GVU-Trojaner

onrop_m · 26.02.2013, 20:06

Hallo zusammen,

leider hat sich der GVU-Trojaner bei dem Laptop meiner Frau eingenistet. Ich habe das entsprechende Bild leider nicht gesehen, daher ist "nur" eine (starke) Vermutung, dass es dieser Trojaner ist.
Meine Frau kann sich nur daran, erinnern, dass ein Bild mit der Kamera von ihr gemacht und angezeigt worden ist und sie per Paysafe 100€ bezahlen soll. Aufgrund dieser Aussage und ein bisschen googeln, bin auch darauf gekommen, dass es wohl der GVU sein muss.
Ich sehe beim normalen Hochfahren nur noch ein weißes Bild und ich habe keine Chance aufs System zuzugreifen.
In den abgesicherten Modus mit Eingabeaufforderung komme ich, weiß aber allerdings nicht was ich jetzt tun muss.
Wäre super nett, wenn ihr mir helfen würdet.
Schonmal vielen Dank im voraus.

Mfg
onrop_m

markusg · 26.02.2013, 20:08

Hi,
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

onrop_m · 26.02.2013, 20:40

Vielen Dank für die schnelle Antwort.
Allerdings erhalte ich beim Doppelklick auf das OTLPE-Icon die Meldung "Browse For Folder".
Wenn ich nun die C-Partiton auswähle, kommt die Meldung "Target is not windows 2000 or later".
Es handelt sich um einen 7er Home Professional, 64bit.

Was nun?

markusg · 26.02.2013, 20:43

hi klappe mal nacheinander alle laufwerke aus, klicke doppelt auf windows, wenn gefunden, dann gehts

onrop_m · 26.02.2013, 21:06

Danke, das hat weitergeholfen.
Hier der Inhalt aus OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2/26/2013 8:49:22 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 101.97 Mb Total Space | 77.85 Mb Free Space | 76.34% Space Free | Partition Type: NTFS
Drive D: | 353.30 Gb Total Space | 291.77 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
Drive E: | 100.36 Gb Total Space | 42.97 Gb Free Space | 42.81% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.08 Gb Free Space | 82.58% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/03/25 13:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- E:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/03/25 13:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2010/03/25 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 13:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- E:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- E:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 09:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- E:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/02 11:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/15 11:24:41 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/14 03:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/12 05:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/05/12 05:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2010/05/12 05:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/05/12 05:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/05/12 05:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/04/28 01:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/26 21:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/04/26 21:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010/04/26 21:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010/03/25 13:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- E:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/03/25 13:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/03/25 13:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/03/25 13:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/03/25 13:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/09/29 06:06:46 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot] -- E:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009/09/01 22:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/21 04:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/15 05:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- E:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- E:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2010/06/14 03:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- E:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360810f515l0434z175t5472d416
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360810f515l0434z175t5472d416
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\ms_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360810f515l0434z175t5472d416
IE - HKU\ms_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\ms_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ms_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\ss_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360810f515l0434z175t5472d416
IE - HKU\ss_ON_E\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.yahoo.com/ [binary data]
IE - HKU\ss_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360810f515l0434z175t5472d416
IE - HKU\ss_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/25 06:56:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/15 05:26:34 | 000,000,000 | ---D | M]
 
[2012/06/17 07:13:17 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/08 11:28:12 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/11/06 13:26:40 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/03/25 13:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- E:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/07/22 19:48:56 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/07/22 19:48:56 | 000,002,344 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/07/22 19:48:56 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/22 19:48:56 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/07/22 19:48:56 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\ss_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management]  File not found
O4:64bit: - HKLM..\Run: [Apoint]  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds]  File not found
O4:64bit: - HKLM..\Run: [IAAnotif]  File not found
O4:64bit: - HKLM..\Run: [IgfxTray]  File not found
O4:64bit: - HKLM..\Run: [mwlDaemon]  File not found
O4:64bit: - HKLM..\Run: [Persistence]  File not found
O4:64bit: - HKLM..\Run: [PLFSetI]  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] E:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] E:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] E:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] E:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PlayMovie] E:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [ShStatEXE] E:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\ms_ON_E..\Run: [AutoStartNPSAgent] E:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\ms_ON_E..\Run: [EA Core] E:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\ms_ON_E..\Run: [MP4 Player] E:\Program Files (x86)\MP4 Player\mp4Player.exe ()
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\ms_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ms_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\ms_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\ss_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ss_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\ss_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\ss_ON_E Winlogon: Shell - (C:\Users\ss\AppData\Roaming\ldr.mcb) - E:\Users\ss\AppData\Roaming\ldr.mcb ()
O20 - HKU\ss_ON_E Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/11 09:36:22 | 000,000,000 | ---D | C] -- E:\Users\ss\AppData\Local\{3EFA9D67-44C6-28EF-48A4-D614288CB8C9}
[2013/02/11 09:35:58 | 000,000,000 | ---D | C] -- E:\QUARANTINE
[2009/11/02 23:04:33 | 000,036,136 | ---- | C] (Oberon Media) -- E:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/26 14:24:57 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/02/26 14:24:53 | 000,008,212 | ---- | M] () -- E:\Windows\mfebcdata
[2013/02/26 14:24:16 | 3166,154,752 | -HS- | M] () -- E:\hiberfil.sys
[2013/02/26 13:56:43 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/26 02:50:05 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 02:50:05 | 000,009,696 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/26 02:44:26 | 000,000,880 | ---- | M] () -- E:\Users\ss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2013/02/25 12:36:01 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 
========== Files Created - No Company Name ==========
 
[2013/02/26 13:58:34 | 000,008,212 | ---- | C] () -- E:\Windows\mfebcdata
[2012/04/22 16:48:03 | 000,179,712 | ---- | C] () -- E:\Users\ss\AppData\Roaming\ldr.mcb
[2011/06/24 06:31:08 | 000,000,000 | ---- | C] () -- E:\Users\ss\AppData\Local\{810B7885-4004-400B-B7C1-A5D63B67C6A5}
[2011/04/03 12:48:39 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/07 12:01:43 | 000,010,752 | ---- | C] () -- E:\Windows\SysWow64\ff_vfw.dll
[2011/03/07 12:00:46 | 000,000,036 | -H-- | C] () -- E:\Users\ms\AppData\Roaming\swk.ini
[2011/03/07 11:36:47 | 001,526,948 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/10 06:40:20 | 000,000,017 | ---- | C] () -- E:\Users\ms\AppData\Local\resmon.resmoncfg
[2010/08/25 06:45:46 | 000,000,108 | ---- | C] () -- E:\Windows\wininit.ini
[2010/08/24 11:28:43 | 000,013,576 | ---- | C] () -- E:\Windows\SysWow64\wnaspi32.dll
[2010/08/24 11:25:07 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2010/03/02 01:41:06 | 000,626,688 | ---- | C] () -- E:\Windows\Image.dll
[2010/03/02 01:41:06 | 000,200,704 | ---- | C] () -- E:\Windows\PLFSetI.exe
[2010/03/02 01:41:06 | 000,020,480 | ---- | C] () -- E:\Windows\USB_VIDEO_REG.exe
[2010/03/02 01:41:06 | 000,000,323 | ---- | C] () -- E:\Windows\PidList.ini
[2009/11/02 23:38:56 | 000,000,000 | ---- | C] () -- E:\Windows\setup.INI
[2009/11/02 22:44:47 | 000,982,220 | ---- | C] () -- E:\Windows\SysWow64\igkrng500.bin
[2009/11/02 22:44:46 | 000,134,592 | ---- | C] () -- E:\Windows\SysWow64\igfcg500.bin
[2009/11/02 22:44:46 | 000,092,216 | ---- | C] () -- E:\Windows\SysWow64\igfcg500m.bin
[2009/11/02 22:44:45 | 000,439,300 | ---- | C] () -- E:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2009/11/02 23:19:38 | 000,000,000 | ---D | M] -- E:\ProgramData\Acer
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2010/08/24 12:02:26 | 000,000,000 | ---D | M] -- E:\ProgramData\createpart
[2010/09/15 11:23:33 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2009/11/02 23:38:48 | 000,000,000 | ---D | M] -- E:\ProgramData\EgisTec
[2012/06/17 06:54:02 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2009/11/02 23:35:54 | 000,000,000 | ---D | M] -- E:\ProgramData\eSobi
[2010/08/24 12:02:19 | 000,000,000 | ---D | M] -- E:\ProgramData\explauncher
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2010/08/24 12:02:17 | 000,000,000 | ---D | M] -- E:\ProgramData\launcher
[2010/08/24 09:50:36 | 000,000,000 | ---D | M] -- E:\ProgramData\McQcModifier-5c47-a7b0
[2010/08/24 09:48:12 | 000,000,000 | ---D | M] -- E:\ProgramData\OEM
[2010/09/28 10:31:08 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2011/03/07 11:31:54 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/11/02 23:32:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/01/15 05:33:15 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/01/23 10:12:30 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/08/24 10:55:59 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2010/03/02 01:34:21 | 000,000,000 | ---D | M] -- E:\book
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2009/11/02 22:53:20 | 000,000,000 | ---D | M] -- E:\Intel
[2009/11/02 23:11:39 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2010/08/24 09:49:24 | 000,000,000 | -H-D | M] -- E:\OEM
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2012/01/15 05:32:16 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/02/22 08:31:41 | 000,000,000 | R--D | M] -- E:\Program Files (x86)
[2012/06/17 06:54:02 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\Programme
[2013/02/26 03:00:43 | 000,000,000 | ---D | M] -- E:\QUARANTINE
[2010/08/24 09:47:50 | 000,000,000 | -HSD | M] -- E:\Recovery
[2013/02/25 08:44:57 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2010/08/24 10:55:34 | 000,000,000 | R--D | M] -- E:\Users
[2013/02/26 14:24:53 | 000,000,000 | ---D | M] -- E:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 14:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- E:\Windows\System32\drivers\iaStor.sys
[2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

--- --- ---

[/CODE]

markusg · 26.02.2013, 21:17

Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O20 - HKU\ss_ON_E Winlogon: Shell - (C:\Users\ss\AppData\Roaming\ldr.mcb) - E:\Users\ss\AppData\Roaming\ldr.mcb ()
:Files
E:\Users\ss\AppData\Roaming\ldr.mcb
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

onrop_m · 26.02.2013, 21:30

Ich musste den Fix händisch eintragen, da ich bei Auswahl der Datei immer eine Fehlermeldgung bekam.
Der "Run Fix" ging sehr schnell. Ein erneutes drücken bringt den Rechner aber nicht dazu hinunterzufahren.
Auch die OTL.txt ist noch immer die vom ersten Run?

Was soll ich machen? Rechner "händisch" neustarten? Fix nochmal ausführen?

markusg · 26.02.2013, 21:33

jepp, starte man händisch neu, evtl. reset drücken.

onrop_m · 26.02.2013, 21:45

So, wie gesagt, die OTL.txt ist noch immer die von ersten Scan, daher lad ich sie nicht nochmal hoch.
Upload der Datei MovedFiles.zip hat geklappt.
Rechner konnte auch normal hochgefahren werden (Adminuser, der GVU trat aber bei einem anderen User auf).

markusg · 26.02.2013, 21:48

also das heißt der gvu ist noch da bei anderen nutzern?
scanne noch mal mit otl cd
bitte aber diesmal den haken bei
Load All Remaining Users
setzen

onrop_m · 26.02.2013, 21:52

Es gibt nur noch einen anderen (bei dem der Virus auftrat).
Ich kann mich aber auch nun auch wieder unter diesem User normal einloggen.
Trotzdem erneuter Scan?

markusg · 26.02.2013, 21:55

ne, hatte das falsch verstanden.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

onrop_m · 26.02.2013, 22:03

Habe das nun als AdminUser ausgeführt.
Anbei der Inhalt der Logdatei von TDSSKiller:

Code:

ATTFilter

21:59:30.0980 3932  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:59:31.0198 3932  ============================================================
21:59:31.0198 3932  Current date / time: 2013/02/26 21:59:31.0198
21:59:31.0198 3932  SystemInfo:
21:59:31.0198 3932  
21:59:31.0198 3932  OS Version: 6.1.7601 ServicePack: 1.0
21:59:31.0198 3932  Product type: Workstation
21:59:31.0198 3932  ComputerName: *
21:59:31.0198 3932  UserName: ms
21:59:31.0198 3932  Windows directory: C:\Windows
21:59:31.0198 3932  System windows directory: C:\Windows
21:59:31.0198 3932  Running under WOW64
21:59:31.0198 3932  Processor architecture: Intel x64
21:59:31.0198 3932  Number of processors: 2
21:59:31.0198 3932  Page size: 0x1000
21:59:31.0198 3932  Boot type: Normal boot
21:59:31.0198 3932  ============================================================
21:59:33.0008 3932  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:33.0024 3932  Drive \Device\Harddisk1\DR1 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:33.0024 3932  ============================================================
21:59:33.0024 3932  \Device\Harddisk0\DR0:
21:59:33.0024 3932  MBR partitions:
21:59:33.0024 3932  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
21:59:33.0024 3932  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0xC8B7AED
21:59:33.0039 3932  \Device\Harddisk1\DR1:
21:59:33.0039 3932  MBR partitions:
21:59:33.0039 3932  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
21:59:33.0039 3932  ============================================================
21:59:33.0070 3932  C: <-> \Device\Harddisk0\DR0\Partition2
21:59:33.0070 3932  ============================================================
21:59:33.0070 3932  Initialize success
21:59:33.0070 3932  ============================================================
22:00:09.0372 2104  ============================================================
22:00:09.0372 2104  Scan started
22:00:09.0372 2104  Mode: Manual; SigCheck; TDLFS; 
22:00:09.0372 2104  ============================================================
22:00:09.0902 2104  ================ Scan system memory ========================
22:00:09.0902 2104  System memory - ok
22:00:09.0902 2104  ================ Scan services =============================
22:00:10.0074 2104  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:00:10.0370 2104  1394ohci - ok
22:00:10.0417 2104  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:00:10.0495 2104  ACPI - ok
22:00:10.0542 2104  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:00:10.0713 2104  AcpiPmi - ok
22:00:10.0807 2104  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:00:10.0854 2104  adp94xx - ok
22:00:10.0885 2104  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:00:10.0932 2104  adpahci - ok
22:00:10.0947 2104  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:00:10.0979 2104  adpu320 - ok
22:00:11.0010 2104  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:00:11.0088 2104  AeLookupSvc - ok
22:00:11.0150 2104  [ D5B031C308A409A0A576BFF4CF083D30 ] AFD             C:\Windows\system32\drivers\afd.sys
22:00:11.0291 2104  AFD - ok
22:00:11.0322 2104  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:00:11.0353 2104  agp440 - ok
22:00:11.0369 2104  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:00:11.0447 2104  ALG - ok
22:00:11.0509 2104  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:00:11.0540 2104  aliide - ok
22:00:11.0571 2104  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:00:11.0587 2104  amdide - ok
22:00:11.0618 2104  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:00:11.0712 2104  AmdK8 - ok
22:00:11.0712 2104  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:00:11.0790 2104  AmdPPM - ok
22:00:11.0805 2104  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:00:11.0899 2104  amdsata - ok
22:00:11.0946 2104  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:00:11.0977 2104  amdsbs - ok
22:00:11.0993 2104  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:00:12.0086 2104  amdxata - ok
22:00:12.0117 2104  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
22:00:12.0336 2104  androidusb - ok
22:00:12.0383 2104  [ C79C86A0395689045710E24D64E5E086 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
22:00:12.0476 2104  ApfiltrService - ok
22:00:12.0507 2104  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:00:12.0663 2104  AppID - ok
22:00:12.0679 2104  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:00:12.0741 2104  AppIDSvc - ok
22:00:12.0773 2104  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:00:12.0882 2104  Appinfo - ok
22:00:13.0007 2104  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:00:13.0038 2104  Apple Mobile Device - ok
22:00:13.0069 2104  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:00:13.0085 2104  arc - ok
22:00:13.0100 2104  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:00:13.0131 2104  arcsas - ok
22:00:13.0147 2104  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:00:13.0225 2104  AsyncMac - ok
22:00:13.0272 2104  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:00:13.0287 2104  atapi - ok
22:00:13.0350 2104  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:00:13.0506 2104  AudioEndpointBuilder - ok
22:00:13.0521 2104  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:00:13.0568 2104  AudioSrv - ok
22:00:13.0615 2104  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:00:13.0771 2104  AxInstSV - ok
22:00:13.0818 2104  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:00:13.0896 2104  b06bdrv - ok
22:00:13.0958 2104  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:00:14.0036 2104  b57nd60a - ok
22:00:14.0145 2104  [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:00:14.0255 2104  BCM43XX - ok
22:00:14.0317 2104  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:00:14.0364 2104  BDESVC - ok
22:00:14.0411 2104  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:00:14.0504 2104  Beep - ok
22:00:14.0567 2104  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:00:14.0754 2104  BFE - ok
22:00:14.0801 2104  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:00:15.0003 2104  BITS - ok
22:00:15.0035 2104  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:00:15.0066 2104  blbdrive - ok
22:00:15.0159 2104  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:00:15.0206 2104  Bonjour Service - ok
22:00:15.0253 2104  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:00:15.0378 2104  bowser - ok
22:00:15.0393 2104  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:00:15.0471 2104  BrFiltLo - ok
22:00:15.0471 2104  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:00:15.0518 2104  BrFiltUp - ok
22:00:15.0549 2104  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
22:00:15.0705 2104  Browser - ok
22:00:15.0721 2104  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:00:15.0783 2104  Brserid - ok
22:00:15.0783 2104  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:00:15.0830 2104  BrSerWdm - ok
22:00:15.0830 2104  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:00:15.0877 2104  BrUsbMdm - ok
22:00:15.0877 2104  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:00:15.0924 2104  BrUsbSer - ok
22:00:15.0939 2104  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:00:15.0971 2104  BTHMODEM - ok
22:00:16.0017 2104  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:00:16.0080 2104  bthserv - ok
22:00:16.0111 2104  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:00:16.0158 2104  cdfs - ok
22:00:16.0205 2104  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:00:16.0314 2104  cdrom - ok
22:00:16.0361 2104  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:00:16.0454 2104  CertPropSvc - ok
22:00:16.0501 2104  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:00:16.0548 2104  circlass - ok
22:00:16.0579 2104  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:00:16.0610 2104  CLFS - ok
22:00:16.0688 2104  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:16.0735 2104  clr_optimization_v2.0.50727_32 - ok
22:00:16.0782 2104  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:00:16.0813 2104  clr_optimization_v2.0.50727_64 - ok
22:00:16.0891 2104  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:00:16.0922 2104  clr_optimization_v4.0.30319_32 - ok
22:00:16.0938 2104  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:00:16.0969 2104  clr_optimization_v4.0.30319_64 - ok
22:00:17.0000 2104  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:00:17.0063 2104  CmBatt - ok
22:00:17.0109 2104  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:00:17.0141 2104  cmdide - ok
22:00:17.0187 2104  [ C4943B6C962E4B82197542447AD599F4 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:00:17.0297 2104  CNG - ok
22:00:17.0343 2104  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:00:17.0390 2104  Compbatt - ok
22:00:17.0421 2104  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:00:17.0546 2104  CompositeBus - ok
22:00:17.0562 2104  COMSysApp - ok
22:00:17.0593 2104  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:00:17.0609 2104  crcdisk - ok
22:00:17.0655 2104  [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:00:17.0780 2104  CryptSvc - ok
22:00:17.0827 2104  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:00:17.0889 2104  DcomLaunch - ok
22:00:17.0921 2104  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:00:17.0983 2104  defragsvc - ok
22:00:18.0014 2104  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:00:18.0170 2104  DfsC - ok
22:00:18.0217 2104  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:00:18.0342 2104  Dhcp - ok
22:00:18.0373 2104  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:00:18.0435 2104  discache - ok
22:00:18.0467 2104  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:00:18.0498 2104  Disk - ok
22:00:18.0591 2104  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\SysWOW64\Drivers\DKbFltr.sys
22:00:18.0669 2104  DKbFltr - ok
22:00:18.0701 2104  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:00:18.0857 2104  Dnscache - ok
22:00:18.0888 2104  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:00:18.0997 2104  dot3svc - ok
22:00:19.0044 2104  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:00:19.0137 2104  DPS - ok
22:00:19.0169 2104  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:00:19.0215 2104  drmkaud - ok
22:00:19.0262 2104  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:00:19.0371 2104  DXGKrnl - ok
22:00:19.0403 2104  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:00:19.0465 2104  EapHost - ok
22:00:19.0574 2104  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:00:19.0746 2104  ebdrv - ok
22:00:19.0793 2104  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:00:19.0855 2104  EFS - ok
22:00:19.0933 2104  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:00:20.0011 2104  ehRecvr - ok
22:00:20.0042 2104  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:00:20.0073 2104  ehSched - ok
22:00:20.0105 2104  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:00:20.0136 2104  elxstor - ok
22:00:20.0214 2104  [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:00:20.0245 2104  ePowerSvc - ok
22:00:20.0261 2104  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:00:20.0292 2104  ErrDev - ok
22:00:20.0339 2104  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:00:20.0401 2104  EventSystem - ok
22:00:20.0448 2104  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:00:20.0495 2104  exfat - ok
22:00:20.0526 2104  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:00:20.0604 2104  fastfat - ok
22:00:20.0666 2104  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:00:20.0760 2104  Fax - ok
22:00:20.0775 2104  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:00:20.0807 2104  fdc - ok
22:00:20.0853 2104  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:00:20.0916 2104  fdPHost - ok
22:00:20.0931 2104  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:00:20.0978 2104  FDResPub - ok
22:00:21.0025 2104  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:00:21.0041 2104  FileInfo - ok
22:00:21.0056 2104  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:00:21.0119 2104  Filetrace - ok
22:00:21.0134 2104  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:00:21.0150 2104  flpydisk - ok
22:00:21.0197 2104  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:00:21.0275 2104  FltMgr - ok
22:00:21.0337 2104  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:00:21.0509 2104  FontCache - ok
22:00:21.0571 2104  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:21.0587 2104  FontCache3.0.0.0 - ok
22:00:21.0618 2104  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:00:21.0633 2104  FsDepends - ok
22:00:21.0665 2104  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:00:21.0743 2104  fssfltr - ok
22:00:21.0821 2104  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:00:21.0867 2104  fsssvc - ok
22:00:21.0914 2104  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:00:21.0945 2104  Fs_Rec - ok
22:00:21.0992 2104  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:00:22.0070 2104  fvevol - ok
22:00:22.0101 2104  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:00:22.0133 2104  gagp30kx - ok
22:00:22.0179 2104  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:00:22.0289 2104  GEARAspiWDM - ok
22:00:22.0335 2104  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:00:22.0491 2104  gpsvc - ok
22:00:22.0554 2104  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
22:00:22.0601 2104  Greg_Service - ok
22:00:22.0694 2104  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:22.0725 2104  gupdate - ok
22:00:22.0788 2104  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:22.0819 2104  gupdatem - ok
22:00:22.0897 2104  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:00:22.0928 2104  gusvc - ok
22:00:22.0959 2104  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:00:22.0991 2104  hcw85cir - ok
22:00:23.0069 2104  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:00:23.0162 2104  HdAudAddService - ok
22:00:23.0209 2104  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:00:23.0303 2104  HDAudBus - ok
22:00:23.0334 2104  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:00:23.0365 2104  HidBatt - ok
22:00:23.0365 2104  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:00:23.0412 2104  HidBth - ok
22:00:23.0427 2104  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:00:23.0459 2104  HidIr - ok
22:00:23.0490 2104  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:00:23.0568 2104  hidserv - ok
22:00:23.0599 2104  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:00:23.0693 2104  HidUsb - ok
22:00:23.0724 2104  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:00:23.0864 2104  hkmsvc - ok
22:00:23.0895 2104  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:00:24.0036 2104  HomeGroupListener - ok
22:00:24.0083 2104  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:00:24.0161 2104  HomeGroupProvider - ok
22:00:24.0207 2104  [ 78D379CE4D18ED735224660ABF972716 ] hotcore3        C:\Windows\system32\DRIVERS\hotcore3.sys
22:00:24.0317 2104  hotcore3 - ok
22:00:24.0379 2104  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:00:24.0473 2104  HpSAMD - ok
22:00:24.0519 2104  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:00:24.0707 2104  HTTP - ok
22:00:24.0738 2104  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:00:24.0831 2104  hwpolicy - ok
22:00:24.0894 2104  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:00:24.0925 2104  i8042prt - ok
22:00:25.0019 2104  [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:00:25.0050 2104  IAANTMON - ok
22:00:25.0065 2104  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:00:25.0097 2104  iaStor - ok
22:00:25.0128 2104  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:00:25.0221 2104  iaStorV - ok
22:00:25.0284 2104  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:25.0315 2104  idsvc - ok
22:00:25.0518 2104  [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:00:25.0908 2104  igfx - ok
22:00:25.0939 2104  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:00:25.0970 2104  iirsp - ok
22:00:26.0017 2104  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:00:26.0157 2104  IKEEXT - ok
22:00:26.0267 2104  [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:00:26.0360 2104  IntcAzAudAddService - ok
22:00:26.0391 2104  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:00:26.0407 2104  intelide - ok
22:00:26.0469 2104  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:00:26.0516 2104  intelppm - ok
22:00:26.0532 2104  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:00:26.0579 2104  IPBusEnum - ok
22:00:26.0625 2104  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:26.0735 2104  IpFilterDriver - ok
22:00:26.0781 2104  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:00:26.0937 2104  iphlpsvc - ok
22:00:27.0000 2104  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:00:27.0109 2104  IPMIDRV - ok
22:00:27.0156 2104  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:00:27.0203 2104  IPNAT - ok
22:00:27.0265 2104  [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:00:27.0312 2104  iPod Service - ok
22:00:27.0343 2104  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:00:27.0390 2104  IRENUM - ok
22:00:27.0421 2104  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:00:27.0437 2104  isapnp - ok
22:00:27.0468 2104  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:00:27.0561 2104  iScsiPrt - ok
22:00:27.0608 2104  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:00:27.0624 2104  kbdclass - ok
22:00:27.0671 2104  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:00:27.0749 2104  kbdhid - ok
22:00:27.0764 2104  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:00:27.0795 2104  KeyIso - ok
22:00:27.0811 2104  [ DA1E991A61CFDD755A589E206B97644B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:00:27.0905 2104  KSecDD - ok
22:00:27.0936 2104  [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:00:28.0029 2104  KSecPkg - ok
22:00:28.0061 2104  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:00:28.0123 2104  ksthunk - ok
22:00:28.0139 2104  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:00:28.0217 2104  KtmRm - ok
22:00:28.0263 2104  [ 2377EC4CC3E356655B996F39B43486B6 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:00:28.0388 2104  L1C - ok
22:00:28.0466 2104  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:00:28.0591 2104  LanmanServer - ok
22:00:28.0653 2104  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:00:28.0778 2104  LanmanWorkstation - ok
22:00:28.0825 2104  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:00:28.0903 2104  lltdio - ok
22:00:28.0950 2104  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:00:29.0012 2104  lltdsvc - ok
22:00:29.0028 2104  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:00:29.0075 2104  lmhosts - ok
22:00:29.0121 2104  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:00:29.0137 2104  LSI_FC - ok
22:00:29.0168 2104  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:00:29.0184 2104  LSI_SAS - ok
22:00:29.0184 2104  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:00:29.0215 2104  LSI_SAS2 - ok
22:00:29.0215 2104  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:00:29.0246 2104  LSI_SCSI - ok
22:00:29.0262 2104  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:00:29.0324 2104  luafv - ok
22:00:29.0418 2104  [ CEC4D9C0A64993F4F82FD77A84B21944 ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
22:00:29.0433 2104  McAfeeEngineService - ok
22:00:29.0480 2104  [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
22:00:29.0496 2104  McAfeeFramework - ok
22:00:29.0511 2104  [ 911A6416D429EE8A8804D44F2E181A31 ] McShield        C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
22:00:29.0543 2104  McShield - ok
22:00:29.0558 2104  [ 0B0E85A9EBC5905A0E5360DD77A202B0 ] McTaskManager   C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
22:00:29.0574 2104  McTaskManager - ok
22:00:29.0605 2104  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:00:29.0699 2104  Mcx2Svc - ok
22:00:29.0730 2104  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:00:29.0761 2104  megasas - ok
22:00:29.0777 2104  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:00:29.0808 2104  MegaSR - ok
22:00:29.0839 2104  [ 12AD015F8C2C109C6A74D25DA94607FE ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
22:00:29.0917 2104  mfeapfk - ok
22:00:29.0948 2104  [ DD17753AD5FA52F3BCD3B512934690C4 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
22:00:30.0042 2104  mfeavfk - ok
22:00:30.0089 2104  [ 3BA96B0584AD024F03EB9835D45619C2 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
22:00:30.0229 2104  mfehidk - ok
22:00:30.0260 2104  [ 158C24A8ED5F2CAB71A86FD775BC1727 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
22:00:30.0338 2104  mferkdet - ok
22:00:30.0369 2104  [ 6CFFF53E82808268DD61AB4790A36426 ] mfetdik         C:\Windows\system32\drivers\mfetdik.sys
22:00:30.0432 2104  mfetdik - ok
22:00:30.0479 2104  [ BE9D3BF69F3958492B56DCE7EA7F5FA9 ] mfevtp          C:\Windows\system32\mfevtps.exe
22:00:30.0494 2104  mfevtp - ok
22:00:30.0557 2104  [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:00:30.0588 2104  Microsoft Office Groove Audit Service - ok
22:00:30.0619 2104  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:00:30.0697 2104  MMCSS - ok
22:00:30.0728 2104  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:00:30.0775 2104  Modem - ok
22:00:30.0806 2104  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:00:30.0853 2104  monitor - ok
22:00:30.0884 2104  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:00:30.0915 2104  mouclass - ok
22:00:30.0947 2104  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:00:30.0993 2104  mouhid - ok
22:00:31.0040 2104  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:00:31.0165 2104  mountmgr - ok
22:00:31.0181 2104  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:00:31.0274 2104  mpio - ok
22:00:31.0305 2104  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:00:31.0352 2104  mpsdrv - ok
22:00:31.0399 2104  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:00:31.0555 2104  MpsSvc - ok
22:00:31.0586 2104  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:00:31.0695 2104  MRxDAV - ok
22:00:31.0727 2104  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:31.0820 2104  mrxsmb - ok
22:00:31.0851 2104  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:31.0961 2104  mrxsmb10 - ok
22:00:32.0007 2104  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:32.0132 2104  mrxsmb20 - ok
22:00:32.0163 2104  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:00:32.0257 2104  msahci - ok
22:00:32.0288 2104  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:00:32.0397 2104  msdsm - ok
22:00:32.0444 2104  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:00:32.0475 2104  MSDTC - ok
22:00:32.0507 2104  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:00:32.0553 2104  Msfs - ok
22:00:32.0569 2104  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:00:32.0631 2104  mshidkmdf - ok
22:00:32.0647 2104  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:00:32.0663 2104  msisadrv - ok
22:00:32.0694 2104  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:00:32.0756 2104  MSiSCSI - ok
22:00:32.0772 2104  msiserver - ok
22:00:32.0803 2104  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:00:32.0865 2104  MSKSSRV - ok
22:00:32.0897 2104  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:32.0959 2104  MSPCLOCK - ok
22:00:32.0975 2104  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:00:33.0037 2104  MSPQM - ok
22:00:33.0068 2104  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:00:33.0162 2104  MsRPC - ok
22:00:33.0224 2104  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:00:33.0255 2104  mssmbios - ok
22:00:33.0287 2104  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:00:33.0349 2104  MSTEE - ok
22:00:33.0349 2104  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:00:33.0380 2104  MTConfig - ok
22:00:33.0411 2104  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:00:33.0427 2104  Mup - ok
22:00:33.0458 2104  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:00:33.0536 2104  mwlPSDFilter - ok
22:00:33.0552 2104  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:00:33.0645 2104  mwlPSDNServ - ok
22:00:33.0677 2104  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:00:33.0755 2104  mwlPSDVDisk - ok
22:00:33.0817 2104  [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
22:00:33.0911 2104  MWLService - ok
22:00:33.0957 2104  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:00:34.0067 2104  napagent - ok
22:00:34.0113 2104  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:00:34.0160 2104  NativeWifiP - ok
22:00:34.0223 2104  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:00:34.0316 2104  NDIS - ok
22:00:34.0347 2104  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:34.0410 2104  NdisCap - ok
22:00:34.0425 2104  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:34.0503 2104  NdisTapi - ok
22:00:34.0535 2104  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:34.0675 2104  Ndisuio - ok
22:00:34.0722 2104  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:34.0831 2104  NdisWan - ok
22:00:34.0878 2104  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:00:34.0987 2104  NDProxy - ok
22:00:35.0034 2104  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:00:35.0112 2104  NetBIOS - ok
22:00:35.0143 2104  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:00:35.0283 2104  NetBT - ok
22:00:35.0299 2104  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:00:35.0330 2104  Netlogon - ok
22:00:35.0361 2104  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:00:35.0439 2104  Netman - ok
22:00:35.0455 2104  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:00:35.0502 2104  netprofm - ok
22:00:35.0549 2104  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:35.0564 2104  NetTcpPortSharing - ok
22:00:35.0595 2104  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:00:35.0627 2104  nfrd960 - ok
22:00:35.0673 2104  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:00:35.0814 2104  NlaSvc - ok
22:00:35.0829 2104  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:00:35.0876 2104  Npfs - ok
22:00:35.0907 2104  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:00:35.0970 2104  nsi - ok
22:00:36.0001 2104  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:00:36.0079 2104  nsiproxy - ok
22:00:36.0157 2104  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:00:36.0313 2104  Ntfs - ok
22:00:36.0360 2104  [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:00:36.0375 2104  NTIBackupSvc - ok
22:00:36.0407 2104  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
22:00:36.0500 2104  NTIDrvr - ok
22:00:36.0547 2104  [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:00:36.0578 2104  NTISchedulerSvc - ok
22:00:36.0625 2104  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:00:36.0703 2104  Null - ok
22:00:36.0750 2104  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:00:36.0843 2104  nvraid - ok
22:00:36.0875 2104  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:00:36.0968 2104  nvstor - ok
22:00:36.0999 2104  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:00:37.0046 2104  nv_agp - ok
22:00:37.0124 2104  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:00:37.0155 2104  odserv - ok
22:00:37.0202 2104  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:00:37.0249 2104  ohci1394 - ok
22:00:37.0327 2104  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:37.0358 2104  ose - ok
22:00:37.0421 2104  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:00:37.0514 2104  p2pimsvc - ok
22:00:37.0545 2104  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:00:37.0577 2104  p2psvc - ok
22:00:37.0608 2104  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:00:37.0623 2104  Parport - ok
22:00:37.0655 2104  [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:00:37.0748 2104  partmgr - ok
22:00:37.0779 2104  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:00:37.0826 2104  PcaSvc - ok
22:00:37.0857 2104  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:00:37.0935 2104  pci - ok
22:00:37.0967 2104  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:00:37.0998 2104  pciide - ok
22:00:38.0013 2104  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:00:38.0045 2104  pcmcia - ok
22:00:38.0060 2104  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:00:38.0076 2104  pcw - ok
22:00:38.0107 2104  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:00:38.0185 2104  PEAUTH - ok
22:00:38.0263 2104  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:00:38.0325 2104  PerfHost - ok
22:00:38.0388 2104  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:00:38.0606 2104  pla - ok
22:00:38.0669 2104  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:00:38.0793 2104  PlugPlay - ok
22:00:38.0809 2104  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:00:38.0856 2104  PNRPAutoReg - ok
22:00:38.0887 2104  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:00:38.0903 2104  PNRPsvc - ok
22:00:38.0965 2104  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:00:39.0090 2104  PolicyAgent - ok
22:00:39.0121 2104  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:00:39.0199 2104  Power - ok
22:00:39.0246 2104  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:00:39.0355 2104  PptpMiniport - ok
22:00:39.0386 2104  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:00:39.0433 2104  Processor - ok
22:00:39.0464 2104  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
22:00:39.0620 2104  ProfSvc - ok
22:00:39.0636 2104  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:00:39.0667 2104  ProtectedStorage - ok
22:00:39.0698 2104  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:00:39.0807 2104  Psched - ok
22:00:39.0870 2104  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:00:39.0995 2104  ql2300 - ok
22:00:39.0995 2104  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:00:40.0026 2104  ql40xx - ok
22:00:40.0041 2104  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:00:40.0088 2104  QWAVE - ok
22:00:40.0119 2104  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:00:40.0151 2104  QWAVEdrv - ok
22:00:40.0166 2104  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:00:40.0244 2104  RasAcd - ok
22:00:40.0260 2104  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:00:40.0322 2104  RasAgileVpn - ok
22:00:40.0353 2104  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:00:40.0400 2104  RasAuto - ok
22:00:40.0447 2104  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:00:40.0556 2104  Rasl2tp - ok
22:00:40.0603 2104  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:00:40.0743 2104  RasMan - ok
22:00:40.0790 2104  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:00:40.0884 2104  RasPppoe - ok
22:00:40.0915 2104  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:00:40.0977 2104  RasSstp - ok
22:00:41.0024 2104  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:00:41.0149 2104  rdbss - ok
22:00:41.0165 2104  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:00:41.0211 2104  rdpbus - ok
22:00:41.0227 2104  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:00:41.0289 2104  RDPCDD - ok
22:00:41.0305 2104  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:00:41.0367 2104  RDPENCDD - ok
22:00:41.0383 2104  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:00:41.0430 2104  RDPREFMP - ok
22:00:41.0477 2104  [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:00:41.0601 2104  RDPWD - ok
22:00:41.0633 2104  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:00:41.0742 2104  rdyboost - ok
22:00:41.0757 2104  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:00:41.0820 2104  RemoteAccess - ok
22:00:41.0851 2104  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:00:41.0913 2104  RemoteRegistry - ok
22:00:41.0945 2104  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:00:41.0991 2104  RpcEptMapper - ok
22:00:42.0007 2104  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:00:42.0054 2104  RpcLocator - ok
22:00:42.0101 2104  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:00:42.0147 2104  RpcSs - ok
22:00:42.0179 2104  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:00:42.0272 2104  rspndr - ok
22:00:42.0319 2104  [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
22:00:42.0444 2104  RSUSBSTOR - ok
22:00:42.0459 2104  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:00:42.0475 2104  SamSs - ok
22:00:42.0522 2104  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:00:42.0615 2104  sbp2port - ok
22:00:42.0647 2104  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:00:42.0709 2104  SCardSvr - ok
22:00:42.0740 2104  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:00:42.0865 2104  scfilter - ok
22:00:42.0912 2104  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:00:43.0052 2104  Schedule - ok
22:00:43.0083 2104  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:00:43.0130 2104  SCPolicySvc - ok
22:00:43.0177 2104  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:00:43.0317 2104  SDRSVC - ok
22:00:43.0349 2104  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:00:43.0395 2104  secdrv - ok
22:00:43.0427 2104  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:00:43.0551 2104  seclogon - ok
22:00:43.0583 2104  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:00:43.0645 2104  SENS - ok
22:00:43.0661 2104  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:00:43.0707 2104  SensrSvc - ok
22:00:43.0739 2104  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:00:43.0770 2104  Serenum - ok
22:00:43.0785 2104  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:00:43.0817 2104  Serial - ok
22:00:43.0879 2104  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:00:43.0941 2104  sermouse - ok
22:00:43.0988 2104  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:00:44.0160 2104  SessionEnv - ok
22:00:44.0175 2104  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:00:44.0238 2104  sffdisk - ok
22:00:44.0253 2104  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:00:44.0300 2104  sffp_mmc - ok
22:00:44.0316 2104  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:00:44.0441 2104  sffp_sd - ok
22:00:44.0472 2104  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:00:44.0487 2104  sfloppy - ok
22:00:44.0534 2104  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:00:44.0628 2104  SharedAccess - ok
22:00:44.0675 2104  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:00:44.0784 2104  ShellHWDetection - ok
22:00:44.0815 2104  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:00:44.0846 2104  SiSRaid2 - ok
22:00:44.0862 2104  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:00:44.0893 2104  SiSRaid4 - ok
22:00:44.0909 2104  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:00:44.0971 2104  Smb - ok
22:00:45.0018 2104  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:00:45.0049 2104  SNMPTRAP - ok
22:00:45.0080 2104  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:00:45.0111 2104  spldr - ok
22:00:45.0158 2104  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
22:00:45.0205 2104  Spooler - ok
22:00:45.0330 2104  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:00:45.0439 2104  sppsvc - ok
22:00:45.0470 2104  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:00:45.0533 2104  sppuinotify - ok
22:00:45.0595 2104  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
22:00:45.0595 2104  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
22:00:45.0595 2104  sptd ( LockedFile.Multi.Generic ) - warning
22:00:45.0595 2104  sptd - detected LockedFile.Multi.Generic (1)
22:00:45.0657 2104  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:00:45.0798 2104  srv - ok
22:00:45.0845 2104  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:00:45.0969 2104  srv2 - ok
22:00:46.0001 2104  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:00:46.0125 2104  srvnet - ok
22:00:46.0172 2104  [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
22:00:46.0297 2104  ssadbus - ok
22:00:46.0328 2104  [ 73E2BA39E7EB024DC686412E2E924A74 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:00:46.0469 2104  ssadmdfl - ok
22:00:46.0500 2104  [ 74B032D6C1E36AE2F790752FDE8CE055 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
22:00:46.0578 2104  ssadmdm - ok
22:00:46.0625 2104  [ 2B44CA7DAFA820DC5756006CFCCC8D72 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
22:00:46.0749 2104  ssadserd - ok
22:00:46.0781 2104  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:00:46.0859 2104  SSDPSRV - ok
22:00:46.0874 2104  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:00:46.0921 2104  SstpSvc - ok
22:00:46.0983 2104  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
22:00:47.0077 2104  ss_bbus - ok
22:00:47.0093 2104  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
22:00:47.0171 2104  ss_bmdfl - ok
22:00:47.0202 2104  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
22:00:47.0295 2104  ss_bmdm - ok
22:00:47.0327 2104  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:00:47.0358 2104  stexstor - ok
22:00:47.0405 2104  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:00:47.0498 2104  stisvc - ok
22:00:47.0529 2104  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:00:47.0545 2104  swenum - ok
22:00:47.0592 2104  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:00:47.0654 2104  swprv - ok
22:00:47.0732 2104  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:00:47.0841 2104  SysMain - ok
22:00:47.0888 2104  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:00:47.0966 2104  TabletInputService - ok
22:00:47.0997 2104  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:00:48.0138 2104  TapiSrv - ok
22:00:48.0169 2104  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:00:48.0216 2104  TBS - ok
22:00:48.0294 2104  [ FC62769E7BFF2896035AEED399108162 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:00:48.0497 2104  Tcpip - ok
22:00:48.0543 2104  [ FC62769E7BFF2896035AEED399108162 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:00:48.0590 2104  TCPIP6 - ok
22:00:48.0653 2104  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:00:48.0762 2104  tcpipreg - ok
22:00:48.0824 2104  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:00:48.0902 2104  TDPIPE - ok
22:00:48.0902 2104  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:00:48.0949 2104  TDTCP - ok
22:00:48.0980 2104  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:00:49.0089 2104  tdx - ok
22:00:49.0136 2104  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:00:49.0183 2104  TermDD - ok
22:00:49.0230 2104  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:00:49.0339 2104  TermService - ok
22:00:49.0401 2104  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
22:00:49.0479 2104  TFsExDisk - ok
22:00:49.0511 2104  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:00:49.0557 2104  Themes - ok
22:00:49.0589 2104  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:00:49.0635 2104  THREADORDER - ok
22:00:49.0651 2104  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:00:49.0713 2104  TrkWks - ok
22:00:49.0776 2104  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:00:49.0854 2104  TrustedInstaller - ok
22:00:49.0901 2104  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:50.0041 2104  tssecsrv - ok
22:00:50.0103 2104  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:00:50.0275 2104  TsUsbFlt - ok
22:00:50.0322 2104  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:00:50.0431 2104  tunnel - ok
22:00:50.0462 2104  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:00:50.0493 2104  uagp35 - ok
22:00:50.0509 2104  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:00:50.0587 2104  UBHelper - ok
22:00:50.0649 2104  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:00:50.0790 2104  udfs - ok
22:00:50.0837 2104  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:00:50.0852 2104  UI0Detect - ok
22:00:50.0883 2104  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:00:50.0899 2104  uliagpkx - ok
22:00:50.0961 2104  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:00:51.0071 2104  umbus - ok
22:00:51.0102 2104  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:00:51.0133 2104  UmPass - ok
22:00:51.0195 2104  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:00:51.0227 2104  Updater Service - ok
22:00:51.0273 2104  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:00:51.0351 2104  upnphost - ok
22:00:51.0398 2104  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:00:51.0507 2104  USBAAPL64 - ok
22:00:51.0554 2104  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:00:51.0648 2104  usbaudio - ok
22:00:51.0695 2104  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:51.0773 2104  usbccgp - ok
22:00:51.0819 2104  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:00:51.0851 2104  usbcir - ok
22:00:51.0882 2104  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:00:51.0975 2104  usbehci - ok
22:00:52.0007 2104  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:00:52.0116 2104  usbhub - ok
22:00:52.0131 2104  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:00:52.0163 2104  usbohci - ok
22:00:52.0163 2104  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:00:52.0209 2104  usbprint - ok
22:00:52.0256 2104  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:52.0303 2104  USBSTOR - ok
22:00:52.0334 2104  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:00:52.0443 2104  usbuhci - ok
22:00:52.0490 2104  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:00:52.0584 2104  usbvideo - ok
22:00:52.0615 2104  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:00:52.0677 2104  UxSms - ok
22:00:52.0693 2104  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:00:52.0709 2104  VaultSvc - ok
22:00:52.0740 2104  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:00:52.0771 2104  vdrvroot - ok
22:00:52.0818 2104  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:00:52.0880 2104  vds - ok
22:00:52.0911 2104  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:52.0943 2104  vga - ok
22:00:52.0958 2104  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:00:53.0021 2104  VgaSave - ok
22:00:53.0052 2104  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:00:53.0177 2104  vhdmp - ok
22:00:53.0223 2104  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:00:53.0239 2104  viaide - ok
22:00:53.0270 2104  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:00:53.0364 2104  volmgr - ok
22:00:53.0411 2104  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:00:53.0520 2104  volmgrx - ok
22:00:53.0567 2104  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:00:53.0676 2104  volsnap - ok
22:00:53.0723 2104  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:00:53.0754 2104  vsmraid - ok
22:00:53.0816 2104  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:00:53.0972 2104  VSS - ok
22:00:53.0988 2104  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:54.0035 2104  vwifibus - ok
22:00:54.0050 2104  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:54.0113 2104  vwififlt - ok
22:00:54.0144 2104  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:00:54.0206 2104  W32Time - ok
22:00:54.0222 2104  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:00:54.0269 2104  WacomPen - ok
22:00:54.0315 2104  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:00:54.0440 2104  WANARP - ok
22:00:54.0456 2104  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:00:54.0503 2104  Wanarpv6 - ok
22:00:54.0581 2104  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:00:54.0643 2104  wbengine - ok
22:00:54.0674 2104  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:00:54.0721 2104  WbioSrvc - ok
22:00:54.0768 2104  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:00:54.0861 2104  wcncsvc - ok
22:00:54.0893 2104  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:00:54.0924 2104  WcsPlugInService - ok
22:00:54.0955 2104  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:00:54.0971 2104  Wd - ok
22:00:55.0002 2104  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:00:55.0049 2104  Wdf01000 - ok
22:00:55.0064 2104  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:00:55.0127 2104  WdiServiceHost - ok
22:00:55.0127 2104  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:00:55.0158 2104  WdiSystemHost - ok
22:00:55.0205 2104  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:00:55.0298 2104  WebClient - ok
22:00:55.0329 2104  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:00:55.0392 2104  Wecsvc - ok
22:00:55.0423 2104  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:00:55.0485 2104  wercplsupport - ok
22:00:55.0501 2104  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:00:55.0563 2104  WerSvc - ok
22:00:55.0595 2104  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:55.0641 2104  WfpLwf - ok
22:00:55.0657 2104  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:00:55.0688 2104  WIMMount - ok
22:00:55.0704 2104  WinDefend - ok
22:00:55.0719 2104  WinHttpAutoProxySvc - ok
22:00:55.0782 2104  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:00:55.0860 2104  Winmgmt - ok
22:00:55.0938 2104  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:00:56.0172 2104  WinRM - ok
22:00:56.0235 2104  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:00:56.0344 2104  WinUsb - ok
22:00:56.0391 2104  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:00:56.0485 2104  Wlansvc - ok
22:00:56.0578 2104  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:00:56.0734 2104  wlidsvc - ok
22:00:56.0766 2104  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:00:56.0797 2104  WmiAcpi - ok
22:00:56.0828 2104  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:00:56.0859 2104  wmiApSrv - ok
22:00:56.0890 2104  WMPNetworkSvc - ok
22:00:56.0922 2104  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:00:56.0953 2104  WPCSvc - ok
22:00:57.0000 2104  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:00:57.0078 2104  WPDBusEnum - ok
22:00:57.0093 2104  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:00:57.0140 2104  ws2ifsl - ok
22:00:57.0171 2104  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:00:57.0218 2104  wscsvc - ok
22:00:57.0218 2104  WSearch - ok
22:00:57.0327 2104  [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:00:57.0514 2104  wuauserv - ok
22:00:57.0546 2104  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:00:57.0655 2104  WudfPf - ok
22:00:57.0733 2104  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:57.0842 2104  WUDFRd - ok
22:00:57.0873 2104  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:00:57.0982 2104  wudfsvc - ok
22:00:58.0014 2104  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:00:58.0060 2104  WwanSvc - ok
22:00:58.0076 2104  [verify-U]_System - ok
22:00:58.0092 2104  ================ Scan global ===============================
22:00:58.0123 2104  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:00:58.0170 2104  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:00:58.0248 2104  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:00:58.0263 2104  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:00:58.0294 2104  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:00:58.0310 2104  [Global] - ok
22:00:58.0310 2104  ================ Scan MBR ==================================
22:00:58.0341 2104  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:00:58.0731 2104  \Device\Harddisk0\DR0 - ok
22:00:58.0731 2104  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:00:58.0887 2104  \Device\Harddisk1\DR1 - ok
22:00:58.0887 2104  ================ Scan VBR ==================================
22:00:58.0887 2104  [ 7EE2D1682191D2F599F1E35B668252D6 ] \Device\Harddisk0\DR0\Partition1
22:00:58.0887 2104  \Device\Harddisk0\DR0\Partition1 - ok
22:00:58.0887 2104  [ 2355D0D98F65FCF99912D7B84D1E5AF6 ] \Device\Harddisk0\DR0\Partition2
22:00:58.0903 2104  \Device\Harddisk0\DR0\Partition2 - ok
22:00:58.0903 2104  [ A37FA229F532C551C6D00EEDD90FF3CC ] \Device\Harddisk1\DR1\Partition1
22:00:58.0903 2104  \Device\Harddisk1\DR1\Partition1 - ok
22:00:58.0903 2104  ============================================================
22:00:58.0903 2104  Scan finished
22:00:58.0903 2104  ============================================================
22:00:58.0918 2996  Detected object count: 1
22:00:58.0918 2996  Actual detected object count: 1
22:01:14.0986 2996  sptd ( LockedFile.Multi.Generic ) - skipped by user
22:01:14.0986 2996  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

markusg · 26.02.2013, 22:06

Hi,
passt
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

onrop_m · 26.02.2013, 22:20

Es sind noch einige McAfee Dienste aktiv, die aber leider nicht beenden kann.
Wieso weiß ich auch nicht. Weiß jetzt ehrlich gesagt nicht was ich machen soll/kann?!

26.02.2013, 21:33	#8
markusg /// Malware-holic	GVU-Trojaner jepp, starte man händisch neu, evtl. reset drücken. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

26.02.2013, 20:40	#3
onrop_m	GVU-Trojaner Vielen Dank für die schnelle Antwort. Allerdings erhalte ich beim Doppelklick auf das OTLPE-Icon die Meldung "Browse For Folder". Wenn ich nun die C-Partiton auswähle, kommt die Meldung "Target is not windows 2000 or later". Es handelt sich um einen 7er Home Professional, 64bit. Was nun? __________________

26.02.2013, 21:30	#7
onrop_m	GVU-Trojaner Ich musste den Fix händisch eintragen, da ich bei Auswahl der Datei immer eine Fehlermeldgung bekam. Der "Run Fix" ging sehr schnell. Ein erneutes drücken bringt den Rechner aber nicht dazu hinunterzufahren. Auch die OTL.txt ist noch immer die vom ersten Run? Was soll ich machen? Rechner "händisch" neustarten? Fix nochmal ausführen?

26.02.2013, 21:45	#9
onrop_m	GVU-Trojaner So, wie gesagt, die OTL.txt ist noch immer die von ersten Scan, daher lad ich sie nicht nochmal hoch. Upload der Datei MovedFiles.zip hat geklappt. Rechner konnte auch normal hochgefahren werden (Adminuser, der GVU trat aber bei einem anderen User auf).

26.02.2013, 21:52	#11
onrop_m	GVU-Trojaner Es gibt nur noch einen anderen (bei dem der Virus auftrat). Ich kann mich aber auch nun auch wieder unter diesem User normal einloggen. Trotzdem erneuter Scan?

26.02.2013, 22:20	#15
onrop_m	GVU-Trojaner Es sind noch einige McAfee Dienste aktiv, die aber leider nicht beenden kann. Wieso weiß ich auch nicht. Weiß jetzt ehrlich gesagt nicht was ich machen soll/kann?!

GVU-Trojaner

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner