0126 1528 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:26:36.0157 1528 PEAUTH - ok
10:26:36.0328 1528 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:26:36.0344 1528 PptpMiniport - ok
10:26:36.0375 1528 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:26:36.0375 1528 Processor - ok
10:26:36.0562 1528 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:26:36.0562 1528 PSched - ok
10:26:36.0859 1528 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:26:36.0874 1528 PxHelp20 - ok
10:26:37.0124 1528 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:26:37.0186 1528 ql2300 - ok
10:26:37.0342 1528 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:26:37.0358 1528 ql40xx - ok
10:26:37.0608 1528 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:26:37.0608 1528 QWAVEdrv - ok
10:26:37.0764 1528 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:26:37.0764 1528 RasAcd - ok
10:26:37.0888 1528 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:26:37.0904 1528 Rasl2tp - ok
10:26:37.0998 1528 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:26:37.0998 1528 RasPppoe - ok
10:26:38.0060 1528 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:26:38.0076 1528 RasSstp - ok
10:26:38.0185 1528 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:26:38.0200 1528 rdbss - ok
10:26:38.0278 1528 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:26:38.0278 1528 RDPCDD - ok
10:26:38.0356 1528 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
10:26:38.0372 1528 rdpdr - ok
10:26:38.0372 1528 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:26:38.0388 1528 RDPENCDD - ok
10:26:38.0434 1528 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:26:38.0450 1528 RDPWD - ok
10:26:38.0653 1528 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
10:26:38.0668 1528 regi - ok
10:26:38.0824 1528 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:26:38.0840 1528 RFCOMM - ok
10:26:39.0043 1528 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:26:39.0074 1528 rimsptsk - ok
10:26:39.0183 1528 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
10:26:39.0183 1528 risdptsk - ok
10:26:39.0246 1528 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:26:39.0261 1528 rspndr - ok
10:26:39.0448 1528 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:26:39.0448 1528 sbp2port - ok
10:26:39.0542 1528 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
10:26:39.0542 1528 sdbus - ok
10:26:39.0620 1528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:26:39.0620 1528 secdrv - ok
10:26:39.0667 1528 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:26:39.0698 1528 Serenum - ok
10:26:39.0838 1528 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
10:26:39.0870 1528 Serial - ok
10:26:39.0916 1528 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:26:39.0948 1528 sermouse - ok
10:26:40.0057 1528 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
10:26:40.0057 1528 SFEP - ok
10:26:40.0119 1528 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:26:40.0119 1528 sffdisk - ok
10:26:40.0228 1528 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:26:40.0244 1528 sffp_mmc - ok
10:26:40.0291 1528 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:26:40.0306 1528 sffp_sd - ok
10:26:40.0400 1528 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:26:40.0400 1528 sfloppy - ok
10:26:40.0462 1528 shpf (fd165f1309e8da2a969fbbb16635e459) C:\Windows\system32\DRIVERS\shpf.sys
10:26:40.0478 1528 shpf - ok
10:26:40.0650 1528 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:26:40.0665 1528 sisagp - ok
10:26:40.0774 1528 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:26:40.0790 1528 SiSRaid2 - ok
10:26:40.0868 1528 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:26:40.0884 1528 SiSRaid4 - ok
10:26:40.0993 1528 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:26:41.0008 1528 Smb - ok
10:26:41.0086 1528 SPI (225a17c6ad0207a058d728c0fa87e61d) C:\Windows\system32\DRIVERS\SonyPI.sys
10:26:41.0086 1528 SPI - ok
10:26:41.0196 1528 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:26:41.0196 1528 spldr - ok
10:26:41.0227 1528 sptd - ok
10:26:41.0352 1528 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:26:41.0383 1528 srv - ok
10:26:41.0476 1528 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:26:41.0492 1528 srv2 - ok
10:26:41.0523 1528 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:26:41.0523 1528 srvnet - ok
10:26:41.0632 1528 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:26:41.0648 1528 ssmdrv - ok
10:26:41.0773 1528 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:26:41.0788 1528 swenum - ok
10:26:41.0913 1528 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:26:41.0913 1528 Symc8xx - ok
10:26:41.0991 1528 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:26:42.0007 1528 Sym_hi - ok
10:26:42.0069 1528 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:26:42.0069 1528 Sym_u3 - ok
10:26:42.0194 1528 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:26:42.0210 1528 Tcpip - ok
10:26:42.0615 1528 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:26:42.0631 1528 Tcpip6 - ok
10:26:42.0740 1528 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:26:42.0756 1528 tcpipreg - ok
10:26:42.0990 1528 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
10:26:43.0146 1528 TcUsb - ok
10:26:43.0208 1528 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:26:43.0208 1528 TDPIPE - ok
10:26:43.0302 1528 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:26:43.0348 1528 TDTCP - ok
10:26:43.0520 1528 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:26:43.0567 1528 tdx - ok
10:26:43.0723 1528 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:26:43.0723 1528 TermDD - ok
10:26:43.0863 1528 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
10:26:43.0879 1528 TPM - ok
10:26:43.0972 1528 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:26:43.0972 1528 tssecsrv - ok
10:26:44.0066 1528 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
10:26:44.0082 1528 TuneUpUtilitiesDrv - ok
10:26:44.0175 1528 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:26:44.0175 1528 tunmp - ok
10:26:44.0253 1528 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:26:44.0253 1528 tunnel - ok
10:26:44.0456 1528 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:26:44.0472 1528 uagp35 - ok
10:26:44.0596 1528 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:26:44.0612 1528 udfs - ok
10:26:44.0674 1528 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:26:44.0690 1528 uliagpkx - ok
10:26:44.0799 1528 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:26:44.0846 1528 uliahci - ok
10:26:44.0924 1528 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:26:44.0955 1528 UlSata - ok
10:26:45.0189 1528 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:26:45.0205 1528 ulsata2 - ok
10:26:45.0454 1528 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:26:45.0454 1528 umbus - ok
10:26:45.0564 1528 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
10:26:45.0579 1528 USBAAPL - ok
10:26:45.0673 1528 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:26:45.0673 1528 usbccgp - ok
10:26:45.0876 1528 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:26:45.0891 1528 usbcir - ok
10:26:46.0141 1528 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:26:46.0141 1528 usbehci - ok
10:26:46.0234 1528 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:26:46.0250 1528 usbhub - ok
10:26:46.0312 1528 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:26:46.0312 1528 usbohci - ok
10:26:46.0422 1528 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:26:46.0422 1528 usbprint - ok
10:26:46.0468 1528 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:26:46.0500 1528 usbscan - ok
10:26:46.0609 1528 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:26:46.0609 1528 USBSTOR - ok
10:26:46.0640 1528 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:26:46.0656 1528 usbuhci - ok
10:26:46.0687 1528 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:26:46.0687 1528 usbvideo - ok
10:26:46.0796 1528 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
10:26:46.0796 1528 usb_rndisx - ok
10:26:46.0890 1528 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:26:46.0905 1528 vga - ok
10:26:47.0092 1528 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:26:47.0108 1528 VgaSave - ok
10:26:47.0186 1528 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:26:47.0202 1528 viaagp - ok
10:26:47.0248 1528 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:26:47.0264 1528 ViaC7 - ok
10:26:47.0358 1528 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:26:47.0373 1528 viaide - ok
10:26:47.0451 1528 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\Windows\system32\DRIVERS\VNUSB.sys
10:26:47.0467 1528 VNUSB - ok
10:26:47.0607 1528 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:26:47.0623 1528 volmgr - ok
10:26:47.0685 1528 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:26:47.0716 1528 volmgrx - ok
10:26:47.0810 1528 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:26:47.0841 1528 volsnap - ok
10:26:48.0028 1528 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:26:48.0044 1528 vsmraid - ok
10:26:48.0247 1528 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:26:48.0262 1528 WacomPen - ok
10:26:48.0340 1528 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:26:48.0356 1528 Wanarp - ok
10:26:48.0372 1528 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:26:48.0387 1528 Wanarpv6 - ok
10:26:48.0465 1528 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:26:48.0465 1528 Wd - ok
10:26:48.0574 1528 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:26:48.0590 1528 Wdf01000 - ok
10:26:48.0918 1528 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
10:26:48.0933 1528 WimFltr - ok
10:26:49.0198 1528 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:26:49.0245 1528 winachsf - ok
10:26:49.0417 1528 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:26:49.0417 1528 WmiAcpi - ok
10:26:49.0479 1528 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:26:49.0479 1528 ws2ifsl - ok
10:26:49.0604 1528 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:26:49.0604 1528 WUDFRd - ok
10:26:49.0635 1528 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
10:26:49.0635 1528 XAudio - ok
10:26:49.0776 1528 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
10:26:49.0807 1528 yukonwlh - ok
10:26:49.0978 1528 ZYXEL750 (1fd4be45f40f7534472b7b23fa223f6e) C:\Windows\system32\DRIVERS\WlanUTG.sys
10:26:49.0994 1528 ZYXEL750 - ok
10:26:50.0088 1528 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:26:50.0103 1528 \Device\Harddisk0\DR0 - ok
10:26:50.0119 1528 Boot (0x1200) (cfb49b55e14d706fe9e9c2112c6a139c) \Device\Harddisk0\DR0\Partition0
10:26:50.0119 1528 \Device\Harddisk0\DR0\Partition0 - ok
10:26:50.0119 1528 ============================================================
10:26:50.0119 1528 Scan finished
10:26:50.0119 1528 ============================================================
10:26:50.0150 5800 Detected object count: 0
10:26:50.0150 5800 Actual detected object count: 0

Alt 02.12.2011, 11:56   #11
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hi,

sieht gut, was macht der Rechner (speziell die aufpoppende cmd.exe)?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 02.12.2011, 14:32   #12
martin2und3
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



hi, erst mal vielen, vielen dank!!

die cmd.exe öffnet und verschwindet sich leider nach wie vor noch von selbst, aber lange nicht mehr so oft wie vorher..

vielleicht setze ich das ganze wenn ich mal zeit hab doch einfach komplett neu auf. Wenn das erstmal so alles ganz okay aussieht ist das ja vielleicht auch nicht ganz so dringend..

Nochmal vielen Dank für die gute Hilfe!

Alt 02.12.2011, 16:33   #13
Chris4You
 
cmd.exe und mahmud.exe - Bundespolizei Trojaner - Standard

cmd.exe und mahmud.exe - Bundespolizei Trojaner



Hi,

wir probieren noch zwei Sachen aus, von CD scannen und system "optimieren" lassen...

Antivir, Rescue-CD
Avira Support
Dort bitte das Rescue System sowie das update
dazu runterladen. Beim Start der Anwendung leere CD in den Brenner,
CD brennen lassen. Zweite CD brennen mit dem ausgepackten Update.
Von CD booten (Einstellung im BIOS vornehmen)...
Wenn nichts mehr geht - Avira bietet Rettungs-CD zum Download an - Antivirus & Antispyware - PC-WELT

bzw. bei ATI-Grafikkarten lieber die nehmen:

Dr. Web-Live-CD
Lade Dir das Abbild (Dr.Web CureIt! &mdash;) runter (jeweils die neuste Version, z. Z. http://download.geo.drweb.com/pub/dr...livecd-600.iso) und brenne es auf CD/DVD. Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen...
Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt...
Weiter Anweisungen: Dr.Web CureIt! &mdash;

Und noch:
System Reparieren:
Lade Dir "Advanced Windowscare Professional" von folgender Adresse:
Advanced SystemCare Free 5/4/3 Download Review for Windows XP/Vista/7 - IObit
Installieren auf Deutsch, Yahoo-Toolbar etc. abwählen.
Erstelle einen Systemwiederherstellungspunkt
(Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen) oder lasse ihn automatisch erstellen.
Lasse dann das gesamte System scannen und Bereinigen sowie
Immunisieren.
Damit werden einige Einträge wieder gerade gebogen, die von
Trojaneren/Viren verbogen worden sind...

Berichtet dann bitte noch....

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu cmd.exe und mahmud.exe - Bundespolizei Trojaner
adaware, bli, blinkt, bundespolizei trojaner, cmd.exe, e-banking, erkannt, erkennen, fenster, folge, folgendes, griff, hilfe!, kurze, mahmud.exe, nicht mehr, nicht sicher, nichts, online-banking, problem, schwarz, startet, trojane, trojaner, verschwindet, virus, virustotal, woche, wochen



Ähnliche Themen: cmd.exe und mahmud.exe - Bundespolizei Trojaner


  1. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (2)
  2. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.09.2012 (18)
  3. Trojaner ''Bundespolizei''
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (1)
  4. Bundespolizei Trojaner - mahmud.exe?
    Plagegeister aller Art und deren Bekämpfung - 11.12.2011 (1)
  5. mahmud.exe, wahrscheinlich noch mehr...
    Log-Analyse und Auswertung - 08.12.2011 (12)
  6. TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe
    Log-Analyse und Auswertung - 29.11.2011 (24)
  7. BKA Trojaner (mahmud.exe) win xp sp3 32bit
    Log-Analyse und Auswertung - 23.10.2011 (1)
  8. Bundespolizei Trojaner OTL Log
    Log-Analyse und Auswertung - 19.08.2011 (7)
  9. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (8)
  10. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (7)
  11. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (1)
  13. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 15.08.2011 (1)
  14. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (1)
  15. Trojaner der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 14.08.2011 (5)
  16. Trojaner Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (1)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)

Zum Thema cmd.exe und mahmud.exe - Bundespolizei Trojaner - Hallo, ich habe leider folgendes Problem bzw. Auffälligkeit: ich hatte vor ungefähr zwei Wochen den Bundespolizei-Trojaner (das ucash-Ding) auf meinem Laptop. Eigentlich dachte ich, ich hätte das ganz gut in - cmd.exe und mahmud.exe - Bundespolizei Trojaner...
Archiv
Du betrachtest: cmd.exe und mahmud.exe - Bundespolizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.