GVU Trojaner Windows7 32bit

Hompen · 01.08.2012, 09:13

Hallo, der PC meiner Eltern hat sich eine GVU Trojaner eingefangen und nun versuche ich mit meinem - zugegebenermaßen - Halbwissen diesen zu flicken.

Habe versucht ihn mit Kaspersky Windows Unlocker zu entsperren um anschliessend die wichtigsten Daten zu sichern befor ich das System neu aufsetzen werde (müssen) - Dies leider ohne Erfolg.

Daher hier mein diversen txt files:
OTL:

Code:

ATTFilter

OTL logfile created on: 31.07.2012 20:21:52 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\****\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 86,90% Memory free
6,00 Gb Paging File | 5,63 Gb Available in Paging File | 93,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,29 Gb Total Space | 349,05 Gb Free Space | 76,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 20:14:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.01.15 13:45:34 | 000,181,248 | ---- | M] () -- C:\Windows\System32\txmlutil.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.27 11:39:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.02 05:11:59 | 000,136,784 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.09 15:15:41 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\SQL2005EXP\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$DWINSTANCE01)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.29 18:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.02.01 02:01:02 | 000,661,176 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.01.20 15:27:24 | 001,622,320 | ---- | M] (Acronis Inc.) [Auto | Stopped] -- C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\vsserv.exe -- (VSSERV)
SRV - [2009.12.10 18:02:32 | 000,331,616 | ---- | M] (Acronis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009.12.10 18:01:56 | 000,181,600 | ---- | M] (Acronis Inc. hxxp://www.acronis.com/homecomputing/products/antivirus) [On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009.11.19 15:00:04 | 000,311,296 | ---- | M] (Acronis Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\scan.dll -- (scan)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\Kamera\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.02.09 15:15:42 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.02.09 15:15:39 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258)
DRV - [2011.02.09 15:15:35 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.02.09 15:15:27 | 000,163,904 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.06.22 00:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.01.04 19:41:24 | 000,079,368 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2009.12.31 11:22:09 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.11.10 18:04:14 | 000,152,456 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2009.11.10 17:14:22 | 000,054,912 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Programme\Acronis Backup and Security\Acronis Backup and Security 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2009.10.19 17:04:00 | 000,072,200 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\BdfNdisf6.sys -- (bdfndisf)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.22 09:22:06 | 000,083,208 | ---- | M] (BitDefender) [Kernel | Auto | Stopped] -- C:\Programme\Acronis Backup and Security\Acronis Backup and Security 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009.08.27 17:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\profos.sys -- (Profos)
DRV - [2009.07.24 12:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.05.07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\trufos.sys -- (Trufos)
DRV - [2006.09.18 14:05:30 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8355CFDD-F1A7-4CAC-B746-F868516AF8C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2412158
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {349523AC-38F8-4042-A116-1E06A154CDDC}
IE - HKCU\..\SearchScopes\{349523AC-38F8-4042-A116-1E06A154CDDC}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2412158
IE - HKCU\..\SearchScopes\{EFA598D4-61A9-484A-9747-AB70A41929A0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F63C4AE1-B6AE-434A-B16A-A508926D0372&apn_sauid=13F5BE0F-7566-434C-9BEB-DDE7BB6DDE37
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.14 21:40:17 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acronis Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\Acronis Backup and Security\Acronis Backup and Security 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACAgent] C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\bdagent.exe (Acronis Inc.)
O4 - HKLM..\Run: [Acronis Antiphishing Helper] C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\IEShow.exe (Acronis Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\Kamera\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01654E26-BAD1-44BB-A12B-2EC86CB3D40C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0EBE922-E952-45B2-B7F1-C74D50C638C9}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 20:14:22 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.31 17:13:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.27 09:20:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2D517E97-0BAA-4E07-A5C8-CA68F107E8CD}
[2012.07.27 09:19:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B94C5DD1-6937-4D24-8860-5AEE46887F47}
[2012.07.19 09:14:49 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012.07.13 09:59:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashDumps
[2012.07.12 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{959D19E7-9540-4074-A41D-7F59EDF7DEF0}
[2012.07.05 19:28:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{AA6D5B7B-315C-4148-AC86-F102BA8B9212}
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 20:17:42 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.07.31 20:15:31 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\trjppjhq.exe
[2012.07.31 20:14:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.07.31 20:14:00 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.31 20:08:26 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012.07.31 20:08:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.31 20:08:18 | 2414,678,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 20:07:35 | 000,000,132 | ---- | M] () -- C:\windows\System32\rezumatenoi.dat
[2012.07.31 20:07:25 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 20:06:59 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 18:59:23 | 000,016,768 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:59:23 | 000,016,768 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:58:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 13:37:10 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 09:42:21 | 000,001,883 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.13 16:02:52 | 008,958,710 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.07.13 16:02:52 | 003,083,004 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.07.13 16:02:52 | 002,749,610 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.07.13 16:02:52 | 002,447,796 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.07.13 08:39:22 | 000,289,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.31 20:17:42 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.07.31 20:15:31 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\trjppjhq.exe
[2012.07.31 20:14:00 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.07.31 09:42:20 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 09:42:20 | 000,001,883 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.04.20 11:33:02 | 000,349,264 | ---- | C] () -- C:\windows\System32\UPDIO2.dll
[2012.04.20 11:33:01 | 000,261,712 | ---- | C] () -- C:\windows\SUPDRun.exe
[2012.04.20 11:33:01 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe
[2012.04.20 11:33:01 | 000,024,064 | ---- | C] () -- C:\windows\System32\spd__l.dll
[2011.07.18 08:57:39 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.05.08 08:59:18 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{A7C87768-1FE0-480F-A0BA-EEF75FE0E5B6}
[2011.02.17 16:02:48 | 000,462,848 | ---- | C] () -- C:\windows\ssndii.exe
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\wsbl.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_white.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_summ.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\ph_black.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords2.dat
[2011.02.16 14:51:37 | 000,000,000 | ---- | C] () -- C:\windows\System32\pcwords.dat
[2011.02.16 14:15:23 | 000,000,132 | ---- | C] () -- C:\windows\System32\rezumatenoi.dat
[2011.02.09 15:25:45 | 000,000,016 | ---- | C] () -- C:\windows\System32\asdict.dat
[2011.02.09 15:25:45 | 000,000,004 | ---- | C] () -- C:\windows\System32\aspdict-en.dat
[2011.01.24 09:56:47 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2011.01.24 09:36:23 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
 
========== LOP Check ==========
 
[2011.02.09 15:45:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acronis
[2011.02.09 15:13:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acronis Backup and Security
[2012.02.14 21:59:26 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\RPPrivate
[2011.07.18 08:50:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011.07.09 09:47:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.02.09 12:59:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2011.06.03 16:13:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer
[2011.09.14 21:07:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WordToPDF
[2012.07.27 08:59:03 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extra.txt:

Code:

ATTFilter

OTL Extras logfile created on: 31.07.2012 20:21:52 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\****\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 86,90% Memory free
6,00 Gb Paging File | 5,63 Gb Available in Paging File | 93,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,29 Gb Total Space | 349,05 Gb Free Space | 76,84% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0759201C-4BD0-4F9E-BE3D-B167D4F3EA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{10EA10E3-2A95-49B2-ABAE-B399E21AC849}" = rport=138 | protocol=17 | dir=out | app=system | 
"{17661162-3CB2-4E66-83BC-45F52EEE99E7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3B07B2BE-5859-4897-BC8F-6B1994FA663D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{42CE550B-1B42-4678-8CE4-5CCF0F0188B6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4A0D575B-978F-487D-B6F0-818FC78F005B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4D3FC748-03DF-45A1-A141-195050354FB3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{686D484C-3DD2-41C9-8AAC-3568E97FF8AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75A26AB2-498D-4459-8C2E-E3D1E02C29B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F80435B-3DA7-49FC-A282-7356FFC81049}" = lport=138 | protocol=17 | dir=in | app=system | 
"{963C5484-0B25-480E-ADFB-BD7585982939}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A58F8B41-6387-43BB-A6C6-4107263D1179}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C6717BE3-E7EC-4A92-9612-0AD8A5F31E8C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E201BCB3-289B-48E2-9706-90EAE0D61434}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE82F52-B34E-4B67-AF04-B91F68B89113}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{1DD1C213-DDDE-4FE3-B277-D9616DBC3083}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{59B10ED6-255D-4B81-900E-BA1A98978647}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{78B6A2FD-803B-4904-BF16-8C9E1C8133DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AEF73F75-0E1D-42B0-BB2E-18842A159AE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CA2C6505-F81E-4BE6-9D78-85499190257A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E264D6A2-AF3C-419E-A2F5-E49A15DC9F1F}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"TCP Query User{066185A9-0B0C-43A5-98C5-47D1582E470C}C:\program files\dtm2009\dwrun.exe" = protocol=6 | dir=in | app=c:\program files\dtm2009\dwrun.exe | 
"TCP Query User{10DB78BB-8210-4FCE-9329-F1188768C343}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3EC305AE-C231-4F8F-B8BC-BCA0D94C35B2}C:\program files\dtm2009\dw.exe" = protocol=6 | dir=in | app=c:\program files\dtm2009\dw.exe | 
"UDP Query User{1546EAC9-4CE0-4CFA-82EE-1964B0AD7C69}C:\program files\dtm2009\dwrun.exe" = protocol=17 | dir=in | app=c:\program files\dtm2009\dwrun.exe | 
"UDP Query User{25928F8F-4E66-475F-8DA8-E5EEBEC4D1D3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{29D3EDCF-1134-42B2-A23F-939079761C77}C:\program files\dtm2009\dw.exe" = protocol=17 | dir=in | app=c:\program files\dtm2009\dw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (DWINSTANCE01)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7ED39639-9464-43A6-94DA-535F4EF2A940}" = Acronis Backup and Security 2010
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7FDDBC6-6BAA-4B9B-B560-A43BBC802411}_is1" = DTM2009 4.0.1252.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF1F8765-BEBF-47A0-BA04-DE99E0E392F2}" = Acronis*True*Image*Home
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Profi cash" = Profi cash
"RealoreStudios Toolbar" = RealoreStudios Toolbar
"RealPlayer 15.0" = RealPlayer
"Roads of Rome 2_is1" = Roads of Rome 2
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.07.2012 07:38:35 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 07:38:35 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 12:56:59 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 12:56:59 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 13:00:11 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 13:00:11 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 13:02:47 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 13:02:47 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
Error - 31.07.2012 14:07:01 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to 
object/counter names. SQL Server performance counters are disabled.
 
Error - 31.07.2012 14:07:01 | Computer Name = ****-PC | Source = MSSQL$DWINSTANCE01 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
 sqlctr.ini for this instance, and ensure that the instance login account has correct
 registry permissions.
 
[ System Events ]
Error - 31.07.2012 14:13:52 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 31.07.2012 14:17:14 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:17:14 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:17:14 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:19:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:19:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:19:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:24:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:24:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.07.2012 14:24:20 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

Gmer.txt: hier bin ich mir nicht ganz sicher ob ich richtig vorgegangen bin, als die Häckenchen zu entfernen waren. Habe sie bei IAT/EAT, Show all herausgenommen und bei der Systempartition (C

gelassen. Da hat sich der Scan aufgehängt. Habe dann nochmals - ohne Häkchen bei der C: partition laufen lassen und hier das Ergebnis:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-31 20:56:43
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00UU3A0 rev.01.03B01
Running: trjppjhq.exe; Driver: C:\Users\****\AppData\Local\Temp\ufdiqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9  82895599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2     828BA092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                     tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\ACPI_HAL \Device\0000004a          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

ich hoffe mir kann hier einer helfen und schon mal Danke für die Mühen.
Gruss Hompen.

markusg · 01.08.2012, 10:41

die infektion ist ja auch kein wunder, bei den fehlenen updates.
währe die software aktuell, wäre das nicht passiert, dass können wir uns aber am ende ansehen.

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
[2012.07.31 09:42:20 | 000,001,883 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 :Files
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.

Hompen · 01.08.2012, 13:29

Bin ein wenig irritiert, ob ich das jetzt richtig gemacht habe.
habe den code in OTL eingefügt und laufen lassen mit 'Fix'.
Anschließend wurde ein Neustart verlangt, dem ich mit OK zugestimmt habe und er ist im normale Modus hochgefahren.

Es ist allerdings keine TXT Dokument erzeugt worden (zumindest nicht auf dem Desktop) und nach einigen Augenblicken hat der GVU Trojaner wieder zugeschlagen und mein System gesperrt.

Kann daher leider kein TXT dokument posten, habe aber den Cache hochgeladen.

Update:

Anscheinend hat Malwarebytes AM etwas abgefangen und ich kann den PC jetzt normal starten. Habe allerdings immer noch keine .txt Datei erhalten.

Wie soll ich nun weiter vorgehen? Habe mal as MBAM logfile angehängt.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.01.03

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
**** :: *****-PC [Administrator]

Schutz: Deaktiviert

01.08.2012 12:31:12
mbam-log-2012-08-01 (12-31-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 597925
Laufzeit: 1 Stunde(n), 9 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\****\AppData\Local\Temp\deo0_sar.exe (Trojan.Cridex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

markusg · 02.08.2012, 17:09

passt so.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hompen · 02.08.2012, 18:18

hier der logfile von Combofix:

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-31.03 - **** 02.08.2012  18:45:17.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3070.2191 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Acronis Backup and Security Antivirus *Disabled/Outdated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8}
FW: Acronis Backup and Security Firewall *Disabled* {61B379E6-EB43-B985-59CE-7C1172501483}
SP: Acronis Backup and Security AntiSpyware *Disabled/Outdated* {E2E91927-8716-B753-4821-EE56F7041945}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\****\4.0
c:\users\****\Documents\Readiris.DUS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-02 bis 2012-08-02  ))))))))))))))))))))))))))))))
.
.
2012-08-02 16:52 . 2012-08-02 16:52	--------	d-----w-	c:\users\****\AppData\Local\temp
2012-08-02 16:52 . 2012-08-02 16:52	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 16:52 . 2012-08-02 16:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-02 06:44 . 2012-08-02 06:44	--------	d-----w-	c:\windows\system32\SPReview
2012-08-02 04:27 . 2012-08-02 04:27	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{19932AF3-766A-4BD8-9C03-BEA8578F22F3}\offreg.dll
2012-08-01 17:33 . 2012-08-01 17:33	--------	d-----w-	c:\users\****\AppData\Local\WindowsUpdate
2012-08-01 09:53 . 2012-08-01 09:53	--------	d-----w-	C:\_OTL
2012-08-01 08:25 . 2012-08-01 08:25	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2012-08-01 08:24 . 2012-08-01 08:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-08-01 08:24 . 2012-08-01 08:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-01 08:24 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-31 15:13 . 2012-07-31 18:29	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-07-31 07:03 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{19932AF3-766A-4BD8-9C03-BEA8578F22F3}\mpengine.dll
2012-07-13 07:59 . 2012-07-17 10:40	--------	d-----w-	c:\users\****\AppData\Local\CrashDumps
2012-07-12 18:38 . 2012-06-12 02:44	2344448	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 06:34 . 2012-06-02 04:51	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-12 06:34 . 2012-06-02 04:51	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 06:34 . 2012-06-02 04:50	369336	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-12 06:34 . 2012-06-02 04:48	225280	----a-w-	c:\windows\system32\schannel.dll
2012-07-12 06:34 . 2012-06-02 04:47	219136	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-12 06:34 . 2012-06-06 05:09	1389568	----a-w-	c:\windows\system32\msxml6.dll
2012-07-12 06:34 . 2012-06-06 05:09	1236992	----a-w-	c:\windows\system32\msxml3.dll
2012-07-12 06:34 . 2012-06-06 05:09	987136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:39 . 2012-04-12 06:52	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-27 09:39 . 2011-06-22 05:12	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-23 16:27	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 16:27	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 16:26	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 16:26	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 16:27	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 16:27	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 16:26	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 16:26	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 16:26	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-02-09 10:07	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"ACAgent"="c:\program files\Acronis Backup and Security\Acronis Backup and Security 2010\bdagent.exe" [2009-12-10 1110368]
"Acronis Antiphishing Helper"="c:\program files\Acronis Backup and Security\Acronis Backup and Security 2010\IEShow.exe" [2009-12-10 82272]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-01-31 5141144]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-02-01 362136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PMBVolumeWatcher"="c:\program files\Sony\Kamera\PMBVolumeWatcher.exe" [2010-03-24 599328]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-09-07 221256]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-14 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-09-18 503808]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Arrakis3;Acronis Arrakis Server;c:\program files\Common Files\Acronis Backup and Security\Acronis Backup and Security Arrakis Server\bin\arrakis3.exe [x]
R3 cpuz134;cpuz134;c:\users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Acronis Backup and Security\Acronis Backup and Security Firewall\bdfwfpf.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 BDVEDISK;BDVEDISK;c:\program files\Acronis Backup and Security\Acronis Backup and Security 2010\bdvedisk.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSSQL$DWINSTANCE01;SQL Server (DWINSTANCE01);c:\program files\SQL2005EXP\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\Kamera\PMBDeviceInfoProvider.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:39]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 19:07]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 19:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{03fee850-0101-4e9e-b6d4-6fc74d3db360} - (no file)
Toolbar-Locked - (no file)
Toolbar-{03fee850-0101-4e9e-b6d4-6fc74d3db360} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-02  18:53:57
ComboFix-quarantined-files.txt  2012-08-02 16:53
.
Vor Suchlauf: 15 Verzeichnis(se), 376.803.618.816 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 398.215.905.280 Bytes frei
.
- - End Of File - - 9043C099A4F1EA7829617AA286963D4A

--- --- ---

hat soweit ohne Probleme funktioniert.

markusg · 02.08.2012, 18:53

lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Hompen · 02.08.2012, 19:43

hier die Liste aus ccleaner:

Code:

ATTFilter

7-Zip 9.20		09.02.2011		nötig
Acronis Backup and Security 2010	Acronis Inc.	09.02.2011	117MB	13.0.18    nötig
Acronis*True*Image*Home	Acronis	09.02.2011	152MB	13.0.4019				nötig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	27.07.2012	6,00MB	11.3.300.268   nötig
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	12.04.2012	167MB	10.1.3  unbekannt
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	14.06.2012		11.6.5.635    nötig
Ask Toolbar	Ask.com	04.03.2012	3,77MB	1.14.1.0    unnötig
Ask Toolbar Updater	Ask.com	04.03.2012		1.2.0.20007   unnötig
CCleaner	Piriform	24.07.2012		3.21      nötig
DTM2009 4.0.1252.2	DTM2009	10.06.2011		            nötig
Google Chrome	Google Inc.	27.04.2011		21.0.1180.60   unnötig
Google Toolbar for Internet Explorer	Google Inc.	23.06.2012		7.3.2710.138   unnötig
Intel(R) TV Wizard	Intel Corporation	09.02.2011		unbekannt
Java(TM) 6 Update 31	Oracle	04.03.2012	95,1MB	6.0.310         nötig
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	01.08.2012	18,7MB	1.62.0.1300   ?unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	09.02.2011	38,8MB	4.0.30319      unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	09.02.2011	2,93MB	4.0.30319   unbekannt
Microsoft Office Professional Edition 2003	Microsoft Corporation	01.08.2012	227MB	11.0.8173.0   nötig
Microsoft Silverlight	Microsoft Corporation	01.08.2012	140MB	4.1.10329.0                           unbekannt
Microsoft SQL Server 2005	Microsoft Corporation	18.02.2011		                     unbekannt
Microsoft SQL Server Native Client	Microsoft Corporation	17.03.2011	2,60MB	9.00.5000.00          unbekannt
Microsoft SQL Server Setup Support Files (English)	Microsoft Corporation	17.03.2011	28,9MB	9.00.5000.00   unbekannt
Microsoft SQL Server VSS Writer	Microsoft Corporation	17.03.2011	679KB	9.00.5000.00 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	09.02.2011	252KB	8.0.50727.4053  unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	300KB	8.0.61001 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	09.02.2011	200KB	9.0.30729.4148  unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	03.06.2011	598KB	9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	09.02.2011	596KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	20.06.2012	224KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	600KB	9.0.30729.6161 unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	04.09.2011	35,0KB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	04.09.2011	1,33MB	4.20.9876.0 unbekannt
NVIDIA Display Control Panel	NVIDIA Corporation	09.02.2011		6.14.12.5919 unbekannt
NVIDIA Drivers	NVIDIA Corporation	09.02.2011	65,1MB	1.10.62.40 unbekannt
NVIDIA Grafiktreiber 275.33	NVIDIA Corporation	13.07.2011		275.33 unbekannt
NVIDIA Stereoscopic 3D Driver	NVIDIA Corporation	09.02.2011		7.17.12.5919 unbekannt
NVIDIA Update 1.3.5	NVIDIA Corporation	13.07.2011		1.3.5 unbekannt
PDF24 Creator 3.5.3	PDF24.org	14.09.2011	33,3MB	nötig
PMB	Sony Corporation	03.09.2011	260MB	5.2.00.03250   unbekannt
Profi cash		16.02.2011		nötig
RealoreStudios Toolbar		28.09.2011		unnötig/unbekannt
RealPlayer	RealNetworks	14.02.2012		nötig
Realtek Ethernet Controller Driver	Realtek	24.01.2011		7.34.1130.2010 unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	09.02.2011		6.0.1.6278  unbekannt
Roads of Rome 2	Realore Studios	28.09.2011		unnötig/unbekannt
Samsung SCX-4200 Series		17.02.2011		nötig
Samsung Universal Print Driver	Samsung Electronics Co., Ltd.	20.04.2012		2.03.01.00:36 nötig
Windows Live Essentials	Microsoft Corporation	24.01.2011		15.4.3508.1109 unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	24.01.2011	5,57MB	15.4.5722.2  unbekannt
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)	FTDI	17.02.2011		02/17/2009 2.04.16 unbekannt
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)	FTDI	17.02.2011		02/17/2009 2.04.16 unbekannt
WordToPDF 2.4	Mario Noack	14.09.2011		2.4  unnötig

markusg · 02.08.2012, 19:46

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Ask : alle
Google : beide
Java
Download der kostenlosen Java-Software
downloade java jre instalieren
deinstaliere:
RealoreStudios
Roads of
Windows Live : alle die, die du nicht nutzt
WordToPDF
öffne ccleaner, analysieren starten
öffne otl, cleanup, pc startet neu testen wie er läuft

Hompen · 02.08.2012, 21:26

Der Computer läuft jetzt wieder (denk ich mal)
Hatte nur ein kleiner Problem mit dem Acrobat Reader, der hat sich immer wieder aufgehängt, hab ihn jetzt erstmal deinstalliert.

Muss ich jetzt noch was anderes beachten?

update:
Es sind mir noch zwei sachen aufgefallen:
zum einen ist der Rechner jetzt deutlich langsamer (werd ich mit leben können, so es unbedenklich ist)
zum anderen hat Windows7 Probleme den SP1 zu installieren.

markusg · 08.08.2012, 18:30

hi
sorry für die wartezeit
öffne mal ccleaner, extras autostart liste, poste sie
welches problem gibts mit sp1?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Hompen · 08.08.2012, 20:41

keine Sache mit der Wartezeit.

So dann mal hier der autostart txt.

Code:

ATTFilter

Ja	HKLM:Run	ACAgent	Acronis Inc.	"C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\bdagent.exe"
Ja	HKLM:Run	Acronis Antiphishing Helper	Acronis Inc.	"C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\IEShow.exe"
Ja	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja	HKLM:Run	Malwarebytes' Anti-Malware	Malwarebytes Corporation	"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Ja	HKLM:Run	PDFPrint	Geek Software GmbH	C:\Program Files\PDF24\pdf24.exe
Ja	HKLM:Run	PMBVolumeWatcher	Sony Corporation	C:\Program Files\Sony\Kamera\PMBVolumeWatcher.exe
Ja	HKLM:Run	RtHDVCpl	Realtek Semiconductor	C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
Ja	HKLM:Run	Samsung PanelMgr		C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
Ja	HKLM:Run	SunJavaUpdateSched	Sun Microsystems, Inc.	"C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Ja	HKLM:Run	TkBellExe	RealNetworks, Inc.	"C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
Ja	HKLM:Run	TrueImageMonitor.exe	Acronis	C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

Bei dem Versuch den SP1 zu installieren erhalte ich den Fehler (in etwa, sorry habs nich vollständig behalten) 800706BC oder BD.

hab ebenfalls den tdsskiller laufen lassen, hier der Report, da ich keine Log datei gefunden habe:

Code:

ATTFilter

21:29:31.0048 5200	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:29:31.0859 5200	============================================================
21:29:31.0859 5200	Current date / time: 2012/08/08 21:29:31.0859
21:29:31.0859 5200	SystemInfo:
21:29:31.0859 5200	
21:29:31.0859 5200	OS Version: 6.1.7600 ServicePack: 0.0
21:29:31.0859 5200	Product type: Workstation
21:29:31.0859 5200	ComputerName: ****-PC
21:29:31.0859 5200	UserName: ****
21:29:31.0859 5200	Windows directory: C:\windows
21:29:31.0859 5200	System windows directory: C:\windows
21:29:31.0859 5200	Processor architecture: Intel x86
21:29:31.0859 5200	Number of processors: 2
21:29:31.0859 5200	Page size: 0x1000
21:29:31.0859 5200	Boot type: Normal boot
21:29:31.0859 5200	============================================================
21:29:33.0076 5200	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:29:33.0076 5200	============================================================
21:29:33.0076 5200	\Device\Harddisk0\DR0:
21:29:33.0076 5200	MBR partitions:
21:29:33.0076 5200	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38C93800
21:29:33.0076 5200	============================================================
21:29:33.0107 5200	C: <-> \Device\Harddisk0\DR0\Partition0
21:29:33.0107 5200	============================================================
21:29:33.0107 5200	Initialize success
21:29:33.0107 5200	============================================================
21:30:01.0394 1304	============================================================
21:30:01.0394 1304	Scan started
21:30:01.0394 1304	Mode: Manual; SigCheck; TDLFS; 
21:30:01.0394 1304	============================================================
21:30:02.0705 1304	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
21:30:02.0830 1304	1394ohci - ok
21:30:02.0845 1304	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
21:30:02.0876 1304	ACPI - ok
21:30:02.0892 1304	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
21:30:02.0923 1304	AcpiPmi - ok
21:30:03.0032 1304	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:30:03.0048 1304	AdobeARMservice - ok
21:30:03.0126 1304	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:30:03.0188 1304	AdobeFlashPlayerUpdateSvc - ok
21:30:03.0235 1304	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:30:03.0266 1304	adp94xx - ok
21:30:03.0298 1304	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:30:03.0329 1304	adpahci - ok
21:30:03.0344 1304	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:30:03.0360 1304	adpu320 - ok
21:30:03.0391 1304	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:30:03.0438 1304	AeLookupSvc - ok
21:30:03.0485 1304	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
21:30:03.0610 1304	AFD - ok
21:30:03.0625 1304	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
21:30:03.0641 1304	agp440 - ok
21:30:03.0656 1304	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:30:03.0672 1304	aic78xx - ok
21:30:03.0703 1304	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:30:03.0828 1304	ALG - ok
21:30:03.0844 1304	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
21:30:03.0859 1304	aliide - ok
21:30:03.0875 1304	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
21:30:03.0890 1304	amdagp - ok
21:30:03.0890 1304	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
21:30:03.0906 1304	amdide - ok
21:30:03.0922 1304	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:30:03.0953 1304	AmdK8 - ok
21:30:03.0968 1304	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:30:04.0000 1304	AmdPPM - ok
21:30:04.0031 1304	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
21:30:04.0046 1304	amdsata - ok
21:30:04.0078 1304	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:30:04.0093 1304	amdsbs - ok
21:30:04.0109 1304	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
21:30:04.0109 1304	amdxata - ok
21:30:04.0156 1304	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
21:30:04.0218 1304	AppID - ok
21:30:04.0249 1304	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:30:04.0296 1304	AppIDSvc - ok
21:30:04.0312 1304	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
21:30:04.0343 1304	Appinfo - ok
21:30:04.0374 1304	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
21:30:04.0421 1304	AppMgmt - ok
21:30:04.0468 1304	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:30:04.0483 1304	arc - ok
21:30:04.0499 1304	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:30:04.0514 1304	arcsas - ok
21:30:04.0639 1304	Arrakis3        (d101ca5b2cabbeb27c2a4c21e142ec09) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Arrakis Server\bin\arrakis3.exe
21:30:04.0702 1304	Arrakis3 - ok
21:30:04.0748 1304	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:30:04.0811 1304	AsyncMac - ok
21:30:04.0826 1304	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
21:30:04.0889 1304	atapi - ok
21:30:04.0951 1304	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
21:30:05.0014 1304	AudioEndpointBuilder - ok
21:30:05.0029 1304	Audiosrv        (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
21:30:05.0045 1304	Audiosrv - ok
21:30:05.0076 1304	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
21:30:05.0107 1304	AxInstSV - ok
21:30:05.0154 1304	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:30:05.0185 1304	b06bdrv - ok
21:30:05.0232 1304	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:30:05.0294 1304	b57nd60x - ok
21:30:05.0326 1304	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:30:05.0357 1304	BDESVC - ok
21:30:05.0435 1304	BDFM            (d1c3c6584df5dcd010915a4336294007) C:\windows\system32\DRIVERS\bdfm.sys
21:30:05.0466 1304	BDFM - ok
21:30:05.0528 1304	bdfsfltr        (9b281f5f673cbc5b9ec886d59e0b4f26) C:\windows\system32\DRIVERS\bdfsfltr.sys
21:30:05.0544 1304	bdfsfltr - ok
21:30:05.0638 1304	bdfwfpf         (3c1083ae136fc08cf5f62cf3cfce70a5) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Firewall\bdfwfpf.sys
21:30:05.0669 1304	bdfwfpf - ok
21:30:05.0747 1304	BDSelfPr        (258afc867f3f4eaaf442c7f0f0060fc4) C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\bdselfpr.sys
21:30:05.0794 1304	BDSelfPr ( UnsignedFile.Multi.Generic ) - warning
21:30:05.0794 1304	BDSelfPr - detected UnsignedFile.Multi.Generic (1)
21:30:05.0809 1304	BDVEDISK        (33392317fe8ab70b46c013d8af8fe119) C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\bdvedisk.sys
21:30:05.0825 1304	BDVEDISK - ok
21:30:05.0856 1304	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:30:05.0903 1304	Beep - ok
21:30:05.0950 1304	BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
21:30:06.0012 1304	BFE - ok
21:30:06.0059 1304	BITS            (53f476476f55a27f580661bde09c4ec4) C:\windows\system32\qmgr.dll
21:30:06.0106 1304	BITS - ok
21:30:06.0137 1304	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:30:06.0215 1304	blbdrive - ok
21:30:06.0230 1304	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
21:30:06.0262 1304	bowser - ok
21:30:06.0277 1304	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:30:06.0308 1304	BrFiltLo - ok
21:30:06.0324 1304	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:30:06.0340 1304	BrFiltUp - ok
21:30:06.0402 1304	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
21:30:06.0464 1304	BridgeMP - ok
21:30:06.0496 1304	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
21:30:06.0527 1304	Browser - ok
21:30:06.0558 1304	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:30:06.0589 1304	Brserid - ok
21:30:06.0605 1304	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:30:06.0620 1304	BrSerWdm - ok
21:30:06.0636 1304	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:30:06.0652 1304	BrUsbMdm - ok
21:30:06.0652 1304	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:30:06.0667 1304	BrUsbSer - ok
21:30:06.0667 1304	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:30:06.0698 1304	BTHMODEM - ok
21:30:06.0730 1304	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:30:06.0761 1304	bthserv - ok
21:30:06.0792 1304	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:30:06.0854 1304	cdfs - ok
21:30:06.0886 1304	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
21:30:06.0995 1304	cdrom - ok
21:30:07.0042 1304	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
21:30:07.0088 1304	CertPropSvc - ok
21:30:07.0120 1304	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:30:07.0151 1304	circlass - ok
21:30:07.0166 1304	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:30:07.0198 1304	CLFS - ok
21:30:07.0260 1304	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:07.0338 1304	clr_optimization_v2.0.50727_32 - ok
21:30:07.0400 1304	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:07.0432 1304	clr_optimization_v4.0.30319_32 - ok
21:30:07.0463 1304	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:30:07.0494 1304	CmBatt - ok
21:30:07.0510 1304	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
21:30:07.0525 1304	cmdide - ok
21:30:07.0572 1304	CNG             (db5e008b3744dd60c8498cbbf2a1cfa6) C:\windows\system32\Drivers\cng.sys
21:30:07.0650 1304	CNG - ok
21:30:07.0666 1304	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:30:07.0681 1304	Compbatt - ok
21:30:07.0712 1304	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
21:30:07.0728 1304	CompositeBus - ok
21:30:07.0744 1304	COMSysApp - ok
21:30:07.0775 1304	cpuz134 - ok
21:30:07.0806 1304	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:30:07.0822 1304	crcdisk - ok
21:30:07.0853 1304	CryptSvc        (520a108a2657f4bca7fced9ca7d885de) C:\windows\system32\cryptsvc.dll
21:30:07.0868 1304	CryptSvc - ok
21:30:07.0915 1304	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
21:30:08.0056 1304	CSC - ok
21:30:08.0087 1304	CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\windows\System32\cscsvc.dll
21:30:08.0134 1304	CscService - ok
21:30:08.0165 1304	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
21:30:08.0212 1304	DcomLaunch - ok
21:30:08.0243 1304	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:30:08.0305 1304	defragsvc - ok
21:30:08.0368 1304	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
21:30:08.0461 1304	DfsC - ok
21:30:08.0524 1304	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\windows\system32\Drivers\DgiVecp.sys
21:30:08.0555 1304	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
21:30:08.0555 1304	DgiVecp - detected UnsignedFile.Multi.Generic (1)
21:30:08.0602 1304	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
21:30:08.0649 1304	Dhcp - ok
21:30:08.0664 1304	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:30:08.0711 1304	discache - ok
21:30:08.0742 1304	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:30:08.0758 1304	Disk - ok
21:30:08.0789 1304	Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
21:30:08.0805 1304	Dnscache - ok
21:30:08.0820 1304	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
21:30:08.0867 1304	dot3svc - ok
21:30:08.0898 1304	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
21:30:08.0945 1304	DPS - ok
21:30:08.0976 1304	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:30:09.0007 1304	drmkaud - ok
21:30:09.0054 1304	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
21:30:09.0101 1304	DXGKrnl - ok
21:30:09.0117 1304	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:30:09.0163 1304	EapHost - ok
21:30:09.0304 1304	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:30:09.0413 1304	ebdrv - ok
21:30:09.0491 1304	EFS             (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
21:30:09.0522 1304	EFS - ok
21:30:09.0585 1304	ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\windows\ehome\ehRecvr.exe
21:30:09.0647 1304	ehRecvr - ok
21:30:09.0678 1304	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:30:09.0772 1304	ehSched - ok
21:30:09.0834 1304	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:30:09.0881 1304	elxstor - ok
21:30:09.0897 1304	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
21:30:09.0928 1304	ErrDev - ok
21:30:09.0959 1304	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:30:09.0990 1304	EventSystem - ok
21:30:10.0021 1304	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:30:10.0053 1304	exfat - ok
21:30:10.0084 1304	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:30:10.0146 1304	fastfat - ok
21:30:10.0193 1304	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
21:30:10.0240 1304	Fax - ok
21:30:10.0271 1304	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:30:10.0302 1304	fdc - ok
21:30:10.0333 1304	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:30:10.0380 1304	fdPHost - ok
21:30:10.0396 1304	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:30:10.0505 1304	FDResPub - ok
21:30:10.0536 1304	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:30:10.0552 1304	FileInfo - ok
21:30:10.0567 1304	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:30:10.0583 1304	Filetrace - ok
21:30:10.0614 1304	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:30:10.0677 1304	flpydisk - ok
21:30:10.0723 1304	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:30:10.0739 1304	FltMgr - ok
21:30:10.0801 1304	FontCache       (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
21:30:10.0864 1304	FontCache - ok
21:30:10.0926 1304	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:30:10.0957 1304	FontCache3.0.0.0 - ok
21:30:10.0973 1304	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:30:11.0004 1304	FsDepends - ok
21:30:11.0020 1304	Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
21:30:11.0035 1304	Fs_Rec - ok
21:30:11.0082 1304	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
21:30:11.0129 1304	fvevol - ok
21:30:11.0160 1304	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:30:11.0176 1304	gagp30kx - ok
21:30:11.0207 1304	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
21:30:11.0269 1304	gpsvc - ok
21:30:11.0316 1304	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:30:11.0363 1304	hcw85cir - ok
21:30:11.0394 1304	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
21:30:11.0457 1304	HdAudAddService - ok
21:30:11.0488 1304	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
21:30:11.0503 1304	HDAudBus - ok
21:30:11.0519 1304	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:30:11.0550 1304	HidBatt - ok
21:30:11.0581 1304	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:30:11.0613 1304	HidBth - ok
21:30:11.0644 1304	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:30:11.0691 1304	HidIr - ok
21:30:11.0722 1304	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
21:30:11.0784 1304	hidserv - ok
21:30:11.0800 1304	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
21:30:11.0862 1304	HidUsb - ok
21:30:11.0878 1304	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
21:30:11.0925 1304	hkmsvc - ok
21:30:11.0940 1304	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
21:30:11.0971 1304	HomeGroupListener - ok
21:30:12.0003 1304	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
21:30:12.0049 1304	HomeGroupProvider - ok
21:30:12.0081 1304	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
21:30:12.0127 1304	HpSAMD - ok
21:30:12.0174 1304	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
21:30:12.0252 1304	HTTP - ok
21:30:12.0268 1304	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
21:30:12.0283 1304	hwpolicy - ok
21:30:12.0361 1304	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
21:30:12.0408 1304	i8042prt - ok
21:30:12.0455 1304	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
21:30:12.0486 1304	iaStorV - ok
21:30:12.0580 1304	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:30:12.0736 1304	idsvc - ok
21:30:12.0970 1304	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
21:30:13.0095 1304	igfx - ok
21:30:13.0219 1304	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:30:13.0251 1304	iirsp - ok
21:30:13.0313 1304	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
21:30:13.0391 1304	IKEEXT - ok
21:30:13.0547 1304	IntcAzAudAddService (b44c0357d1fc7c9e4c0b0983a9e96ff9) C:\windows\system32\drivers\RTKVHDA.sys
21:30:13.0672 1304	IntcAzAudAddService - ok
21:30:13.0765 1304	IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys
21:30:13.0812 1304	IntcHdmiAddService - ok
21:30:13.0843 1304	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
21:30:13.0875 1304	intelide - ok
21:30:13.0906 1304	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:30:13.0937 1304	intelppm - ok
21:30:13.0968 1304	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:30:13.0999 1304	IPBusEnum - ok
21:30:14.0015 1304	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:30:14.0062 1304	IpFilterDriver - ok
21:30:14.0093 1304	iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
21:30:14.0140 1304	iphlpsvc - ok
21:30:14.0155 1304	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
21:30:14.0171 1304	IPMIDRV - ok
21:30:14.0187 1304	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:30:14.0202 1304	IPNAT - ok
21:30:14.0233 1304	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:30:14.0265 1304	IRENUM - ok
21:30:14.0280 1304	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
21:30:14.0296 1304	isapnp - ok
21:30:14.0327 1304	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
21:30:14.0358 1304	iScsiPrt - ok
21:30:14.0389 1304	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
21:30:14.0421 1304	kbdclass - ok
21:30:14.0436 1304	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
21:30:14.0467 1304	kbdhid - ok
21:30:14.0499 1304	KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:30:14.0499 1304	KeyIso - ok
21:30:14.0530 1304	KSecDD          (52fc17c8589f11747d01d3cf592673d0) C:\windows\system32\Drivers\ksecdd.sys
21:30:14.0545 1304	KSecDD - ok
21:30:14.0577 1304	KSecPkg         (3e5474b03568cfab834da3c38e8c9efa) C:\windows\system32\Drivers\ksecpkg.sys
21:30:14.0592 1304	KSecPkg - ok
21:30:14.0639 1304	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:30:14.0686 1304	KtmRm - ok
21:30:14.0733 1304	LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\windows\System32\srvsvc.dll
21:30:14.0764 1304	LanmanServer - ok
21:30:14.0795 1304	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
21:30:14.0826 1304	LanmanWorkstation - ok
21:30:14.0982 1304	LIVESRV         (84b4faaff83cc69954c4ef2959b35b18) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Update Service\livesrv.exe
21:30:15.0029 1304	LIVESRV - ok
21:30:15.0060 1304	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:30:15.0091 1304	lltdio - ok
21:30:15.0123 1304	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:30:15.0216 1304	lltdsvc - ok
21:30:15.0232 1304	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:30:15.0279 1304	lmhosts - ok
21:30:15.0310 1304	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:30:15.0325 1304	LSI_FC - ok
21:30:15.0357 1304	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:30:15.0372 1304	LSI_SAS - ok
21:30:15.0372 1304	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:30:15.0388 1304	LSI_SAS2 - ok
21:30:15.0403 1304	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:30:15.0419 1304	LSI_SCSI - ok
21:30:15.0466 1304	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:30:15.0513 1304	luafv - ok
21:30:15.0559 1304	MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys
21:30:15.0606 1304	MBAMProtector - ok
21:30:15.0684 1304	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:30:15.0731 1304	MBAMService - ok
21:30:15.0762 1304	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
21:30:15.0793 1304	Mcx2Svc - ok
21:30:15.0825 1304	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:30:15.0840 1304	megasas - ok
21:30:15.0903 1304	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:30:15.0934 1304	MegaSR - ok
21:30:15.0949 1304	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:30:15.0996 1304	MMCSS - ok
21:30:16.0012 1304	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:30:16.0043 1304	Modem - ok
21:30:16.0074 1304	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:30:16.0121 1304	monitor - ok
21:30:16.0152 1304	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
21:30:16.0215 1304	mouclass - ok
21:30:16.0215 1304	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:30:16.0261 1304	mouhid - ok
21:30:16.0277 1304	mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
21:30:16.0293 1304	mountmgr - ok
21:30:16.0324 1304	mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
21:30:16.0355 1304	mpio - ok
21:30:16.0371 1304	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:30:16.0417 1304	mpsdrv - ok
21:30:16.0464 1304	MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
21:30:16.0527 1304	MpsSvc - ok
21:30:16.0542 1304	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
21:30:16.0605 1304	MRxDAV - ok
21:30:16.0636 1304	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
21:30:16.0667 1304	mrxsmb - ok
21:30:16.0698 1304	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:30:16.0729 1304	mrxsmb10 - ok
21:30:16.0745 1304	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:30:16.0761 1304	mrxsmb20 - ok
21:30:16.0776 1304	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
21:30:16.0792 1304	msahci - ok
21:30:16.0807 1304	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
21:30:16.0823 1304	msdsm - ok
21:30:16.0854 1304	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:30:16.0932 1304	MSDTC - ok
21:30:16.0979 1304	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:30:17.0026 1304	Msfs - ok
21:30:17.0041 1304	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:30:17.0088 1304	mshidkmdf - ok
21:30:17.0104 1304	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
21:30:17.0119 1304	msisadrv - ok
21:30:17.0166 1304	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:30:17.0229 1304	MSiSCSI - ok
21:30:17.0229 1304	msiserver - ok
21:30:17.0260 1304	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:30:17.0322 1304	MSKSSRV - ok
21:30:17.0353 1304	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:30:17.0400 1304	MSPCLOCK - ok
21:30:17.0400 1304	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:30:17.0431 1304	MSPQM - ok
21:30:17.0447 1304	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:30:17.0478 1304	MsRPC - ok
21:30:17.0478 1304	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
21:30:17.0494 1304	mssmbios - ok
21:30:17.0572 1304	MSSQL$DWINSTANCE01 - ok
21:30:17.0619 1304	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:30:17.0665 1304	MSSQLServerADHelper - ok
21:30:17.0712 1304	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:30:17.0743 1304	MSTEE - ok
21:30:17.0759 1304	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:30:17.0790 1304	MTConfig - ok
21:30:17.0806 1304	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:30:17.0821 1304	Mup - ok
21:30:17.0853 1304	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
21:30:17.0884 1304	napagent - ok
21:30:17.0915 1304	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:30:17.0962 1304	NativeWifiP - ok
21:30:18.0009 1304	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
21:30:18.0055 1304	NDIS - ok
21:30:18.0071 1304	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:30:18.0118 1304	NdisCap - ok
21:30:18.0133 1304	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:30:18.0180 1304	NdisTapi - ok
21:30:18.0211 1304	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
21:30:18.0243 1304	Ndisuio - ok
21:30:18.0258 1304	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
21:30:18.0289 1304	NdisWan - ok
21:30:18.0289 1304	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
21:30:18.0321 1304	NDProxy - ok
21:30:18.0336 1304	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:30:18.0367 1304	NetBIOS - ok
21:30:18.0399 1304	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
21:30:18.0555 1304	NetBT - ok
21:30:18.0570 1304	Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:30:18.0586 1304	Netlogon - ok
21:30:18.0664 1304	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:30:18.0757 1304	Netman - ok
21:30:18.0773 1304	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:30:18.0820 1304	netprofm - ok
21:30:18.0882 1304	NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:30:18.0913 1304	NetTcpPortSharing - ok
21:30:18.0960 1304	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:30:18.0991 1304	nfrd960 - ok
21:30:19.0023 1304	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
21:30:19.0038 1304	NlaSvc - ok
21:30:19.0054 1304	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:30:19.0085 1304	Npfs - ok
21:30:19.0101 1304	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:30:19.0132 1304	nsi - ok
21:30:19.0132 1304	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:30:19.0179 1304	nsiproxy - ok
21:30:19.0257 1304	Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
21:30:19.0335 1304	Ntfs - ok
21:30:19.0428 1304	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:30:19.0475 1304	Null - ok
21:30:19.0522 1304	NVHDA           (b4f70fac4ea61cf150823aa063a39ff9) C:\windows\system32\drivers\nvhda32v.sys
21:30:19.0537 1304	NVHDA - ok
21:30:19.0881 1304	nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\windows\system32\DRIVERS\nvlddmkm.sys
21:30:20.0177 1304	nvlddmkm - ok
21:30:20.0302 1304	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
21:30:20.0333 1304	nvraid - ok
21:30:20.0364 1304	nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
21:30:20.0380 1304	nvstor - ok
21:30:20.0458 1304	nvsvc           (7c732aff202dcd06c3d262966d71604c) C:\windows\system32\nvvsvc.exe
21:30:20.0567 1304	nvsvc - ok
21:30:20.0739 1304	nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:30:20.0832 1304	nvUpdatusService - ok
21:30:20.0941 1304	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
21:30:20.0988 1304	nv_agp - ok
21:30:21.0004 1304	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
21:30:21.0019 1304	ohci1394 - ok
21:30:21.0113 1304	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:21.0191 1304	ose - ok
21:30:21.0238 1304	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:30:21.0269 1304	p2pimsvc - ok
21:30:21.0316 1304	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:30:21.0331 1304	p2psvc - ok
21:30:21.0363 1304	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:30:21.0394 1304	Parport - ok
21:30:21.0409 1304	partmgr         (66d3415c159741ade7038a277efff99f) C:\windows\system32\drivers\partmgr.sys
21:30:21.0425 1304	partmgr - ok
21:30:21.0441 1304	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:30:21.0456 1304	Parvdm - ok
21:30:21.0472 1304	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:30:21.0503 1304	PcaSvc - ok
21:30:21.0519 1304	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
21:30:21.0550 1304	pci - ok
21:30:21.0581 1304	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
21:30:21.0597 1304	pciide - ok
21:30:21.0612 1304	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:30:21.0628 1304	pcmcia - ok
21:30:21.0643 1304	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:30:21.0659 1304	pcw - ok
21:30:21.0706 1304	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:30:21.0784 1304	PEAUTH - ok
21:30:21.0846 1304	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
21:30:21.0909 1304	PeerDistSvc - ok
21:30:21.0987 1304	pla             (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
21:30:22.0080 1304	pla - ok
21:30:22.0189 1304	PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
21:30:22.0252 1304	PlugPlay - ok
21:30:22.0377 1304	PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\Kamera\PMBDeviceInfoProvider.exe
21:30:22.0423 1304	PMBDeviceInfoProvider - ok
21:30:22.0455 1304	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:30:22.0486 1304	PNRPAutoReg - ok
21:30:22.0501 1304	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:30:22.0517 1304	PNRPsvc - ok
21:30:22.0548 1304	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
21:30:22.0611 1304	PolicyAgent - ok
21:30:22.0626 1304	Power           (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
21:30:22.0657 1304	Power - ok
21:30:22.0704 1304	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:30:22.0751 1304	PptpMiniport - ok
21:30:22.0782 1304	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:30:22.0813 1304	Processor - ok
21:30:22.0907 1304	Profos          (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\profos.sys
21:30:22.0954 1304	Profos ( UnsignedFile.Multi.Generic ) - warning
21:30:22.0954 1304	Profos - detected UnsignedFile.Multi.Generic (1)
21:30:22.0985 1304	ProfSvc         (aea3bdbdba667aa6f678cb38907e4f5e) C:\windows\system32\profsvc.dll
21:30:23.0032 1304	ProfSvc - ok
21:30:23.0047 1304	ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:30:23.0063 1304	ProtectedStorage - ok
21:30:23.0094 1304	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:30:23.0141 1304	Psched - ok
21:30:23.0219 1304	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:30:23.0266 1304	ql2300 - ok
21:30:23.0375 1304	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:30:23.0406 1304	ql40xx - ok
21:30:23.0437 1304	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:30:23.0484 1304	QWAVE - ok
21:30:23.0515 1304	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:30:23.0547 1304	QWAVEdrv - ok
21:30:23.0547 1304	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:30:23.0578 1304	RasAcd - ok
21:30:23.0609 1304	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:30:23.0687 1304	RasAgileVpn - ok
21:30:23.0718 1304	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:30:23.0749 1304	RasAuto - ok
21:30:23.0749 1304	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:30:23.0796 1304	Rasl2tp - ok
21:30:23.0843 1304	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
21:30:23.0905 1304	RasMan - ok
21:30:23.0937 1304	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:30:23.0983 1304	RasPppoe - ok
21:30:23.0999 1304	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:30:24.0030 1304	RasSstp - ok
21:30:24.0061 1304	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
21:30:24.0108 1304	rdbss - ok
21:30:24.0139 1304	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:30:24.0155 1304	rdpbus - ok
21:30:24.0171 1304	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
21:30:24.0186 1304	RDPCDD - ok
21:30:24.0233 1304	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
21:30:24.0264 1304	RDPDR - ok
21:30:24.0280 1304	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:30:24.0311 1304	RDPENCDD - ok
21:30:24.0327 1304	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:30:24.0358 1304	RDPREFMP - ok
21:30:24.0389 1304	RDPWD           (c5b8d47a4688de9d335204ea757c2240) C:\windows\system32\drivers\RDPWD.sys
21:30:24.0420 1304	RDPWD - ok
21:30:24.0451 1304	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
21:30:24.0467 1304	rdyboost - ok
21:30:24.0498 1304	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:30:24.0529 1304	RemoteAccess - ok
21:30:24.0561 1304	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:30:24.0592 1304	RemoteRegistry - ok
21:30:24.0607 1304	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:30:24.0670 1304	RpcEptMapper - ok
21:30:24.0701 1304	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:30:24.0717 1304	RpcLocator - ok
21:30:24.0732 1304	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
21:30:24.0763 1304	RpcSs - ok
21:30:24.0795 1304	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:30:24.0873 1304	rspndr - ok
21:30:24.0919 1304	RTL8167         (60647bfa2fef7f6d6fbbaf661312f2ce) C:\windows\system32\DRIVERS\Rt86win7.sys
21:30:24.0951 1304	RTL8167 - ok
21:30:24.0966 1304	s3cap           (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
21:30:24.0997 1304	s3cap - ok
21:30:25.0013 1304	SamSs           (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:30:25.0029 1304	SamSs - ok
21:30:25.0075 1304	Samsung UPD Service2 (2a54eff79b03a8c2389f2bb0f2264f1e) C:\windows\System32\SUPDSvc2.exe
21:30:25.0107 1304	Samsung UPD Service2 - ok
21:30:25.0138 1304	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
21:30:25.0153 1304	sbp2port - ok
21:30:25.0278 1304	scan            (a2c93f04bef9bdd44353aa1a945696ac) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\scan.dll
21:30:25.0341 1304	scan ( UnsignedFile.Multi.Generic ) - warning
21:30:25.0341 1304	scan - detected UnsignedFile.Multi.Generic (1)
21:30:25.0372 1304	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:30:25.0403 1304	SCardSvr - ok
21:30:25.0419 1304	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
21:30:25.0450 1304	scfilter - ok
21:30:25.0497 1304	Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
21:30:25.0543 1304	Schedule - ok
21:30:25.0575 1304	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
21:30:25.0590 1304	SCPolicySvc - ok
21:30:25.0590 1304	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
21:30:25.0621 1304	SDRSVC - ok
21:30:25.0653 1304	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:30:25.0715 1304	secdrv - ok
21:30:25.0715 1304	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:30:25.0762 1304	seclogon - ok
21:30:25.0777 1304	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
21:30:25.0824 1304	SENS - ok
21:30:25.0855 1304	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:30:25.0871 1304	SensrSvc - ok
21:30:25.0902 1304	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:30:25.0933 1304	Serenum - ok
21:30:25.0965 1304	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:30:26.0027 1304	Serial - ok
21:30:26.0074 1304	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:30:26.0105 1304	sermouse - ok
21:30:26.0136 1304	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
21:30:26.0167 1304	SessionEnv - ok
21:30:26.0199 1304	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
21:30:26.0214 1304	sffdisk - ok
21:30:26.0214 1304	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
21:30:26.0245 1304	sffp_mmc - ok
21:30:26.0245 1304	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
21:30:26.0261 1304	sffp_sd - ok
21:30:26.0261 1304	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:30:26.0277 1304	sfloppy - ok
21:30:26.0323 1304	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:30:26.0370 1304	SharedAccess - ok
21:30:26.0401 1304	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
21:30:26.0448 1304	ShellHWDetection - ok
21:30:26.0479 1304	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
21:30:26.0495 1304	sisagp - ok
21:30:26.0526 1304	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:30:26.0542 1304	SiSRaid2 - ok
21:30:26.0557 1304	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:30:26.0573 1304	SiSRaid4 - ok
21:30:26.0604 1304	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:30:26.0651 1304	Smb - ok
21:30:26.0698 1304	snapman         (8d16aa2fb47821365606677baae5238e) C:\windows\system32\DRIVERS\snapman.sys
21:30:26.0729 1304	snapman - ok
21:30:26.0760 1304	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:30:26.0776 1304	SNMPTRAP - ok
21:30:26.0776 1304	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:30:26.0791 1304	spldr - ok
21:30:26.0838 1304	Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
21:30:26.0947 1304	Spooler - ok
21:30:27.0088 1304	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
21:30:27.0181 1304	sppsvc - ok
21:30:27.0259 1304	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
21:30:27.0337 1304	sppuinotify - ok
21:30:27.0415 1304	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:30:27.0462 1304	SQLBrowser - ok
21:30:27.0493 1304	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:30:27.0525 1304	SQLWriter - ok
21:30:27.0571 1304	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
21:30:27.0634 1304	srv - ok
21:30:27.0665 1304	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
21:30:27.0696 1304	srv2 - ok
21:30:27.0712 1304	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
21:30:27.0759 1304	srvnet - ok
21:30:27.0790 1304	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:30:27.0821 1304	SSDPSRV - ok
21:30:27.0852 1304	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:30:27.0883 1304	SstpSvc - ok
21:30:27.0961 1304	Stereo Service  (fb8fcf538184a28f674fea9521d7a6bb) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:30:28.0102 1304	Stereo Service - ok
21:30:28.0117 1304	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:30:28.0133 1304	stexstor - ok
21:30:28.0164 1304	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
21:30:28.0273 1304	StiSvc - ok
21:30:28.0305 1304	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
21:30:28.0320 1304	storflt - ok
21:30:28.0336 1304	StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\windows\system32\storsvc.dll
21:30:28.0367 1304	StorSvc - ok
21:30:28.0398 1304	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
21:30:28.0414 1304	storvsc - ok
21:30:28.0429 1304	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
21:30:28.0445 1304	swenum - ok
21:30:28.0461 1304	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:30:28.0585 1304	swprv - ok
21:30:28.0648 1304	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
21:30:28.0679 1304	SysMain - ok
21:30:28.0695 1304	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
21:30:28.0726 1304	TabletInputService - ok
21:30:28.0741 1304	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
21:30:28.0866 1304	TapiSrv - ok
21:30:28.0897 1304	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:30:28.0944 1304	TBS - ok
21:30:29.0053 1304	Tcpip           (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\drivers\tcpip.sys
21:30:29.0116 1304	Tcpip - ok
21:30:29.0256 1304	TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\DRIVERS\tcpip.sys
21:30:29.0287 1304	TCPIP6 - ok
21:30:29.0365 1304	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
21:30:29.0428 1304	tcpipreg - ok
21:30:29.0443 1304	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
21:30:29.0459 1304	TDPIPE - ok
21:30:29.0490 1304	TDTCP           (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
21:30:29.0506 1304	TDTCP - ok
21:30:29.0521 1304	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
21:30:29.0631 1304	tdx - ok
21:30:29.0646 1304	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
21:30:29.0740 1304	TermDD - ok
21:30:29.0787 1304	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
21:30:29.0818 1304	TermService - ok
21:30:29.0833 1304	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:30:29.0849 1304	Themes - ok
21:30:29.0865 1304	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:30:29.0896 1304	THREADORDER - ok
21:30:29.0943 1304	timounter       (3e06987fedbcdfbff8e85ef8108565f9) C:\windows\system32\DRIVERS\timntr.sys
21:30:29.0974 1304	timounter - ok
21:30:29.0989 1304	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:30:30.0036 1304	TrkWks - ok
21:30:30.0130 1304	Trufos          (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\trufos.sys
21:30:30.0177 1304	Trufos ( UnsignedFile.Multi.Generic ) - warning
21:30:30.0177 1304	Trufos - detected UnsignedFile.Multi.Generic (1)
21:30:30.0223 1304	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
21:30:30.0255 1304	TrustedInstaller - ok
21:30:30.0286 1304	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
21:30:30.0317 1304	tssecsrv - ok
21:30:30.0348 1304	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
21:30:30.0395 1304	tunnel - ok
21:30:30.0411 1304	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:30:30.0426 1304	uagp35 - ok
21:30:30.0442 1304	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
21:30:30.0489 1304	udfs - ok
21:30:30.0520 1304	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:30:30.0645 1304	UI0Detect - ok
21:30:30.0707 1304	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
21:30:30.0738 1304	uliagpkx - ok
21:30:30.0785 1304	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
21:30:30.0847 1304	umbus - ok
21:30:30.0879 1304	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:30:30.0910 1304	UmPass - ok
21:30:30.0941 1304	UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\windows\System32\umrdp.dll
21:30:30.0957 1304	UmRdpService - ok
21:30:31.0003 1304	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:30:31.0050 1304	upnphost - ok
21:30:31.0081 1304	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
21:30:31.0097 1304	usbccgp - ok
21:30:31.0113 1304	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
21:30:31.0128 1304	usbcir - ok
21:30:31.0144 1304	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\drivers\usbehci.sys
21:30:31.0175 1304	usbehci - ok
21:30:31.0222 1304	usbhub          (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
21:30:31.0300 1304	usbhub - ok
21:30:31.0315 1304	usbohci         (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
21:30:31.0347 1304	usbohci - ok
21:30:31.0378 1304	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:30:31.0393 1304	usbprint - ok
21:30:31.0425 1304	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
21:30:31.0456 1304	usbscan - ok
21:30:31.0487 1304	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:30:31.0534 1304	USBSTOR - ok
21:30:31.0549 1304	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
21:30:31.0565 1304	usbuhci - ok
21:30:31.0596 1304	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:30:31.0627 1304	UxSms - ok
21:30:31.0659 1304	VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:30:31.0659 1304	VaultSvc - ok
21:30:31.0705 1304	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
21:30:31.0721 1304	vdrvroot - ok
21:30:31.0768 1304	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
21:30:31.0799 1304	vds - ok
21:30:31.0830 1304	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:30:31.0861 1304	vga - ok
21:30:31.0877 1304	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:30:31.0908 1304	VgaSave - ok
21:30:31.0924 1304	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
21:30:31.0955 1304	vhdmp - ok
21:30:31.0986 1304	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
21:30:32.0017 1304	viaagp - ok
21:30:32.0017 1304	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:30:32.0049 1304	ViaC7 - ok
21:30:32.0080 1304	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
21:30:32.0095 1304	viaide - ok
21:30:32.0111 1304	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
21:30:32.0127 1304	vmbus - ok
21:30:32.0127 1304	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
21:30:32.0142 1304	VMBusHID - ok
21:30:32.0158 1304	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
21:30:32.0173 1304	volmgr - ok
21:30:32.0205 1304	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:30:32.0220 1304	volmgrx - ok
21:30:32.0236 1304	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
21:30:32.0251 1304	volsnap - ok
21:30:32.0267 1304	vpcbus          (33e74df34753fcaab06f6f2bdc8cabf5) C:\windows\system32\DRIVERS\vpchbus.sys
21:30:32.0314 1304	vpcbus - ok
21:30:32.0361 1304	vpcnfltr        (5f04362ceb5fb5901037e9d9eadd3760) C:\windows\system32\DRIVERS\vpcnfltr.sys
21:30:32.0407 1304	vpcnfltr - ok
21:30:32.0454 1304	vpcusb          (625088d6ee9ede977fd03cf18d1cd5c5) C:\windows\system32\DRIVERS\vpcusb.sys
21:30:32.0485 1304	vpcusb - ok
21:30:32.0517 1304	vpcvmm          (1023c696d42268e9071bb376dbec8396) C:\windows\system32\drivers\vpcvmm.sys
21:30:32.0532 1304	vpcvmm - ok
21:30:32.0563 1304	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:30:32.0595 1304	vsmraid - ok
21:30:32.0657 1304	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
21:30:32.0751 1304	VSS - ok
21:30:32.0922 1304	VSSERV          (49b1e718b6c05407a1e465a75a979a3a) C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\vsserv.exe
21:30:33.0000 1304	VSSERV - ok
21:30:33.0094 1304	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys
21:30:33.0156 1304	vwifibus - ok
21:30:33.0187 1304	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:30:33.0234 1304	W32Time - ok
21:30:33.0265 1304	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:30:33.0281 1304	WacomPen - ok
21:30:33.0297 1304	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
21:30:33.0343 1304	WANARP - ok
21:30:33.0343 1304	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
21:30:33.0375 1304	Wanarpv6 - ok
21:30:33.0421 1304	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
21:30:33.0484 1304	wbengine - ok
21:30:33.0531 1304	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:30:33.0546 1304	WbioSrvc - ok
21:30:33.0577 1304	wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
21:30:33.0609 1304	wcncsvc - ok
21:30:33.0624 1304	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:30:33.0655 1304	WcsPlugInService - ok
21:30:33.0702 1304	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:30:33.0733 1304	Wd - ok
21:30:33.0780 1304	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:30:33.0811 1304	Wdf01000 - ok
21:30:33.0811 1304	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:30:33.0858 1304	WdiServiceHost - ok
21:30:33.0858 1304	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:30:33.0874 1304	WdiSystemHost - ok
21:30:33.0921 1304	WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
21:30:33.0967 1304	WebClient - ok
21:30:33.0999 1304	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:30:34.0061 1304	Wecsvc - ok
21:30:34.0077 1304	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:30:34.0092 1304	wercplsupport - ok
21:30:34.0108 1304	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:30:34.0139 1304	WerSvc - ok
21:30:34.0155 1304	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:30:34.0186 1304	WfpLwf - ok
21:30:34.0233 1304	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
21:30:34.0248 1304	WimFltr - ok
21:30:34.0279 1304	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:30:34.0295 1304	WIMMount - ok
21:30:34.0357 1304	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:30:34.0389 1304	WinDefend - ok
21:30:34.0389 1304	WinHttpAutoProxySvc - ok
21:30:34.0451 1304	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:30:34.0498 1304	Winmgmt - ok
21:30:34.0576 1304	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
21:30:34.0623 1304	WinRM - ok
21:30:34.0669 1304	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:30:34.0763 1304	Wlansvc - ok
21:30:34.0810 1304	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
21:30:34.0872 1304	WmiAcpi - ok
21:30:34.0888 1304	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:30:34.0950 1304	wmiApSrv - ok
21:30:35.0044 1304	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:30:35.0106 1304	WMPNetworkSvc - ok
21:30:35.0184 1304	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:30:35.0215 1304	WPCSvc - ok
21:30:35.0247 1304	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
21:30:35.0278 1304	WPDBusEnum - ok
21:30:35.0309 1304	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:30:35.0356 1304	ws2ifsl - ok
21:30:35.0387 1304	wscsvc          (a661a76333057b383a06e65f0073222f) C:\windows\system32\wscsvc.dll
21:30:35.0418 1304	wscsvc - ok
21:30:35.0434 1304	WSearch - ok
21:30:35.0527 1304	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
21:30:35.0621 1304	wuauserv - ok
21:30:35.0746 1304	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
21:30:35.0808 1304	WudfPf - ok
21:30:35.0839 1304	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
21:30:35.0886 1304	WUDFRd - ok
21:30:35.0933 1304	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
21:30:35.0980 1304	wudfsvc - ok
21:30:35.0995 1304	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:30:36.0042 1304	WwanSvc - ok
21:30:36.0073 1304	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:30:36.0276 1304	\Device\Harddisk0\DR0 - ok
21:30:36.0307 1304	Boot (0x1200)   (951deba248bbb9a7fe509f16fef3433f) \Device\Harddisk0\DR0\Partition0
21:30:36.0307 1304	\Device\Harddisk0\DR0\Partition0 - ok
21:30:36.0307 1304	============================================================
21:30:36.0307 1304	Scan finished
21:30:36.0307 1304	============================================================
21:30:36.0323 5636	Detected object count: 5
21:30:36.0323 5636	Actual detected object count: 5
21:30:51.0767 5636	BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user
21:30:51.0767 5636	BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:30:51.0767 5636	DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
21:30:51.0767 5636	DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:30:51.0767 5636	Profos ( UnsignedFile.Multi.Generic ) - skipped by user
21:30:51.0767 5636	Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:30:51.0767 5636	scan ( UnsignedFile.Multi.Generic ) - skipped by user
21:30:51.0767 5636	scan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:30:51.0767 5636	Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
21:30:51.0767 5636	Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:31:34.0090 5968	============================================================
21:31:34.0090 5968	Scan started
21:31:34.0090 5968	Mode: Manual; SigCheck; TDLFS; 
21:31:34.0090 5968	============================================================
21:31:34.0854 5968	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
21:31:34.0885 5968	1394ohci - ok
21:31:34.0901 5968	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
21:31:34.0917 5968	ACPI - ok
21:31:34.0932 5968	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
21:31:34.0948 5968	AcpiPmi - ok
21:31:35.0041 5968	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:31:35.0057 5968	AdobeARMservice - ok
21:31:35.0104 5968	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:35.0135 5968	AdobeFlashPlayerUpdateSvc - ok
21:31:35.0151 5968	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:31:35.0166 5968	adp94xx - ok
21:31:35.0197 5968	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:31:35.0213 5968	adpahci - ok
21:31:35.0244 5968	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:31:35.0244 5968	adpu320 - ok
21:31:35.0275 5968	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:31:35.0291 5968	AeLookupSvc - ok
21:31:35.0322 5968	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
21:31:35.0322 5968	AFD - ok
21:31:35.0338 5968	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
21:31:35.0353 5968	agp440 - ok
21:31:35.0369 5968	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:31:35.0369 5968	aic78xx - ok
21:31:35.0385 5968	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:31:35.0400 5968	ALG - ok
21:31:35.0416 5968	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
21:31:35.0416 5968	aliide - ok
21:31:35.0431 5968	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
21:31:35.0447 5968	amdagp - ok
21:31:35.0447 5968	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
21:31:35.0463 5968	amdide - ok
21:31:35.0478 5968	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:31:35.0478 5968	AmdK8 - ok
21:31:35.0494 5968	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:31:35.0509 5968	AmdPPM - ok
21:31:35.0525 5968	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
21:31:35.0525 5968	amdsata - ok
21:31:35.0541 5968	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:31:35.0556 5968	amdsbs - ok
21:31:35.0556 5968	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
21:31:35.0572 5968	amdxata - ok
21:31:35.0587 5968	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
21:31:35.0603 5968	AppID - ok
21:31:35.0619 5968	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:31:35.0634 5968	AppIDSvc - ok
21:31:35.0650 5968	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
21:31:35.0650 5968	Appinfo - ok
21:31:35.0681 5968	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
21:31:35.0697 5968	AppMgmt - ok
21:31:35.0712 5968	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:31:35.0712 5968	arc - ok
21:31:35.0728 5968	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:31:35.0728 5968	arcsas - ok
21:31:35.0821 5968	Arrakis3        (d101ca5b2cabbeb27c2a4c21e142ec09) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Arrakis Server\bin\arrakis3.exe
21:31:35.0853 5968	Arrakis3 - ok
21:31:35.0868 5968	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:31:35.0899 5968	AsyncMac - ok
21:31:35.0899 5968	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
21:31:35.0915 5968	atapi - ok
21:31:35.0946 5968	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
21:31:35.0977 5968	AudioEndpointBuilder - ok
21:31:35.0977 5968	Audiosrv        (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
21:31:35.0993 5968	Audiosrv - ok
21:31:36.0009 5968	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
21:31:36.0024 5968	AxInstSV - ok
21:31:36.0055 5968	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:31:36.0055 5968	b06bdrv - ok
21:31:36.0087 5968	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:31:36.0087 5968	b57nd60x - ok
21:31:36.0102 5968	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:31:36.0118 5968	BDESVC - ok
21:31:36.0149 5968	BDFM            (d1c3c6584df5dcd010915a4336294007) C:\windows\system32\DRIVERS\bdfm.sys
21:31:36.0165 5968	BDFM - ok
21:31:36.0196 5968	bdfsfltr        (9b281f5f673cbc5b9ec886d59e0b4f26) C:\windows\system32\DRIVERS\bdfsfltr.sys
21:31:36.0196 5968	bdfsfltr - ok
21:31:36.0289 5968	bdfwfpf         (3c1083ae136fc08cf5f62cf3cfce70a5) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Firewall\bdfwfpf.sys
21:31:36.0305 5968	bdfwfpf - ok
21:31:36.0367 5968	BDSelfPr        (258afc867f3f4eaaf442c7f0f0060fc4) C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\bdselfpr.sys
21:31:36.0383 5968	BDSelfPr ( UnsignedFile.Multi.Generic ) - warning
21:31:36.0383 5968	BDSelfPr - detected UnsignedFile.Multi.Generic (1)
21:31:36.0399 5968	BDVEDISK        (33392317fe8ab70b46c013d8af8fe119) C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\bdvedisk.sys
21:31:36.0414 5968	BDVEDISK - ok
21:31:36.0430 5968	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:31:36.0461 5968	Beep - ok
21:31:36.0508 5968	BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\windows\System32\bfe.dll
21:31:36.0539 5968	BFE - ok
21:31:36.0586 5968	BITS            (53f476476f55a27f580661bde09c4ec4) C:\windows\system32\qmgr.dll
21:31:36.0617 5968	BITS - ok
21:31:36.0648 5968	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:31:36.0648 5968	blbdrive - ok
21:31:36.0679 5968	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
21:31:36.0679 5968	bowser - ok
21:31:36.0695 5968	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:31:36.0695 5968	BrFiltLo - ok
21:31:36.0711 5968	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:31:36.0726 5968	BrFiltUp - ok
21:31:36.0742 5968	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
21:31:36.0757 5968	BridgeMP - ok
21:31:36.0773 5968	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
21:31:36.0804 5968	Browser - ok
21:31:36.0820 5968	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:31:36.0835 5968	Brserid - ok
21:31:36.0835 5968	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:31:36.0851 5968	BrSerWdm - ok
21:31:36.0867 5968	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:31:36.0867 5968	BrUsbMdm - ok
21:31:36.0882 5968	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:31:36.0882 5968	BrUsbSer - ok
21:31:36.0898 5968	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:31:36.0913 5968	BTHMODEM - ok
21:31:36.0929 5968	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:31:36.0945 5968	bthserv - ok
21:31:36.0960 5968	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:31:36.0976 5968	cdfs - ok
21:31:36.0976 5968	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
21:31:36.0991 5968	cdrom - ok
21:31:37.0007 5968	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
21:31:37.0023 5968	CertPropSvc - ok
21:31:37.0038 5968	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:31:37.0038 5968	circlass - ok
21:31:37.0069 5968	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:31:37.0069 5968	CLFS - ok
21:31:37.0132 5968	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:37.0163 5968	clr_optimization_v2.0.50727_32 - ok
21:31:37.0210 5968	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:37.0225 5968	clr_optimization_v4.0.30319_32 - ok
21:31:37.0241 5968	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:31:37.0241 5968	CmBatt - ok
21:31:37.0257 5968	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
21:31:37.0272 5968	cmdide - ok
21:31:37.0303 5968	CNG             (db5e008b3744dd60c8498cbbf2a1cfa6) C:\windows\system32\Drivers\cng.sys
21:31:37.0319 5968	CNG - ok
21:31:37.0335 5968	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:31:37.0350 5968	Compbatt - ok
21:31:37.0366 5968	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
21:31:37.0381 5968	CompositeBus - ok
21:31:37.0381 5968	COMSysApp - ok
21:31:37.0397 5968	cpuz134 - ok
21:31:37.0428 5968	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:31:37.0444 5968	crcdisk - ok
21:31:37.0491 5968	CryptSvc        (520a108a2657f4bca7fced9ca7d885de) C:\windows\system32\cryptsvc.dll
21:31:37.0506 5968	CryptSvc - ok
21:31:37.0537 5968	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
21:31:37.0569 5968	CSC - ok
21:31:37.0600 5968	CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\windows\System32\cscsvc.dll
21:31:37.0615 5968	CscService - ok
21:31:37.0647 5968	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
21:31:37.0678 5968	DcomLaunch - ok
21:31:37.0709 5968	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:31:37.0740 5968	defragsvc - ok
21:31:37.0787 5968	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
21:31:37.0818 5968	DfsC - ok
21:31:37.0849 5968	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\windows\system32\Drivers\DgiVecp.sys
21:31:37.0849 5968	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
21:31:37.0849 5968	DgiVecp - detected UnsignedFile.Multi.Generic (1)
21:31:37.0865 5968	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
21:31:37.0896 5968	Dhcp - ok
21:31:37.0912 5968	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:31:37.0927 5968	discache - ok
21:31:37.0959 5968	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:31:37.0959 5968	Disk - ok
21:31:37.0974 5968	Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
21:31:37.0990 5968	Dnscache - ok
21:31:38.0005 5968	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
21:31:38.0021 5968	dot3svc - ok
21:31:38.0037 5968	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
21:31:38.0068 5968	DPS - ok
21:31:38.0083 5968	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:31:38.0099 5968	drmkaud - ok
21:31:38.0130 5968	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
21:31:38.0146 5968	DXGKrnl - ok
21:31:38.0161 5968	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:31:38.0193 5968	EapHost - ok
21:31:38.0317 5968	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:31:38.0364 5968	ebdrv - ok
21:31:38.0458 5968	EFS             (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
21:31:38.0489 5968	EFS - ok
21:31:38.0551 5968	ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\windows\ehome\ehRecvr.exe
21:31:38.0567 5968	ehRecvr - ok
21:31:38.0598 5968	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:31:38.0598 5968	ehSched - ok
21:31:38.0645 5968	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:31:38.0661 5968	elxstor - ok
21:31:38.0676 5968	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
21:31:38.0676 5968	ErrDev - ok
21:31:38.0723 5968	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:31:38.0739 5968	EventSystem - ok
21:31:38.0770 5968	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:31:38.0785 5968	exfat - ok
21:31:38.0801 5968	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:31:38.0832 5968	fastfat - ok
21:31:38.0863 5968	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
21:31:38.0879 5968	Fax - ok
21:31:38.0879 5968	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:31:38.0895 5968	fdc - ok
21:31:38.0895 5968	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:31:38.0910 5968	fdPHost - ok
21:31:38.0926 5968	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:31:38.0941 5968	FDResPub - ok
21:31:38.0957 5968	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:31:38.0957 5968	FileInfo - ok
21:31:38.0973 5968	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:31:38.0988 5968	Filetrace - ok
21:31:39.0004 5968	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:31:39.0019 5968	flpydisk - ok
21:31:39.0035 5968	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:31:39.0051 5968	FltMgr - ok
21:31:39.0097 5968	FontCache       (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
21:31:39.0129 5968	FontCache - ok
21:31:39.0191 5968	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:31:39.0207 5968	FontCache3.0.0.0 - ok
21:31:39.0222 5968	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:31:39.0238 5968	FsDepends - ok
21:31:39.0253 5968	Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
21:31:39.0269 5968	Fs_Rec - ok
21:31:39.0300 5968	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
21:31:39.0316 5968	fvevol - ok
21:31:39.0331 5968	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:31:39.0347 5968	gagp30kx - ok
21:31:39.0378 5968	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
21:31:39.0409 5968	gpsvc - ok
21:31:39.0441 5968	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:31:39.0441 5968	hcw85cir - ok
21:31:39.0472 5968	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
21:31:39.0487 5968	HdAudAddService - ok
21:31:39.0503 5968	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
21:31:39.0519 5968	HDAudBus - ok
21:31:39.0519 5968	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:31:39.0534 5968	HidBatt - ok
21:31:39.0550 5968	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:31:39.0565 5968	HidBth - ok
21:31:39.0565 5968	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:31:39.0581 5968	HidIr - ok
21:31:39.0597 5968	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
21:31:39.0612 5968	hidserv - ok
21:31:39.0612 5968	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
21:31:39.0628 5968	HidUsb - ok
21:31:39.0643 5968	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
21:31:39.0675 5968	hkmsvc - ok
21:31:39.0690 5968	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
21:31:39.0706 5968	HomeGroupListener - ok
21:31:39.0737 5968	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
21:31:39.0753 5968	HomeGroupProvider - ok
21:31:39.0768 5968	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
21:31:39.0768 5968	HpSAMD - ok
21:31:39.0815 5968	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
21:31:39.0846 5968	HTTP - ok
21:31:39.0846 5968	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
21:31:39.0862 5968	hwpolicy - ok
21:31:39.0893 5968	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
21:31:39.0893 5968	i8042prt - ok
21:31:39.0924 5968	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
21:31:39.0940 5968	iaStorV - ok
21:31:40.0033 5968	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:31:40.0065 5968	idsvc - ok
21:31:40.0283 5968	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
21:31:40.0345 5968	igfx - ok
21:31:40.0439 5968	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:31:40.0455 5968	iirsp - ok
21:31:40.0501 5968	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
21:31:40.0533 5968	IKEEXT - ok
21:31:40.0657 5968	IntcAzAudAddService (b44c0357d1fc7c9e4c0b0983a9e96ff9) C:\windows\system32\drivers\RTKVHDA.sys
21:31:40.0720 5968	IntcAzAudAddService - ok
21:31:40.0751 5968	IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys
21:31:40.0767 5968	IntcHdmiAddService - ok
21:31:40.0782 5968	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
21:31:40.0782 5968	intelide - ok
21:31:40.0798 5968	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:31:40.0798 5968	intelppm - ok
21:31:40.0829 5968	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:31:40.0860 5968	IPBusEnum - ok
21:31:40.0876 5968	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:31:40.0907 5968	IpFilterDriver - ok
21:31:40.0923 5968	iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\windows\System32\iphlpsvc.dll
21:31:40.0954 5968	iphlpsvc - ok
21:31:40.0969 5968	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
21:31:40.0985 5968	IPMIDRV - ok
21:31:41.0001 5968	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:31:41.0016 5968	IPNAT - ok
21:31:41.0032 5968	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:31:41.0047 5968	IRENUM - ok
21:31:41.0047 5968	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
21:31:41.0063 5968	isapnp - ok
21:31:41.0079 5968	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
21:31:41.0094 5968	iScsiPrt - ok
21:31:41.0110 5968	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
21:31:41.0125 5968	kbdclass - ok
21:31:41.0125 5968	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
21:31:41.0141 5968	kbdhid - ok
21:31:41.0172 5968	KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:31:41.0172 5968	KeyIso - ok
21:31:41.0203 5968	KSecDD          (52fc17c8589f11747d01d3cf592673d0) C:\windows\system32\Drivers\ksecdd.sys
21:31:41.0203 5968	KSecDD - ok
21:31:41.0235 5968	KSecPkg         (3e5474b03568cfab834da3c38e8c9efa) C:\windows\system32\Drivers\ksecpkg.sys
21:31:41.0250 5968	KSecPkg - ok
21:31:41.0281 5968	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:31:41.0297 5968	KtmRm - ok
21:31:41.0328 5968	LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\windows\System32\srvsvc.dll
21:31:41.0344 5968	LanmanServer - ok
21:31:41.0375 5968	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
21:31:41.0391 5968	LanmanWorkstation - ok
21:31:41.0500 5968	LIVESRV         (84b4faaff83cc69954c4ef2959b35b18) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Update Service\livesrv.exe
21:31:41.0531 5968	LIVESRV - ok
21:31:41.0547 5968	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:31:41.0578 5968	lltdio - ok
21:31:41.0609 5968	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:31:41.0625 5968	lltdsvc - ok
21:31:41.0640 5968	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:31:41.0656 5968	lmhosts - ok
21:31:41.0687 5968	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:31:41.0703 5968	LSI_FC - ok
21:31:41.0718 5968	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:31:41.0734 5968	LSI_SAS - ok
21:31:41.0734 5968	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:31:41.0749 5968	LSI_SAS2 - ok
21:31:41.0765 5968	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:31:41.0765 5968	LSI_SCSI - ok
21:31:41.0796 5968	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:31:41.0812 5968	luafv - ok
21:31:41.0843 5968	MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys
21:31:41.0843 5968	MBAMProtector - ok
21:31:41.0905 5968	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:31:41.0921 5968	MBAMService - ok
21:31:41.0952 5968	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\windows\system32\Mcx2Svc.dll
21:31:41.0968 5968	Mcx2Svc - ok
21:31:41.0983 5968	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:31:41.0983 5968	megasas - ok
21:31:41.0999 5968	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:31:42.0015 5968	MegaSR - ok
21:31:42.0046 5968	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:31:42.0061 5968	MMCSS - ok
21:31:42.0077 5968	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:31:42.0093 5968	Modem - ok
21:31:42.0108 5968	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:31:42.0108 5968	monitor - ok
21:31:42.0139 5968	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
21:31:42.0139 5968	mouclass - ok
21:31:42.0155 5968	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:31:42.0171 5968	mouhid - ok
21:31:42.0186 5968	mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
21:31:42.0186 5968	mountmgr - ok
21:31:42.0202 5968	mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
21:31:42.0202 5968	mpio - ok
21:31:42.0217 5968	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:31:42.0233 5968	mpsdrv - ok
21:31:42.0280 5968	MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\windows\system32\mpssvc.dll
21:31:42.0311 5968	MpsSvc - ok
21:31:42.0327 5968	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
21:31:42.0342 5968	MRxDAV - ok
21:31:42.0405 5968	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
21:31:42.0420 5968	mrxsmb - ok
21:31:42.0451 5968	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:31:42.0467 5968	mrxsmb10 - ok
21:31:42.0498 5968	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:31:42.0514 5968	mrxsmb20 - ok
21:31:42.0514 5968	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
21:31:42.0529 5968	msahci - ok
21:31:42.0545 5968	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
21:31:42.0545 5968	msdsm - ok
21:31:42.0561 5968	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:31:42.0576 5968	MSDTC - ok
21:31:42.0607 5968	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:31:42.0623 5968	Msfs - ok
21:31:42.0639 5968	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:31:42.0654 5968	mshidkmdf - ok
21:31:42.0654 5968	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
21:31:42.0670 5968	msisadrv - ok
21:31:42.0701 5968	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:31:42.0717 5968	MSiSCSI - ok
21:31:42.0717 5968	msiserver - ok
21:31:42.0732 5968	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:31:42.0748 5968	MSKSSRV - ok
21:31:42.0763 5968	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:31:42.0779 5968	MSPCLOCK - ok
21:31:42.0795 5968	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:31:42.0810 5968	MSPQM - ok
21:31:42.0826 5968	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:31:42.0841 5968	MsRPC - ok
21:31:42.0857 5968	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
21:31:42.0873 5968	mssmbios - ok
21:31:42.0919 5968	MSSQL$DWINSTANCE01 - ok
21:31:42.0966 5968	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:31:42.0997 5968	MSSQLServerADHelper - ok
21:31:43.0029 5968	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:31:43.0075 5968	MSTEE - ok
21:31:43.0107 5968	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:31:43.0122 5968	MTConfig - ok
21:31:43.0138 5968	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:31:43.0153 5968	Mup - ok
21:31:43.0185 5968	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
21:31:43.0231 5968	napagent - ok
21:31:43.0247 5968	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:31:43.0263 5968	NativeWifiP - ok
21:31:43.0309 5968	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
21:31:43.0325 5968	NDIS - ok
21:31:43.0341 5968	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:31:43.0356 5968	NdisCap - ok
21:31:43.0372 5968	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:31:43.0387 5968	NdisTapi - ok
21:31:43.0403 5968	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
21:31:43.0419 5968	Ndisuio - ok
21:31:43.0434 5968	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
21:31:43.0450 5968	NdisWan - ok
21:31:43.0450 5968	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
21:31:43.0481 5968	NDProxy - ok
21:31:43.0481 5968	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:31:43.0512 5968	NetBIOS - ok
21:31:43.0528 5968	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
21:31:43.0543 5968	NetBT - ok
21:31:43.0575 5968	Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:31:43.0590 5968	Netlogon - ok
21:31:43.0606 5968	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:31:43.0637 5968	Netman - ok
21:31:43.0653 5968	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:31:43.0684 5968	netprofm - ok
21:31:43.0746 5968	NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:43.0762 5968	NetTcpPortSharing - ok
21:31:43.0793 5968	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:31:43.0809 5968	nfrd960 - ok
21:31:43.0824 5968	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
21:31:43.0855 5968	NlaSvc - ok
21:31:43.0887 5968	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:31:43.0902 5968	Npfs - ok
21:31:43.0918 5968	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:31:43.0933 5968	nsi - ok
21:31:43.0933 5968	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:31:43.0965 5968	nsiproxy - ok
21:31:44.0027 5968	Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
21:31:44.0058 5968	Ntfs - ok
21:31:44.0152 5968	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:31:44.0199 5968	Null - ok
21:31:44.0214 5968	NVHDA           (b4f70fac4ea61cf150823aa063a39ff9) C:\windows\system32\drivers\nvhda32v.sys
21:31:44.0214 5968	NVHDA - ok
21:31:44.0557 5968	nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\windows\system32\DRIVERS\nvlddmkm.sys
21:31:44.0698 5968	nvlddmkm - ok
21:31:44.0776 5968	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
21:31:44.0791 5968	nvraid - ok
21:31:44.0823 5968	nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
21:31:44.0854 5968	nvstor - ok
21:31:44.0885 5968	nvsvc           (7c732aff202dcd06c3d262966d71604c) C:\windows\system32\nvvsvc.exe
21:31:44.0901 5968	nvsvc - ok
21:31:45.0072 5968	nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:31:45.0103 5968	nvUpdatusService - ok
21:31:45.0181 5968	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
21:31:45.0197 5968	nv_agp - ok
21:31:45.0213 5968	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
21:31:45.0228 5968	ohci1394 - ok
21:31:45.0291 5968	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:31:45.0306 5968	ose - ok
21:31:45.0337 5968	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:31:45.0369 5968	p2pimsvc - ok
21:31:45.0400 5968	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:31:45.0415 5968	p2psvc - ok
21:31:45.0431 5968	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:31:45.0431 5968	Parport - ok
21:31:45.0462 5968	partmgr         (66d3415c159741ade7038a277efff99f) C:\windows\system32\drivers\partmgr.sys
21:31:45.0462 5968	partmgr - ok
21:31:45.0478 5968	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:31:45.0493 5968	Parvdm - ok
21:31:45.0509 5968	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:31:45.0525 5968	PcaSvc - ok
21:31:45.0525 5968	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
21:31:45.0540 5968	pci - ok
21:31:45.0540 5968	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
21:31:45.0556 5968	pciide - ok
21:31:45.0571 5968	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:31:45.0587 5968	pcmcia - ok
21:31:45.0603 5968	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:31:45.0603 5968	pcw - ok
21:31:45.0634 5968	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:31:45.0665 5968	PEAUTH - ok
21:31:45.0727 5968	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
21:31:45.0774 5968	PeerDistSvc - ok
21:31:45.0868 5968	pla             (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
21:31:45.0899 5968	pla - ok
21:31:46.0008 5968	PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
21:31:46.0039 5968	PlugPlay - ok
21:31:46.0133 5968	PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\Kamera\PMBDeviceInfoProvider.exe
21:31:46.0164 5968	PMBDeviceInfoProvider - ok
21:31:46.0180 5968	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:31:46.0180 5968	PNRPAutoReg - ok
21:31:46.0211 5968	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:31:46.0227 5968	PNRPsvc - ok
21:31:46.0258 5968	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
21:31:46.0289 5968	PolicyAgent - ok
21:31:46.0305 5968	Power           (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
21:31:46.0320 5968	Power - ok
21:31:46.0351 5968	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:31:46.0367 5968	PptpMiniport - ok
21:31:46.0398 5968	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:31:46.0398 5968	Processor - ok
21:31:46.0476 5968	Profos          (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\profos.sys
21:31:46.0492 5968	Profos ( UnsignedFile.Multi.Generic ) - warning
21:31:46.0492 5968	Profos - detected UnsignedFile.Multi.Generic (1)
21:31:46.0523 5968	ProfSvc         (aea3bdbdba667aa6f678cb38907e4f5e) C:\windows\system32\profsvc.dll
21:31:46.0539 5968	ProfSvc - ok
21:31:46.0570 5968	ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:31:46.0585 5968	ProtectedStorage - ok
21:31:46.0617 5968	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:31:46.0632 5968	Psched - ok
21:31:46.0710 5968	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:31:46.0741 5968	ql2300 - ok
21:31:46.0835 5968	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:31:46.0851 5968	ql40xx - ok
21:31:46.0882 5968	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:31:46.0913 5968	QWAVE - ok
21:31:46.0913 5968	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:31:46.0929 5968	QWAVEdrv - ok
21:31:46.0944 5968	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:31:46.0960 5968	RasAcd - ok
21:31:46.0991 5968	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:31:47.0007 5968	RasAgileVpn - ok
21:31:47.0022 5968	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:31:47.0038 5968	RasAuto - ok
21:31:47.0038 5968	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:31:47.0069 5968	Rasl2tp - ok
21:31:47.0085 5968	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
21:31:47.0116 5968	RasMan - ok
21:31:47.0116 5968	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:31:47.0147 5968	RasPppoe - ok
21:31:47.0147 5968	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:31:47.0163 5968	RasSstp - ok
21:31:47.0194 5968	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
21:31:47.0209 5968	rdbss - ok
21:31:47.0225 5968	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:31:47.0241 5968	rdpbus - ok
21:31:47.0256 5968	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
21:31:47.0272 5968	RDPCDD - ok
21:31:47.0303 5968	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
21:31:47.0319 5968	RDPDR - ok
21:31:47.0319 5968	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:31:47.0334 5968	RDPENCDD - ok
21:31:47.0350 5968	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:31:47.0365 5968	RDPREFMP - ok
21:31:47.0397 5968	RDPWD           (c5b8d47a4688de9d335204ea757c2240) C:\windows\system32\drivers\RDPWD.sys
21:31:47.0412 5968	RDPWD - ok
21:31:47.0428 5968	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
21:31:47.0443 5968	rdyboost - ok
21:31:47.0459 5968	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:31:47.0490 5968	RemoteAccess - ok
21:31:47.0506 5968	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:31:47.0521 5968	RemoteRegistry - ok
21:31:47.0537 5968	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:31:47.0553 5968	RpcEptMapper - ok
21:31:47.0568 5968	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:31:47.0584 5968	RpcLocator - ok
21:31:47.0615 5968	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
21:31:47.0631 5968	RpcSs - ok
21:31:47.0646 5968	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:31:47.0662 5968	rspndr - ok
21:31:47.0709 5968	RTL8167         (60647bfa2fef7f6d6fbbaf661312f2ce) C:\windows\system32\DRIVERS\Rt86win7.sys
21:31:47.0724 5968	RTL8167 - ok
21:31:47.0724 5968	s3cap           (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
21:31:47.0740 5968	s3cap - ok
21:31:47.0771 5968	SamSs           (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:31:47.0771 5968	SamSs - ok
21:31:47.0802 5968	Samsung UPD Service2 (2a54eff79b03a8c2389f2bb0f2264f1e) C:\windows\System32\SUPDSvc2.exe
21:31:47.0818 5968	Samsung UPD Service2 - ok
21:31:47.0833 5968	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
21:31:47.0849 5968	sbp2port - ok
21:31:47.0943 5968	scan            (a2c93f04bef9bdd44353aa1a945696ac) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\scan.dll
21:31:47.0974 5968	scan ( UnsignedFile.Multi.Generic ) - warning
21:31:47.0974 5968	scan - detected UnsignedFile.Multi.Generic (1)
21:31:48.0005 5968	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:31:48.0021 5968	SCardSvr - ok
21:31:48.0021 5968	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
21:31:48.0052 5968	scfilter - ok
21:31:48.0099 5968	Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
21:31:48.0130 5968	Schedule - ok
21:31:48.0130 5968	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
21:31:48.0161 5968	SCPolicySvc - ok
21:31:48.0161 5968	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
21:31:48.0177 5968	SDRSVC - ok
21:31:48.0208 5968	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:31:48.0223 5968	secdrv - ok
21:31:48.0239 5968	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:31:48.0255 5968	seclogon - ok
21:31:48.0270 5968	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
21:31:48.0286 5968	SENS - ok
21:31:48.0317 5968	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:31:48.0317 5968	SensrSvc - ok
21:31:48.0348 5968	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:31:48.0364 5968	Serenum - ok
21:31:48.0364 5968	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:31:48.0379 5968	Serial - ok
21:31:48.0379 5968	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:31:48.0379 5968	sermouse - ok
21:31:48.0395 5968	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
21:31:48.0426 5968	SessionEnv - ok
21:31:48.0442 5968	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
21:31:48.0457 5968	sffdisk - ok
21:31:48.0457 5968	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
21:31:48.0473 5968	sffp_mmc - ok
21:31:48.0473 5968	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
21:31:48.0489 5968	sffp_sd - ok
21:31:48.0489 5968	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:31:48.0504 5968	sfloppy - ok
21:31:48.0535 5968	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:31:48.0551 5968	SharedAccess - ok
21:31:48.0567 5968	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
21:31:48.0582 5968	ShellHWDetection - ok
21:31:48.0598 5968	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
21:31:48.0613 5968	sisagp - ok
21:31:48.0613 5968	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:31:48.0629 5968	SiSRaid2 - ok
21:31:48.0629 5968	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:31:48.0645 5968	SiSRaid4 - ok
21:31:48.0676 5968	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:31:48.0691 5968	Smb - ok
21:31:48.0723 5968	snapman         (8d16aa2fb47821365606677baae5238e) C:\windows\system32\DRIVERS\snapman.sys
21:31:48.0723 5968	snapman - ok
21:31:48.0738 5968	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:31:48.0754 5968	SNMPTRAP - ok
21:31:48.0754 5968	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:31:48.0754 5968	spldr - ok
21:31:48.0801 5968	Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
21:31:48.0801 5968	Spooler - ok
21:31:48.0941 5968	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
21:31:48.0988 5968	sppsvc - ok
21:31:49.0066 5968	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
21:31:49.0113 5968	sppuinotify - ok
21:31:49.0191 5968	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:31:49.0206 5968	SQLBrowser - ok
21:31:49.0237 5968	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:31:49.0253 5968	SQLWriter - ok
21:31:49.0284 5968	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
21:31:49.0315 5968	srv - ok
21:31:49.0331 5968	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
21:31:49.0347 5968	srv2 - ok
21:31:49.0362 5968	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
21:31:49.0362 5968	srvnet - ok
21:31:49.0409 5968	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:31:49.0425 5968	SSDPSRV - ok
21:31:49.0440 5968	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:31:49.0456 5968	SstpSvc - ok
21:31:49.0518 5968	Stereo Service  (fb8fcf538184a28f674fea9521d7a6bb) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:31:49.0534 5968	Stereo Service - ok
21:31:49.0565 5968	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:31:49.0565 5968	stexstor - ok
21:31:49.0596 5968	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
21:31:49.0612 5968	StiSvc - ok
21:31:49.0627 5968	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
21:31:49.0627 5968	storflt - ok
21:31:49.0659 5968	StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\windows\system32\storsvc.dll
21:31:49.0659 5968	StorSvc - ok
21:31:49.0659 5968	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
21:31:49.0674 5968	storvsc - ok
21:31:49.0690 5968	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
21:31:49.0690 5968	swenum - ok
21:31:49.0721 5968	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:31:49.0737 5968	swprv - ok
21:31:49.0799 5968	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
21:31:49.0815 5968	SysMain - ok
21:31:49.0830 5968	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
21:31:49.0846 5968	TabletInputService - ok
21:31:49.0861 5968	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
21:31:49.0893 5968	TapiSrv - ok
21:31:49.0893 5968	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:31:49.0924 5968	TBS - ok
21:31:50.0033 5968	Tcpip           (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\drivers\tcpip.sys
21:31:50.0080 5968	Tcpip - ok
21:31:50.0220 5968	TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\DRIVERS\tcpip.sys
21:31:50.0251 5968	TCPIP6 - ok
21:31:50.0314 5968	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
21:31:50.0345 5968	tcpipreg - ok
21:31:50.0361 5968	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
21:31:50.0361 5968	TDPIPE - ok
21:31:50.0392 5968	TDTCP           (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
21:31:50.0392 5968	TDTCP - ok
21:31:50.0407 5968	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
21:31:50.0423 5968	tdx - ok
21:31:50.0439 5968	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
21:31:50.0454 5968	TermDD - ok
21:31:50.0501 5968	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
21:31:50.0532 5968	TermService - ok
21:31:50.0548 5968	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:31:50.0548 5968	Themes - ok
21:31:50.0579 5968	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:31:50.0595 5968	THREADORDER - ok
21:31:50.0641 5968	timounter       (3e06987fedbcdfbff8e85ef8108565f9) C:\windows\system32\DRIVERS\timntr.sys
21:31:50.0657 5968	timounter - ok
21:31:50.0673 5968	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:31:50.0688 5968	TrkWks - ok
21:31:50.0766 5968	Trufos          (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\Acronis Backup and Security\Acronis Backup and Security Threat Scanner\trufos.sys
21:31:50.0782 5968	Trufos ( UnsignedFile.Multi.Generic ) - warning
21:31:50.0782 5968	Trufos - detected UnsignedFile.Multi.Generic (1)
21:31:50.0829 5968	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
21:31:50.0860 5968	TrustedInstaller - ok
21:31:50.0891 5968	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
21:31:50.0922 5968	tssecsrv - ok
21:31:50.0938 5968	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
21:31:50.0969 5968	tunnel - ok
21:31:51.0000 5968	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:31:51.0000 5968	uagp35 - ok
21:31:51.0016 5968	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
21:31:51.0047 5968	udfs - ok
21:31:51.0063 5968	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:31:51.0078 5968	UI0Detect - ok
21:31:51.0109 5968	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
21:31:51.0109 5968	uliagpkx - ok
21:31:51.0141 5968	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
21:31:51.0141 5968	umbus - ok
21:31:51.0156 5968	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:31:51.0172 5968	UmPass - ok
21:31:51.0187 5968	UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\windows\System32\umrdp.dll
21:31:51.0203 5968	UmRdpService - ok
21:31:51.0219 5968	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:31:51.0250 5968	upnphost - ok
21:31:51.0265 5968	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
21:31:51.0281 5968	usbccgp - ok
21:31:51.0297 5968	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
21:31:51.0297 5968	usbcir - ok
21:31:51.0312 5968	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\drivers\usbehci.sys
21:31:51.0312 5968	usbehci - ok
21:31:51.0343 5968	usbhub          (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
21:31:51.0359 5968	usbhub - ok
21:31:51.0375 5968	usbohci         (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
21:31:51.0375 5968	usbohci - ok
21:31:51.0390 5968	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:31:51.0390 5968	usbprint - ok
21:31:51.0421 5968	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
21:31:51.0421 5968	usbscan - ok
21:31:51.0453 5968	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:31:51.0468 5968	USBSTOR - ok
21:31:51.0468 5968	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
21:31:51.0484 5968	usbuhci - ok
21:31:51.0499 5968	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:31:51.0515 5968	UxSms - ok
21:31:51.0546 5968	VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
21:31:51.0562 5968	VaultSvc - ok
21:31:51.0577 5968	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
21:31:51.0593 5968	vdrvroot - ok
21:31:51.0609 5968	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
21:31:51.0624 5968	vds - ok
21:31:51.0655 5968	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:31:51.0655 5968	vga - ok
21:31:51.0687 5968	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:31:51.0702 5968	VgaSave - ok
21:31:51.0718 5968	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
21:31:51.0733 5968	vhdmp - ok
21:31:51.0749 5968	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
21:31:51.0765 5968	viaagp - ok
21:31:51.0765 5968	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:31:51.0780 5968	ViaC7 - ok
21:31:51.0780 5968	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
21:31:51.0796 5968	viaide - ok
21:31:51.0811 5968	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
21:31:51.0827 5968	vmbus - ok
21:31:51.0827 5968	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
21:31:51.0843 5968	VMBusHID - ok
21:31:51.0843 5968	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
21:31:51.0858 5968	volmgr - ok
21:31:51.0874 5968	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:31:51.0889 5968	volmgrx - ok
21:31:51.0905 5968	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
21:31:51.0921 5968	volsnap - ok
21:31:51.0921 5968	vpcbus          (33e74df34753fcaab06f6f2bdc8cabf5) C:\windows\system32\DRIVERS\vpchbus.sys
21:31:51.0936 5968	vpcbus - ok
21:31:51.0952 5968	vpcnfltr        (5f04362ceb5fb5901037e9d9eadd3760) C:\windows\system32\DRIVERS\vpcnfltr.sys
21:31:51.0967 5968	vpcnfltr - ok
21:31:51.0983 5968	vpcusb          (625088d6ee9ede977fd03cf18d1cd5c5) C:\windows\system32\DRIVERS\vpcusb.sys
21:31:51.0999 5968	vpcusb - ok
21:31:52.0030 5968	vpcvmm          (1023c696d42268e9071bb376dbec8396) C:\windows\system32\drivers\vpcvmm.sys
21:31:52.0045 5968	vpcvmm - ok
21:31:52.0061 5968	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:31:52.0077 5968	vsmraid - ok
21:31:52.0139 5968	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
21:31:52.0170 5968	VSS - ok
21:31:52.0295 5968	VSSERV          (49b1e718b6c05407a1e465a75a979a3a) C:\Program Files\Acronis Backup and Security\Acronis Backup and Security 2010\vsserv.exe
21:31:52.0326 5968	VSSERV - ok
21:31:52.0435 5968	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys
21:31:52.0451 5968	vwifibus - ok
21:31:52.0467 5968	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:31:52.0498 5968	W32Time - ok
21:31:52.0529 5968	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:31:52.0529 5968	WacomPen - ok
21:31:52.0545 5968	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
21:31:52.0560 5968	WANARP - ok
21:31:52.0560 5968	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
21:31:52.0591 5968	Wanarpv6 - ok
21:31:52.0638 5968	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
21:31:52.0669 5968	wbengine - ok
21:31:52.0685 5968	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:31:52.0701 5968	WbioSrvc - ok
21:31:52.0732 5968	wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
21:31:52.0747 5968	wcncsvc - ok
21:31:52.0747 5968	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:31:52.0763 5968	WcsPlugInService - ok
21:31:52.0779 5968	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:31:52.0794 5968	Wd - ok
21:31:52.0825 5968	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:31:52.0825 5968	Wdf01000 - ok
21:31:52.0841 5968	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:31:52.0857 5968	WdiServiceHost - ok
21:31:52.0857 5968	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:31:52.0872 5968	WdiSystemHost - ok
21:31:52.0903 5968	WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
21:31:52.0919 5968	WebClient - ok
21:31:52.0935 5968	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:31:52.0966 5968	Wecsvc - ok
21:31:52.0966 5968	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:31:52.0997 5968	wercplsupport - ok
21:31:53.0013 5968	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:31:53.0028 5968	WerSvc - ok
21:31:53.0044 5968	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:31:53.0059 5968	WfpLwf - ok
21:31:53.0091 5968	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
21:31:53.0106 5968	WimFltr - ok
21:31:53.0137 5968	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:31:53.0153 5968	WIMMount - ok
21:31:53.0200 5968	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:31:53.0231 5968	WinDefend - ok
21:31:53.0231 5968	WinHttpAutoProxySvc - ok
21:31:53.0278 5968	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:31:53.0309 5968	Winmgmt - ok
21:31:53.0371 5968	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
21:31:53.0418 5968	WinRM - ok
21:31:53.0481 5968	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:31:53.0512 5968	Wlansvc - ok
21:31:53.0559 5968	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
21:31:53.0590 5968	WmiAcpi - ok
21:31:53.0605 5968	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:31:53.0621 5968	wmiApSrv - ok
21:31:53.0715 5968	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:31:53.0761 5968	WMPNetworkSvc - ok
21:31:53.0808 5968	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:31:53.0839 5968	WPCSvc - ok
21:31:53.0855 5968	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
21:31:53.0871 5968	WPDBusEnum - ok
21:31:53.0933 5968	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:31:53.0964 5968	ws2ifsl - ok
21:31:53.0980 5968	wscsvc          (a661a76333057b383a06e65f0073222f) C:\windows\system32\wscsvc.dll
21:31:53.0995 5968	wscsvc - ok
21:31:53.0995 5968	WSearch - ok
21:31:54.0105 5968	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
21:31:54.0151 5968	wuauserv - ok
21:31:54.0229 5968	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
21:31:54.0261 5968	WudfPf - ok
21:31:54.0276 5968	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
21:31:54.0292 5968	WUDFRd - ok
21:31:54.0339 5968	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
21:31:54.0370 5968	wudfsvc - ok
21:31:54.0401 5968	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:31:54.0417 5968	WwanSvc - ok
21:31:54.0417 5968	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:31:54.0619 5968	\Device\Harddisk0\DR0 - ok
21:31:54.0651 5968	Boot (0x1200)   (951deba248bbb9a7fe509f16fef3433f) \Device\Harddisk0\DR0\Partition0
21:31:54.0651 5968	\Device\Harddisk0\DR0\Partition0 - ok
21:31:54.0651 5968	============================================================
21:31:54.0651 5968	Scan finished
21:31:54.0651 5968	============================================================
21:31:54.0666 0976	Detected object count: 5
21:31:54.0666 0976	Actual detected object count: 5
21:32:07.0692 0976	BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:07.0692 0976	BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:07.0692 0976	DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:07.0692 0976	DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:07.0692 0976	Profos ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:07.0692 0976	Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:07.0692 0976	scan ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:07.0692 0976	scan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:07.0708 0976	Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:07.0708 0976	Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip

hoffe das ist noch zu beheben. Danke mal wieder im vorraus.

markusg · 14.08.2012, 18:48

start ausführen, tippe:
msconfig
systemstart
alle haken raus außer bei
Acronis
dann ok klicken, neustart.
bitte mal alle aktuellen driver instalieren und windows update erneut ausführen.

GVU Trojaner Windows7 32bit

Log-Analyse und Auswertung: GVU Trojaner Windows7 32bit