Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.12.2011, 11:26   #1
kay2012
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



Hallo liebe Helfer,

ich bin habe meinen PC mit "aswMBR" gescannt und dabei einen rot markierten Bereich angezeigt bekommen:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 10:24:08
-----------------------------
10:24:08.699    OS Version: Windows x64 6.1.7601 Service Pack 1
10:24:08.699    Number of processors: 4 586 0x403
10:24:08.699    ComputerName: MAZ-PC  UserName: maz
10:24:09.934    Initialize success
10:24:57.568    AVAST engine defs: 11121800
10:25:07.803    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:07.803    Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
10:25:07.803    Disk 0 MBR read successfully
10:25:07.803    Disk 0 MBR scan
10:25:07.803    Disk 0 Windows XP default MBR code
10:25:07.818    Service scanning
10:25:08.256    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:25:08.787    Modules scanning
10:25:08.787    Disk 0 trace - called modules:
10:25:08.787    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]<<
10:25:08.787    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa8060]
10:25:08.787    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80049419b0]
10:25:08.787    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004f9a060]
10:25:08.787    \Driver\atapi[0xfffffa8003ac0de0] -> IRP_MJ_CREATE -> 0xfffffa8003a912c0
10:25:21.209    AVAST engine scan C:\Windows
10:25:32.178    AVAST engine scan C:\Windows\system32
10:26:52.443    AVAST engine scan C:\Windows\system32\drivers
10:26:59.459    AVAST engine scan C:\Users\maz
10:30:05.803    AVAST engine scan C:\ProgramData
10:30:53.600    Scan finished successfully
10:32:47.741    Disk 0 MBR has been saved successfully to "C:\Users\maz\Desktop\MBR.dat"
10:32:47.741    The log file has been saved successfully to "C:\Users\maz\Desktop\aswMBRlog1.txt"
         
Hier der Scan mit OTL:

Code:
ATTFilter
OTL logfile created on: 18.12.2011 10:13:11 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,40% Memory free
11,81 Gb Paging File | 10,20 Gb Available in Paging File | 86,36% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 802,03 Gb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 366,03 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
 
Computer Name: MAZ-PC | User Name: maz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.17 13:34:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Viren und Trojaner Hilfeordner\Analyse\2 OTL\OTL.exe
PRC - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
PRC - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.11.09 19:27:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.23 19:29:08 | 000,349,504 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.11.09 19:27:12 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.01.07 01:03:20 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.12.06 19:18:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.23 19:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.11.09 15:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.22 17:38:52 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.13 22:30:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.17 17:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mr8980x64.sys -- (mr8980)
DRV:64bit: - [2010.03.17 09:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009.10.07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC)
DRV:64bit: - [2009.10.07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.07.31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.01.19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2010.04.16 15:49:06 | 000,114,048 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MR8980x64.sys -- (mr8980)
DRV - [2009.07.29 18:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 6F 93 F0 D4 10 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\maz\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 14:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 14:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 19:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 19:13:37 | 000,000,000 | ---D | M]
 
[2011.05.12 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Extensions
[2011.12.16 06:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions
[2011.11.11 21:39:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\maz\AppData\Roaming\mozilla\Firefox\Profiles\l17q9gvj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.09 19:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MAZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L17Q9GVJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 19:27:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.05 10:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.05 10:44:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.05 10:44:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.14 18:46:57 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.05 10:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.05 10:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.05 10:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B46ADE-73F0-4405-890F-AB73DE899EDE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.18 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\3DMark 11
[2011.12.18 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\IsolatedStorage
[2011.12.18 09:41:16 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Futuremark_Corporation
[2011.12.18 09:22:08 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2011.12.18 09:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2011.12.17 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Malwarebytes
[2011.12.17 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 18:18:32 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.13 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.12.13 20:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.12.13 20:44:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.12.13 20:44:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.12.11 20:18:21 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Chromium
[2011.12.11 18:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.12.11 18:25:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SamsungPrinterLiveUpdate
[2011.12.11 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[2011.12.11 17:53:12 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011.12.11 17:53:02 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.exe
[2011.12.11 17:53:02 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\ssp7mci.dll
[2011.12.11 17:53:02 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssdevm.dll
[2011.12.11 17:53:02 | 000,074,240 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssdevm64.dll
[2011.12.11 17:53:02 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\ssusbpn.dll
[2011.12.11 17:53:02 | 000,047,104 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\ssusbp64.dll
[2011.12.11 17:51:39 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\Windows\SysWow64\drivers\SSPORT.SYS
[2011.12.11 17:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011.12.11 17:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2011.12.11 17:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011.12.10 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\pokerth
[2011.12.06 21:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.12.06 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Apple Computer
[2011.12.04 08:42:39 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Avira
[2011.12.04 08:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.04 08:37:14 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.04 08:37:14 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.04 08:37:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.04 08:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.04 08:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2011.12.04 08:10:46 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\F-Secure
[2011.12.04 08:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\GetRightToGo
[2011.12.03 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Downloads
[2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\Take On Helicopters Demo
[2011.12.03 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Take On Helicopters Demo
[2011.12.02 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\maz\Documents\sec4
[2011.12.02 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2011.11.26 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2011.11.26 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\TP
[2011.11.25 07:19:45 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\lazarus
[2011.11.24 18:51:37 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Roaming\Need for Speed World
[2011.11.22 18:45:10 | 000,000,000 | ---D | C] -- C:\LH1
[2011.11.21 19:43:53 | 000,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2011.11.19 23:32:40 | 000,000,000 | ---D | C] -- C:\cuprojects
[2011.11.19 21:58:00 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Electronic_Arts_Inc
[2011.11.19 21:54:17 | 000,000,000 | ---D | C] -- C:\Users\maz\AppData\Local\Akamai
[2011.11.18 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.11.18 18:38:08 | 000,256,000 | ---- | C] (SEC) -- C:\Windows\SysNative\SIPDUtil.dll
[2011.11.18 18:38:08 | 000,162,096 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvcA.dll
[2011.11.18 18:38:07 | 000,166,704 | ---- | C] (Samsung Electronics CO., LTD.) -- C:\Windows\SysNative\SUPDSvc.exe
[2011.11.18 18:38:07 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.18 09:54:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.18 09:22:08 | 000,001,086 | ---- | M] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk
[2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.18 08:51:48 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.18 08:49:16 | 001,506,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.18 08:49:16 | 000,656,544 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.18 08:49:16 | 000,618,426 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.18 08:49:16 | 000,131,014 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.18 08:49:16 | 000,107,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.18 08:44:26 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.18 08:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.18 08:44:19 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.12.17 22:23:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.17 21:58:57 | 000,000,600 | ---- | M] () -- C:\Users\maz\AppData\Local\PUTTY.RND
[2011.12.17 21:03:04 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.12.11 18:01:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.11 17:42:46 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2011.12.09 08:38:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 06:33:06 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.12.06 19:19:03 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.12.06 19:18:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.04 08:12:44 | 001,544,938 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.04 08:12:37 | 000,019,476 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2011.11.27 14:42:59 | 000,001,467 | ---- | M] () -- C:\Users\maz\.recently-used.xbel
[2011.11.26 21:20:59 | 000,000,052 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011.11.26 07:43:03 | 000,052,275 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.11.24 05:59:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.11.24 05:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.11.24 05:59:00 | 000,007,653 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.11.23 19:29:36 | 000,406,336 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.18 09:22:08 | 000,001,086 | ---- | C] () -- C:\Users\maz\Desktop\MSI Afterburner.lnk
[2011.12.13 20:44:39 | 000,007,653 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.12.11 18:01:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.11 17:53:13 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.11 17:53:03 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\ssp7ml6.smt
[2011.12.11 17:42:46 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2011.12.04 08:12:37 | 000,019,476 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.12.04 08:12:36 | 001,544,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.27 14:42:59 | 000,001,467 | ---- | C] () -- C:\Users\maz\.recently-used.xbel
[2011.11.23 19:29:36 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.11.18 18:38:07 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\DscPnt.dll
[2011.11.18 18:38:07 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.11.18 18:38:07 | 000,151,552 | ---- | C] () -- C:\Windows\SysNative\spd__ci.exe
[2011.11.18 18:38:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll
[2011.11.18 18:38:07 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt
[2011.11.03 22:43:36 | 000,004,096 | -H-- | C] () -- C:\Users\maz\AppData\Local\keyfile3.drm
[2011.10.31 23:10:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.10.31 23:09:11 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.10.31 23:09:10 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 18:12:11 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.11 07:44:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.09.04 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.14 22:35:55 | 000,007,595 | ---- | C] () -- C:\Users\maz\AppData\Local\Resmon.ResmonCfg
[2011.05.12 22:51:12 | 000,000,600 | ---- | C] () -- C:\Users\maz\AppData\Local\PUTTY.RND
[2011.05.12 22:24:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.12 22:24:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.05.12 22:24:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.05.29 17:47:44 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\.purple
[2011.09.20 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ableton
[2011.09.19 17:10:42 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\aborange
[2011.05.15 08:47:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Ashampoo
[2011.09.07 07:33:40 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Blender Foundation
[2011.10.18 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\calibre
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\DAEMON Tools Lite
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\FileZilla
[2011.12.03 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\GetRightToGo
[2011.05.15 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\gtk-2.0
[2011.09.25 10:13:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Image-Line
[2011.05.14 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Leadertech
[2011.11.24 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Need for Speed World
[2011.05.28 19:48:28 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Notepad++
[2011.05.13 23:00:14 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\OpenOffice.org
[2011.10.26 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Origin
[2011.09.19 18:23:29 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\PhotoScape
[2011.12.10 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\pokerth
[2011.05.15 09:05:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Serif
[2011.11.26 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Steinberg
[2011.09.28 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\SynthMaker
[2011.11.21 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TeamViewer
[2011.11.26 20:10:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TP
[2011.05.13 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TrueCrypt
[2011.12.18 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\TS3Client
[2011.05.14 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Unity
[2011.09.07 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\Windows Live Writer
[2011.09.13 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XMedia Recode
[2011.05.13 22:27:05 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\XProfanFree
[2011.11.04 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\maz\AppData\Roaming\{50A2320B-16F8-4CD0-9404-2F8F9C2128A7}
[2011.10.29 07:37:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Was ist zu tun ?
Vielen Dank im voraus.

aswMBRlog1.txt
OTLlog1.Txt

Alt 18.12.2011, 16:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 18.12.2011, 21:16   #3
kay2012
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



MBAM:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8392

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

18.12.2011 20:12:21
mbam-log-2011-12-18 (20-12-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 384256
Laufzeit: 39 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ab7e40f3267f14c9db2b19a590c9533
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-18 08:10:51
# local_time=2011-12-18 09:10:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1255274 1255274 0 0
# compatibility_mode=5893 16776574 100 94 17669408 75865758 0 0
# compatibility_mode=8192 67108863 100 0 3676 3676 0 0
# scanned=229796
# found=0
# cleaned=0
# scan_time=3143
         
__________________
Angehängte Dateien
Dateityp: txt mbam-log-2011-12-18 (20-12-21).txt (1,0 KB, 151x aufgerufen)
Dateityp: txt log.txt (750 Bytes, 145x aufgerufen)

Alt 19.12.2011, 12:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.12.2011, 18:26   #5
kay2012
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



TDSS:

Code:
ATTFilter
18:22:23.0634 3644	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:22:23.0765 3644	============================================================
18:22:23.0765 3644	Current date / time: 2011/12/19 18:22:23.0765
18:22:23.0765 3644	SystemInfo:
18:22:23.0765 3644	
18:22:23.0765 3644	OS Version: 6.1.7601 ServicePack: 1.0
18:22:23.0765 3644	Product type: Workstation
18:22:23.0765 3644	ComputerName: MAZ-PC
18:22:23.0765 3644	UserName: maz
18:22:23.0765 3644	Windows directory: C:\Windows
18:22:23.0765 3644	System windows directory: C:\Windows
18:22:23.0766 3644	Running under WOW64
18:22:23.0766 3644	Processor architecture: Intel x64
18:22:23.0766 3644	Number of processors: 4
18:22:23.0766 3644	Page size: 0x1000
18:22:23.0766 3644	Boot type: Normal boot
18:22:23.0766 3644	============================================================
18:22:26.0309 3644	Initialize success
18:22:38.0121 2964	============================================================
18:22:38.0121 2964	Scan started
18:22:38.0121 2964	Mode: Manual; SigCheck; TDLFS; 
18:22:38.0121 2964	============================================================
18:22:39.0390 2964	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:22:39.0486 2964	1394ohci - ok
18:22:39.0524 2964	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:22:39.0553 2964	ACPI - ok
18:22:39.0571 2964	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:22:39.0722 2964	AcpiPmi - ok
18:22:39.0801 2964	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:22:39.0819 2964	adp94xx - ok
18:22:39.0841 2964	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:22:39.0856 2964	adpahci - ok
18:22:39.0879 2964	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:22:39.0890 2964	adpu320 - ok
18:22:39.0957 2964	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:22:40.0028 2964	AFD - ok
18:22:40.0053 2964	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:22:40.0065 2964	agp440 - ok
18:22:40.0105 2964	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:22:40.0114 2964	aliide - ok
18:22:40.0144 2964	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:22:40.0167 2964	amdide - ok
18:22:40.0189 2964	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:22:40.0232 2964	AmdK8 - ok
18:22:40.0263 2964	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:22:40.0281 2964	AmdPPM - ok
18:22:40.0304 2964	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:22:40.0315 2964	amdsata - ok
18:22:40.0351 2964	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:22:40.0363 2964	amdsbs - ok
18:22:40.0378 2964	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:22:40.0404 2964	amdxata - ok
18:22:40.0499 2964	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:22:40.0765 2964	AppID - ok
18:22:40.0792 2964	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:22:40.0800 2964	arc - ok
18:22:40.0819 2964	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:22:40.0829 2964	arcsas - ok
18:22:40.0868 2964	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:41.0086 2964	AsyncMac - ok
18:22:41.0117 2964	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:22:41.0124 2964	atapi - ok
18:22:41.0179 2964	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:22:41.0196 2964	AtiPcie - ok
18:22:41.0258 2964	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:22:41.0269 2964	avgntflt - ok
18:22:41.0335 2964	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:22:41.0347 2964	avipbb - ok
18:22:41.0407 2964	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:22:41.0416 2964	avkmgr - ok
18:22:41.0495 2964	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:22:41.0550 2964	b06bdrv - ok
18:22:41.0608 2964	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:41.0631 2964	b57nd60a - ok
18:22:41.0668 2964	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:22:41.0706 2964	Beep - ok
18:22:41.0776 2964	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:41.0798 2964	blbdrive - ok
18:22:41.0841 2964	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:22:41.0923 2964	bowser - ok
18:22:41.0935 2964	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:41.0954 2964	BrFiltLo - ok
18:22:41.0963 2964	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:41.0976 2964	BrFiltUp - ok
18:22:42.0026 2964	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:22:42.0050 2964	Brserid - ok
18:22:42.0067 2964	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:42.0087 2964	BrSerWdm - ok
18:22:42.0117 2964	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:42.0141 2964	BrUsbMdm - ok
18:22:42.0170 2964	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:42.0180 2964	BrUsbSer - ok
18:22:42.0197 2964	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:22:42.0234 2964	BTHMODEM - ok
18:22:42.0292 2964	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:42.0347 2964	cdfs - ok
18:22:42.0403 2964	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:42.0534 2964	cdrom - ok
18:22:42.0720 2964	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:22:42.0832 2964	circlass - ok
18:22:43.0060 2964	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:22:43.0074 2964	CLFS - ok
18:22:43.0124 2964	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:43.0165 2964	CmBatt - ok
18:22:43.0178 2964	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:22:43.0188 2964	cmdide - ok
18:22:43.0229 2964	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:22:43.0250 2964	CNG - ok
18:22:43.0269 2964	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:43.0279 2964	Compbatt - ok
18:22:43.0334 2964	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:22:43.0374 2964	CompositeBus - ok
18:22:43.0475 2964	cpuz130 - ok
18:22:43.0573 2964	cpuz135 - ok
18:22:43.0584 2964	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:22:43.0591 2964	crcdisk - ok
18:22:43.0611 2964	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:22:43.0672 2964	DfsC - ok
18:22:43.0685 2964	DgiVecp - ok
18:22:43.0707 2964	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:22:43.0737 2964	discache - ok
18:22:43.0760 2964	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:22:43.0769 2964	Disk - ok
18:22:43.0845 2964	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:22:43.0875 2964	drmkaud - ok
18:22:43.0949 2964	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:43.0972 2964	DXGKrnl - ok
18:22:44.0035 2964	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:22:44.0131 2964	ebdrv - ok
18:22:44.0174 2964	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:22:44.0189 2964	elxstor - ok
18:22:44.0227 2964	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:22:44.0264 2964	ErrDev - ok
18:22:44.0303 2964	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:22:44.0349 2964	exfat - ok
18:22:44.0375 2964	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:22:44.0419 2964	fastfat - ok
18:22:44.0465 2964	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:22:44.0505 2964	fdc - ok
18:22:44.0524 2964	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:22:44.0543 2964	FileInfo - ok
18:22:44.0565 2964	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:22:44.0602 2964	Filetrace - ok
18:22:44.0771 2964	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:44.0783 2964	flpydisk - ok
18:22:44.0823 2964	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:22:44.0836 2964	FltMgr - ok
18:22:44.0889 2964	FLxHCIc         (e35f19855192d025da41e8dfa318206a) C:\Windows\system32\DRIVERS\FLxHCIc.sys
18:22:44.0915 2964	FLxHCIc - ok
18:22:44.0955 2964	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:22:44.0964 2964	FsDepends - ok
18:22:44.0972 2964	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:44.0981 2964	Fs_Rec - ok
18:22:45.0057 2964	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:45.0070 2964	fvevol - ok
18:22:45.0116 2964	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:45.0125 2964	gagp30kx - ok
18:22:45.0182 2964	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:22:45.0193 2964	GEARAspiWDM - ok
18:22:45.0227 2964	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:22:45.0264 2964	hcw85cir - ok
18:22:45.0318 2964	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:22:45.0341 2964	HdAudAddService - ok
18:22:45.0372 2964	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:22:45.0391 2964	HDAudBus - ok
18:22:45.0421 2964	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:45.0438 2964	HidBatt - ok
18:22:45.0459 2964	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:45.0515 2964	HidBth - ok
18:22:45.0537 2964	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:22:45.0563 2964	HidIr - ok
18:22:45.0641 2964	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:45.0679 2964	HidUsb - ok
18:22:45.0731 2964	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:22:45.0742 2964	HpSAMD - ok
18:22:45.0822 2964	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:22:45.0880 2964	HTTP - ok
18:22:45.0941 2964	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:22:45.0948 2964	hwpolicy - ok
18:22:45.0984 2964	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:22:45.0999 2964	i8042prt - ok
18:22:46.0077 2964	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:22:46.0091 2964	iaStorV - ok
18:22:46.0136 2964	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:46.0153 2964	iirsp - ok
18:22:46.0529 2964	IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
18:22:46.0618 2964	IntcAzAudAddService - ok
18:22:46.0637 2964	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:22:46.0646 2964	intelide - ok
18:22:46.0684 2964	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:46.0707 2964	intelppm - ok
18:22:46.0755 2964	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:46.0797 2964	IpFilterDriver - ok
18:22:46.0815 2964	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:46.0828 2964	IPMIDRV - ok
18:22:46.0848 2964	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:22:46.0915 2964	IPNAT - ok
18:22:46.0961 2964	irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
18:22:47.0084 2964	irda - ok
18:22:47.0104 2964	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:22:47.0127 2964	IRENUM - ok
18:22:47.0183 2964	irsir           (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
18:22:47.0209 2964	irsir - ok
18:22:47.0254 2964	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:22:47.0266 2964	isapnp - ok
18:22:47.0297 2964	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:22:47.0309 2964	iScsiPrt - ok
18:22:47.0361 2964	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:22:47.0371 2964	kbdclass - ok
18:22:47.0391 2964	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:22:47.0411 2964	kbdhid - ok
18:22:47.0457 2964	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:22:47.0464 2964	KSecDD - ok
18:22:47.0501 2964	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:47.0512 2964	KSecPkg - ok
18:22:47.0548 2964	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:22:47.0582 2964	ksthunk - ok
18:22:47.0611 2964	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:47.0641 2964	lltdio - ok
18:22:47.0699 2964	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:47.0707 2964	LSI_FC - ok
18:22:47.0719 2964	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:47.0728 2964	LSI_SAS - ok
18:22:47.0749 2964	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:47.0756 2964	LSI_SAS2 - ok
18:22:47.0783 2964	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:47.0800 2964	LSI_SCSI - ok
18:22:47.0810 2964	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:22:47.0861 2964	luafv - ok
18:22:47.0879 2964	LVPr2M64 - ok
18:22:47.0951 2964	LVRS64          (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
18:22:47.0972 2964	LVRS64 - ok
18:22:48.0322 2964	LVUVC64         (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
18:22:48.0482 2964	LVUVC64 - ok
18:22:48.0506 2964	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:22:48.0517 2964	megasas - ok
18:22:48.0550 2964	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:48.0563 2964	MegaSR - ok
18:22:48.0595 2964	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:22:48.0637 2964	Modem - ok
18:22:48.0670 2964	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:22:48.0694 2964	monitor - ok
18:22:48.0717 2964	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:22:48.0726 2964	mouclass - ok
18:22:48.0740 2964	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:48.0749 2964	mouhid - ok
18:22:48.0798 2964	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:22:48.0807 2964	mountmgr - ok
18:22:48.0847 2964	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:22:48.0858 2964	mpio - ok
18:22:48.0881 2964	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:22:48.0919 2964	mpsdrv - ok
18:22:49.0017 2964	mr8980          (a6bccf5e16b208b6b490b6efe6f98623) C:\Windows\system32\DRIVERS\mr8980x64.sys
18:22:49.0073 2964	mr8980 - ok
18:22:49.0132 2964	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:22:49.0181 2964	MRxDAV - ok
18:22:49.0221 2964	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:49.0249 2964	mrxsmb - ok
18:22:49.0266 2964	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:49.0283 2964	mrxsmb10 - ok
18:22:49.0307 2964	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:49.0333 2964	mrxsmb20 - ok
18:22:49.0350 2964	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:22:49.0366 2964	msahci - ok
18:22:49.0375 2964	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:22:49.0384 2964	msdsm - ok
18:22:49.0398 2964	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:22:49.0421 2964	Msfs - ok
18:22:49.0434 2964	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:49.0505 2964	mshidkmdf - ok
18:22:49.0514 2964	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:22:49.0523 2964	msisadrv - ok
18:22:49.0558 2964	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:49.0624 2964	MSKSSRV - ok
18:22:49.0670 2964	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:49.0730 2964	MSPCLOCK - ok
18:22:49.0762 2964	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:22:49.0805 2964	MSPQM - ok
18:22:49.0842 2964	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:22:49.0856 2964	MsRPC - ok
18:22:49.0891 2964	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:22:49.0902 2964	mssmbios - ok
18:22:49.0911 2964	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:22:49.0940 2964	MSTEE - ok
18:22:49.0970 2964	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:49.0995 2964	MTConfig - ok
18:22:50.0021 2964	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:22:50.0031 2964	Mup - ok
18:22:50.0066 2964	mv91xx          (77073c1af9c0921ff18ee628049bb1a9) C:\Windows\system32\DRIVERS\mv91xx.sys
18:22:50.0078 2964	mv91xx - ok
18:22:50.0142 2964	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:50.0172 2964	NativeWifiP - ok
18:22:50.0243 2964	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:22:50.0263 2964	NDIS - ok
18:22:50.0285 2964	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:50.0317 2964	NdisCap - ok
18:22:50.0354 2964	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:50.0389 2964	NdisTapi - ok
18:22:50.0440 2964	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:50.0478 2964	Ndisuio - ok
18:22:50.0508 2964	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:50.0548 2964	NdisWan - ok
18:22:50.0592 2964	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:22:50.0652 2964	NDProxy - ok
18:22:50.0662 2964	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:22:50.0707 2964	NetBIOS - ok
18:22:50.0728 2964	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:22:50.0760 2964	NetBT - ok
18:22:50.0843 2964	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:50.0852 2964	nfrd960 - ok
18:22:50.0988 2964	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
18:22:51.0019 2964	NPF - ok
18:22:51.0028 2964	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:22:51.0071 2964	Npfs - ok
18:22:51.0088 2964	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:22:51.0134 2964	nsiproxy - ok
18:22:51.0206 2964	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:22:51.0243 2964	Ntfs - ok
18:22:51.0266 2964	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:22:51.0316 2964	Null - ok
18:22:51.0359 2964	NVHDA           (dd743dc997f26eddfdcebe7146b458b8) C:\Windows\system32\drivers\nvhda64v.sys
18:22:51.0369 2964	NVHDA - ok
18:22:51.0755 2964	nvlddmkm        (88e141b9df63c41ea272b2f712d1a227) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:22:52.0066 2964	nvlddmkm - ok
18:22:52.0117 2964	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:22:52.0126 2964	nvraid - ok
18:22:52.0153 2964	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:22:52.0162 2964	nvstor - ok
18:22:52.0231 2964	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:22:52.0241 2964	nv_agp - ok
18:22:52.0258 2964	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:22:52.0280 2964	ohci1394 - ok
18:22:52.0324 2964	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:22:52.0347 2964	Parport - ok
18:22:52.0391 2964	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:22:52.0401 2964	partmgr - ok
18:22:52.0422 2964	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:22:52.0433 2964	pci - ok
18:22:52.0462 2964	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:22:52.0468 2964	pciide - ok
18:22:52.0536 2964	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:52.0553 2964	pcmcia - ok
18:22:52.0571 2964	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:22:52.0579 2964	pcw - ok
18:22:52.0613 2964	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:22:52.0660 2964	PEAUTH - ok
18:22:52.0746 2964	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:52.0776 2964	PptpMiniport - ok
18:22:52.0810 2964	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:22:52.0832 2964	Processor - ok
18:22:52.0895 2964	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:22:52.0929 2964	Psched - ok
18:22:52.0994 2964	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:53.0041 2964	ql2300 - ok
18:22:53.0070 2964	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:53.0082 2964	ql40xx - ok
18:22:53.0122 2964	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:22:53.0145 2964	QWAVEdrv - ok
18:22:53.0286 2964	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:53.0350 2964	RasAcd - ok
18:22:53.0500 2964	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:53.0532 2964	RasAgileVpn - ok
18:22:53.0544 2964	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:53.0593 2964	Rasl2tp - ok
18:22:53.0607 2964	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:53.0656 2964	RasPppoe - ok
18:22:53.0672 2964	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:53.0703 2964	RasSstp - ok
18:22:53.0742 2964	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:53.0768 2964	rdbss - ok
18:22:53.0791 2964	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:53.0806 2964	rdpbus - ok
18:22:53.0824 2964	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:53.0861 2964	RDPCDD - ok
18:22:53.0892 2964	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:22:53.0932 2964	RDPENCDD - ok
18:22:53.0943 2964	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:22:53.0966 2964	RDPREFMP - ok
18:22:54.0000 2964	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:22:54.0026 2964	RDPWD - ok
18:22:54.0055 2964	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:22:54.0067 2964	rdyboost - ok
18:22:54.0121 2964	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:54.0155 2964	rspndr - ok
18:22:54.0231 2964	RTL8167         (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:22:54.0260 2964	RTL8167 - ok
18:22:54.0341 2964	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:22:54.0353 2964	sbp2port - ok
18:22:54.0401 2964	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:54.0440 2964	scfilter - ok
18:22:54.0482 2964	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:22:54.0541 2964	secdrv - ok
18:22:54.0578 2964	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:22:54.0586 2964	Serenum - ok
18:22:54.0616 2964	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:22:54.0640 2964	Serial - ok
18:22:54.0682 2964	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:54.0705 2964	sermouse - ok
18:22:54.0729 2964	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:22:54.0768 2964	sffdisk - ok
18:22:54.0784 2964	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:54.0796 2964	sffp_mmc - ok
18:22:54.0819 2964	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:22:54.0842 2964	sffp_sd - ok
18:22:54.0879 2964	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:54.0891 2964	sfloppy - ok
18:22:54.0946 2964	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:54.0958 2964	SiSRaid2 - ok
18:22:54.0994 2964	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:55.0005 2964	SiSRaid4 - ok
18:22:55.0038 2964	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:22:55.0097 2964	Smb - ok
18:22:55.0124 2964	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:22:55.0134 2964	spldr - ok
18:22:55.0211 2964	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
18:22:55.0211 2964	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:22:55.0213 2964	sptd ( LockedFile.Multi.Generic ) - warning
18:22:55.0213 2964	sptd - detected LockedFile.Multi.Generic (1)
18:22:55.0238 2964	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:22:55.0284 2964	srv - ok
18:22:55.0308 2964	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:22:55.0358 2964	srv2 - ok
18:22:55.0381 2964	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:55.0405 2964	srvnet - ok
18:22:55.0445 2964	SSPORT - ok
18:22:55.0516 2964	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:22:55.0526 2964	stexstor - ok
18:22:55.0585 2964	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:22:55.0597 2964	swenum - ok
18:22:55.0722 2964	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:22:55.0772 2964	Tcpip - ok
18:22:55.0831 2964	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:55.0863 2964	TCPIP6 - ok
18:22:55.0916 2964	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:22:55.0974 2964	tcpipreg - ok
18:22:55.0993 2964	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:22:56.0035 2964	TDPIPE - ok
18:22:56.0062 2964	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:22:56.0095 2964	TDTCP - ok
18:22:56.0124 2964	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:22:56.0155 2964	tdx - ok
18:22:56.0235 2964	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:22:56.0245 2964	TermDD - ok
18:22:56.0323 2964	truecrypt       (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
18:22:56.0335 2964	truecrypt - ok
18:22:56.0375 2964	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:56.0442 2964	tssecsrv - ok
18:22:56.0529 2964	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:22:56.0544 2964	TsUsbFlt - ok
18:22:56.0579 2964	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:56.0625 2964	tunnel - ok
18:22:56.0653 2964	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:56.0664 2964	uagp35 - ok
18:22:56.0725 2964	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:22:56.0759 2964	udfs - ok
18:22:56.0800 2964	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:22:56.0809 2964	uliagpkx - ok
18:22:56.0846 2964	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:22:56.0868 2964	umbus - ok
18:22:56.0895 2964	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:22:56.0917 2964	UmPass - ok
18:22:56.0949 2964	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:22:56.0971 2964	usbaudio - ok
18:22:57.0012 2964	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:57.0027 2964	usbccgp - ok
18:22:57.0058 2964	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:22:57.0085 2964	usbcir - ok
18:22:57.0126 2964	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:57.0147 2964	usbehci - ok
18:22:57.0178 2964	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:57.0199 2964	usbhub - ok
18:22:57.0219 2964	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:22:57.0237 2964	usbohci - ok
18:22:57.0259 2964	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:57.0273 2964	usbprint - ok
18:22:57.0307 2964	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:57.0324 2964	USBSTOR - ok
18:22:57.0341 2964	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:22:57.0381 2964	usbuhci - ok
18:22:57.0428 2964	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:22:57.0443 2964	usbvideo - ok
18:22:57.0479 2964	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:22:57.0490 2964	vdrvroot - ok
18:22:57.0512 2964	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:57.0558 2964	vga - ok
18:22:57.0602 2964	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:22:57.0667 2964	VgaSave - ok
18:22:57.0699 2964	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:22:57.0710 2964	vhdmp - ok
18:22:57.0768 2964	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:22:57.0775 2964	viaide - ok
18:22:57.0785 2964	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:22:57.0794 2964	volmgr - ok
18:22:57.0853 2964	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:22:57.0866 2964	volmgrx - ok
18:22:57.0898 2964	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:22:57.0909 2964	volsnap - ok
18:22:57.0930 2964	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:57.0939 2964	vsmraid - ok
18:22:57.0961 2964	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:22:57.0990 2964	vwifibus - ok
18:22:58.0022 2964	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:58.0037 2964	WacomPen - ok
18:22:58.0079 2964	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:58.0113 2964	WANARP - ok
18:22:58.0116 2964	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:58.0144 2964	Wanarpv6 - ok
18:22:58.0166 2964	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:22:58.0176 2964	Wd - ok
18:22:58.0193 2964	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:22:58.0213 2964	Wdf01000 - ok
18:22:58.0268 2964	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:58.0293 2964	WfpLwf - ok
18:22:58.0315 2964	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:22:58.0364 2964	WIMMount - ok
18:22:58.0462 2964	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:58.0489 2964	WinUsb - ok
18:22:58.0600 2964	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:22:58.0611 2964	WmiAcpi - ok
18:22:58.0650 2964	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:58.0681 2964	ws2ifsl - ok
18:22:58.0716 2964	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:22:58.0756 2964	WudfPf - ok
18:22:58.0768 2964	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:58.0818 2964	WUDFRd - ok
18:22:58.0919 2964	XENfiltv        (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
18:22:59.0150 2964	XENfiltv - ok
18:22:59.0183 2964	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:22:59.0576 2964	\Device\Harddisk0\DR0 - ok
18:22:59.0666 2964	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
18:23:20.0396 2964	\Device\Harddisk1\DR1 - ok
18:23:20.0567 2964	Boot (0x1200)   (0b98b9422d1b4471ba2b98eba915f335) \Device\Harddisk0\DR0\Partition0
18:23:20.0609 2964	\Device\Harddisk0\DR0\Partition0 - ok
18:23:20.0621 2964	Boot (0x1200)   (89a6aeb194b8f3801d332890a478ee28) \Device\Harddisk0\DR0\Partition1
18:23:20.0624 2964	\Device\Harddisk0\DR0\Partition1 - ok
18:23:20.0679 2964	Boot (0x1200)   (739420f675c5a2d3f93e8a3a5021d74a) \Device\Harddisk1\DR1\Partition0
18:23:20.0839 2964	\Device\Harddisk1\DR1\Partition0 - ok
18:23:20.0839 2964	============================================================
18:23:20.0839 2964	Scan finished
18:23:20.0839 2964	============================================================
18:23:20.0846 2648	Detected object count: 1
18:23:20.0846 2648	Actual detected object count: 1
18:23:52.0121 2648	sptd ( LockedFile.Multi.Generic ) - skipped by user
18:23:52.0121 2648	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         


Alt 22.12.2011, 18:27   #6
kay2012
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



War es nun ein Fehlalarm oder ist das kein Rootbot ö.ä. ?

Alt 22.12.2011, 18:42   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



SPTD ist ein Treiber für CD/DVD Emus wie zB DaemonTools.
Soweit war alles unauffällig.
Rechner im Lot, gibt noch Probleme die uns veranlassen sollten tiefer zu buddeln?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2011, 20:23   #8
kay2012
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



Hab soweit keine weitere Probleme. Das mit dem Treiber hab ich schon vermutet aber auch "Roots" verstecken sich ja gern hinter solchen Namen. Ich werd ab und zu mal "nachscannen" und mit TCP Viewer gucken, ob da Pakete gesendet werden, die nicht sein sollten. Vielen Dank für eure Hilfe & fröhlichen Weihnachten !!!

Alt 22.12.2011, 20:26   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Standard

Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]
adobe, antivir, aswmbr, avg, avira, bho, classpnp.sys, computer, desktop, document, error, excel.exe, firefox, format, helper, home, langs, launch, log file, logfile, mozilla, nvidia update, object, realtek, registry, rootkit, senden, system, trojaner, viren, webcheck, windows, windows xp



Ähnliche Themen: Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]


  1. Rootkit verdacht unter win7 64bit ultimate
    Log-Analyse und Auswertung - 30.11.2015 (35)
  2. Windows 8.1(Bootcamp;MacBookPro)- Verdacht auf Rootkit bzw. Malware
    Log-Analyse und Auswertung - 21.05.2015 (5)
  3. Windows 7 Verdacht auf Rootkit
    Log-Analyse und Auswertung - 22.09.2014 (3)
  4. AVG meldet Anti-Rootkit infektion unknown NtMapViewOfSection...
    Plagegeister aller Art und deren Bekämpfung - 04.05.2014 (14)
  5. Sporadische Adf.ly-Popups, Verdacht auf Rootkit
    Log-Analyse und Auswertung - 16.06.2013 (28)
  6. Verdacht auf ZeroAccess Rootkit
    Log-Analyse und Auswertung - 23.04.2013 (7)
  7. Hartnäckigen Virus! (5) (Verdacht auf Rootkit?)
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (20)
  8. Verdacht auf Virus Trojaner Rootkit
    Log-Analyse und Auswertung - 08.06.2012 (1)
  9. Windows XP Service Pack 3 nicht installierbar (acpi.sys) - Rootkit-Befall?
    Log-Analyse und Auswertung - 15.02.2012 (43)
  10. Verdacht auf Rootkit-Verseuchung Windows 7 64bit
    Log-Analyse und Auswertung - 22.08.2011 (4)
  11. GMER Auswertung verdacht auf Rootkit
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (14)
  12. Gmer meldet Rootkit Verdacht: HIDDEN MSSQL Service
    Log-Analyse und Auswertung - 04.08.2010 (5)
  13. Rootkit verdacht aber kann keine scanner installieren!
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (16)
  14. Hijack-Logfile (Rootkit-Verdacht unter Vista)
    Log-Analyse und Auswertung - 02.07.2008 (0)
  15. Verdacht auf RootKit
    Plagegeister aller Art und deren Bekämpfung - 29.11.2007 (57)
  16. Schreibzugriff auf ACPI
    Plagegeister aller Art und deren Bekämpfung - 22.11.2006 (3)

Zum Thema Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] - Hallo liebe Helfer, ich bin habe meinen PC mit "aswMBR" gescannt und dabei einen rot markierten Bereich angezeigt bekommen: Code: Alles auswählen Aufklappen ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST - Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]...
Archiv
Du betrachtest: Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.