Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.04.2012, 11:29   #1
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



Hallo,
mein laptop wurde heute früh gesperrt mit folgender Meldung "Achtung! Ihr Computer wurde gesperrt!!! Bei der Überprüfung der Echtheit von Windows wurde festgestellt, dass auf Ihrem Computer nicht lizensierte Software installiert wurde! Die Microsoft Corporation verbietet es ausdrücklich, unlizensierte Software zu benutzen."...
"Das Benutzen von nicht lizensierter Software ist in Deutschland gesetzeswidrig und wird strafrechtlich verfolgt!"

Kann mir bitte jemand in dieser Angelegenheit helfen? Ist es ein Trojaner? Muss das Geld bezahlt werden, um PC zu entsperren?

Danke euch im Voraus

Gruß Sergio

Alt 02.04.2012, 10:40   #2
markusg
/// Malware-holic
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



hi
neustarten, f8 drücken, abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, internet verbindung herstellen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 02.04.2012, 23:27   #3
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



Hallo,

Vielen Dank für die schnelle Rückmeldung. Habe alles wie beschrieben durchgeführt und hier sind die Inhalte aus den beiden Dateien.
1) OTL-Datei:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.04.2012 22:48:01 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\XXX\Desktop\OTL
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 86,72% Memory free
6,00 Gb Paging File | 5,64 Gb Available in Paging File | 94,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 35,48 Gb Free Space | 36,37% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 124,27 Gb Free Space | 62,00% Space Free | Partition Type: NTFS
Drive F: | 124,00 Mb Total Space | 98,06 Mb Free Space | 79,08% Space Free | Partition Type: FAT32
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.01 11:12:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.07 19:07:30 | 000,918,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012.03.05 10:00:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.07.22 07:56:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.07.19 08:23:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.09.13 18:03:34 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.05.05 16:45:09 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.22 07:56:23 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.01.29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2007.07.31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKLM\..\SearchScopes\Yandex: "URL" = hxxp://yandex.ru/yandsearch?clid=43765&text={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Яндекс
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 1C 11 07 7B 29 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2A1A17C9-19B5-4F14-92A4-CCEE93961AF4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=db9a0748-6096-423d-974d-c820189cc201&apn_sauid=9EB8E81C-F383-4B66-A1E3-8AFD064446FA
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://yandex.ru/yandsearch?clid=135294&text={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={DED3D99A-E171-407B-BE36-3B8E730C3911}&mid=51d7a9552fd210ebebfa465bce1e8ba5-7ebc928e1b564e5c6954c8267f138bb6c56906b0&lang=de&ds=AVG&pr=fr&d=2011-12-04 11:24:05&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = hxxp://moikrug.ru/persons/?clid=135294&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..keyword.URL: "hxxp://yandex.ru/yandsearch?stype=first&clid=135297&text="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012.03.07 19:07:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.10 15:18:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.27 11:59:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.12 17:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.11.27 11:59:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.12 17:15:22 | 000,000,000 | ---D | M]
 
[2011.05.20 19:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2011.05.20 19:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.17 21:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions
[2011.12.10 12:41:02 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.08.07 20:54:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.06 18:12:07 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.12.10 12:41:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.10 18:31:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.10 12:41:03 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2011.04.10 18:32:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\engine@conduit.com
[2012.02.17 21:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\staged
[2012.02.06 17:58:44 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\toolbar@ask.com
[2011.12.12 00:47:36 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\toolbar@gmx.net
[2011.09.25 20:55:07 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9vf96daw.default\extensions\yasearch@yandex.ru
[2012.02.12 21:22:24 | 000,002,404 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\9vf96daw.default\searchplugins\askcom.xml
[2012.02.05 17:49:36 | 000,000,925 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\9vf96daw.default\searchplugins\conduit.xml
[2012.02.17 21:42:37 | 000,001,726 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\9vf96daw.default\searchplugins\yandex.xml
[2011.08.07 20:54:43 | 000,002,166 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\9vf96daw.default\searchplugins\ybqs-yandex.xml
[2011.11.20 15:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.31 16:27:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.14 13:19:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.02 18:39:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.13 18:10:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 14:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.20 15:56:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.12.10 15:18:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.01.16 21:32:20 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.22 16:43:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.07 19:07:24 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010.11.22 16:43:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.22 16:43:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.22 16:43:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.11.22 16:43:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\XXX\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\XXX\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\XXX\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Klicken, um Gutscheine f\u00FCr die aktuelle Seite anzuzeigen = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bimdadenebhhafielaochaakfchkllje\2.0.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: \u00AB\u0412\u0438\u0437\u0443\u0430\u043B\u044C\u043D\u044B\u0435 \u0417\u0430\u043A\u043B\u0430\u0434\u043A\u0438\u00BB \u043E\u0442 \u042F\u043D\u0434\u0435\u043A\u0441\u0430 = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac\1.2.118_0\
CHR - Extension: Freeware.de = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlafpokblfobdnjhhggocaanijghemnd\2.3.3.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Визуальные закладки) - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files\Yandex\YandexBarIE\fastdial.dll ()
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Яндекс.Бар) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Яндекс.Бар) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [VKSaver] C:\ProgramData\VKSaver\VKSaver.exe (AudioVkontakte.ru)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Praetorian] C:\Users\XXX\AppData\Local\Yandex\Updater\praetorian.exe (Yandex LLC)
O4 - HKCU..\Run: [vasja] C:\Users\XXX\AppData\Local\Temp\mor.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01AB86DE-E62B-46EF-8422-76B167141B98}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~2\VKSaver\vksaver3.dll) - C:\ProgramData\VKSaver\vksaver3.dll (AudioVkontakte.ru)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8f12e9de-9272-11df-be54-0023548e15cc}\Shell - "" = AutoRun
O33 - MountPoints2\{8f12e9de-9272-11df-be54-0023548e15cc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b7b3bd6a-a530-11df-90b9-0023548e15cc}\Shell - "" = AutoRun
O33 - MountPoints2\{b7b3bd6a-a530-11df-90b9-0023548e15cc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b7b3bd6d-a530-11df-90b9-0023548e15cc}\Shell - "" = AutoRun
O33 - MountPoints2\{b7b3bd6d-a530-11df-90b9-0023548e15cc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {44F57A3F-8968-033C-586C-28CE9D5B1E83} - Microsoft Windows Media Player
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.02 22:46:10 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\OTL
[2012.03.14 13:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.14 13:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.09 12:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.09 12:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.09 12:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.05 10:00:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.08.11 12:55:12 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\ProgramData\VistaLib32.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 22:46:19 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.02 22:46:19 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.02 22:46:19 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.02 22:46:19 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.02 22:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 22:32:16 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 22:29:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1718263348-909379974-2841372106-1000UA.job
[2012.04.02 22:29:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 22:29:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.01 10:57:45 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 10:57:45 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 08:48:26 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.04.01 08:48:26 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.04.01 08:35:30 | 076,471,397 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.04.01 00:01:49 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1718263348-909379974-2841372106-1000Core.job
[2012.03.29 13:52:51 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for XXX.job
[2012.03.14 11:36:53 | 000,412,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.09 12:58:31 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.09 12:58:31 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.17 21:43:37 | 000,000,138 | ---- | C] () -- C:\Windows\System32\operaprefs_fixed.ini
[2011.09.11 11:55:01 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.05.30 21:07:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.06 22:20:22 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.06 22:20:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.08.06 22:20:21 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.08.06 22:20:20 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.08.06 22:20:20 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.07.22 19:02:20 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.07.22 19:02:20 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.07.22 19:02:20 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.07.22 19:02:20 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.07.22 19:02:20 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.07.22 19:02:20 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.07.22 19:02:20 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.07.22 19:02:20 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.07.22 19:02:20 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.07.22 19:02:20 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.07.22 19:02:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.07.22 19:02:20 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.07.22 19:02:20 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.07.22 19:02:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.07.22 19:02:20 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.07.22 19:02:20 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.07.22 19:02:20 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.07.22 19:02:20 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.07.22 19:02:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.07.22 18:59:06 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2010.07.19 07:51:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.18 11:20:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.01.14 00:49:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2011.04.10 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.22 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\EPSON
[2012.01.04 11:11:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Foxit Software
[2011.09.11 11:55:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeAudioPack
[2010.10.04 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeHideIP
[2011.07.03 12:28:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GetRightToGo
[2010.12.16 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GHISLER
[2012.02.17 21:42:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera
[2011.05.20 19:54:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird
[2012.02.17 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Yandex
[2011.10.19 11:34:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.10.19 20:50:49 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.09.07 18:03:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.18 15:42:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.07.18 15:53:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.29 22:25:18 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.02.17 21:43:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.18 15:42:04 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.07.18 15:42:04 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.14 11:30:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.11.27 12:39:45 | 000,000,000 | ---D | M] -- C:\totalcmd
[2010.09.07 18:02:58 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.02 22:30:07 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2008a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.04.02 22:54:18 | 002,883,584 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2012.04.02 22:54:18 | 000,262,144 | -HS- | M] () -- C:\Users\XXX\ntuser.dat.LOG1
[2010.07.18 15:42:12 | 000,000,000 | -HS- | M] () -- C:\Users\XXX\ntuser.dat.LOG2
[2010.07.18 15:43:47 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.07.18 15:43:47 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.07.18 15:43:47 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.07.18 15:42:15 | 000,000,020 | -HS- | M] () -- C:\Users\XXX\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Files - Unicode (All) ==========
[2011.12.10 11:16:38 | 001,548,803 | ---- | M] ()(C:\Users\XXX\???????? ???? ?????? ????? ???????????, ??? ??????? ???????????? ??????.pdf) -- C:\Users\XXX\Крёстный отец Кремля Борис Березовский, или история разграбления России.pdf
[2010.10.04 23:40:02 | 000,555,679 | ---- | M] ()(C:\Users\XXX\???????? ???? ?????? ????? ???????????, ??? ??????? ???????????? ??????.docx) -- C:\Users\XXX\Крёстный отец Кремля Борис Березовский, или история разграбления России.docx
(C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Яндекс

< End of report >
         
--- --- ---




2) Extras-Datei:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.04.2012 22:48:01 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\XXX\Desktop\OTL
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 86,72% Memory free
6,00 Gb Paging File | 5,64 Gb Available in Paging File | 94,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 35,48 Gb Free Space | 36,37% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 124,27 Gb Free Space | 62,00% Space Free | Partition Type: NTFS
Drive F: | 124,00 Mb Total Space | 98,06 Mb Free Space | 79,08% Space Free | Partition Type: FAT32
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F89E06A-16E1-432E-8A3A-23CFFB4818D5}" = Russisch für Deutsche - Transliteration
"{118B6CA9-FD8B-467A-988C-44E212689A9B}_is1" = GutscheinRausch.de - AddOn für Chrome
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Premium
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Foxit PDF Creator Toolbar
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CA510CF6-4F86-48FF-B176-C245E7F4D218}" = eT-Fahrtenbuch 7
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBFBBDD0-EC37-4152-BB77-7D54322AF953}" = Яндекс.Бар 6.5 для Internet Explorer
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AVG9Uninstall" = AVG Free 9.0
"conduitEngine" = Conduit Engine 
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"NSS" = Norton Security Scan
"PokerStars.net" = PokerStars.net
"PriceGong" = PriceGong 2.1.0
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.52
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.03.2012 18:04:33 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5538
 
Error - 31.03.2012 18:04:34 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.03.2012 18:04:34 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
 
Error - 31.03.2012 18:04:34 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error - 31.03.2012 18:04:36 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.03.2012 18:04:36 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8362
 
Error - 31.03.2012 18:04:36 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8362
 
Error - 01.04.2012 02:29:09 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.04.2012 02:29:09 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30281931
 
Error - 01.04.2012 02:29:09 | Computer Name = XXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30281931
 
[ System Events ]
Error - 02.04.2012 16:54:09 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 16:56:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 16:56:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 16:56:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 17:01:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 17:01:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 17:01:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 17:03:23 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 17:03:23 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.04.2012 17:03:23 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---
__________________

Alt 03.04.2012, 12:52   #4
markusg
/// Malware-holic
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



hi
XXX durch nutzernamen ersetzen damit das script läuft

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [vasja] C:\Users\XXX\AppData\Local\Temp\mor.exe ()
 :Files
C:\Users\XXX\AppData\Local\Temp\mor.exe 
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.04.2012, 18:46   #5
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



Hi,

SUPER! Hat alles funktioniert! Danke schön!

hier ist der Text aus der Datei:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully.
C:\Users\XXX\AppData\Local\Temp\mor.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gast
->Flash cache emptied: 806 bytes

User: Public

User: XXX
->Flash cache emptied: 53864 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 1745261 bytes
->Temporary Internet Files folder emptied: 8701350 bytes
->Flash cache emptied: 0 bytes

User: Public

User: XXX
->Temp folder emptied: 9811955490 bytes
->Temporary Internet Files folder emptied: 219041066 bytes
->Java cache emptied: 4856147 bytes
->FireFox cache emptied: 70213521 bytes
->Google Chrome cache emptied: 6295330 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 379300370 bytes
RecycleBin emptied: 4002632265 bytes

Total Files Cleaned = 13.833,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04032012_182727

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Alt 03.04.2012, 19:00   #6
markusg
/// Malware-holic
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...

Alt 19.04.2012, 22:00   #7
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-19.01 - Sergej 19.04.2012  21:33:39.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3071.2390 [GMT 2:00]
ausgeführt von:: c:\users\Sergej\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\mbam-setup-1.60.1.1000.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Launch VKSaver.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Readme.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Uninstall.lnk
c:\users\Sergej\AppData\Local\assembly\tmp
c:\users\Sergej\AppData\Local\Yandex\Updater\praetorian.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-19 bis 2012-04-19  ))))))))))))))))))))))))))))))
.
.
2012-04-19 19:47 . 2012-04-19 19:47	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-04-19 19:47 . 2012-04-19 19:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-16 07:16 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-16 07:16 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-16 07:16 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-16 07:16 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-16 07:15 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-16 07:15 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-08 09:09 . 2012-04-08 09:09	--------	d-----w-	c:\program files\iPod
2012-04-07 13:02 . 2012-04-07 13:02	--------	d-----w-	c:\program files\Common Files\Java
2012-04-03 17:37 . 2012-04-03 17:51	97961	----a-w-	c:\windows\system32\drivers\klick.dat
2012-04-03 17:37 . 2012-04-03 17:51	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2012-04-03 17:37 . 2011-04-24 21:13	147856	----a-w-	c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-04-03 17:35 . 2012-04-03 17:35	--------	d-----w-	c:\program files\Kaspersky Lab
2012-04-03 17:35 . 2012-04-19 19:48	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-04-03 17:33 . 2012-04-03 17:33	--------	d-----w-	C:\kleaner.tmp
2012-04-03 16:27 . 2012-04-03 16:43	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 13:01 . 2010-10-24 21:16	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-17 05:34 . 2012-03-14 08:11	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 08:11	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 08:11	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 08:11	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 08:11	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-14 08:11	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 08:11	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 08:11	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54	175912	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-07 17:07	1869152	----a-w-	c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-01-17 14:54	175912	----a-w-	c:\program files\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-07 1869152]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2011-12-19 8856376]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2011-12-19 8856376]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-07 982880]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-12-16 220744]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"VKSaver"="c:\programdata\VKSaver\VKSaver.exe" [2012-02-17 224768]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\VKSaver\vksaver3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 135664]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1343400]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-07 918880]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 09:08]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 09:08]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718263348-909379974-2841372106-1000Core.job
- c:\users\Sergej\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 14:17]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718263348-909379974-2841372106-1000UA.job
- c:\users\Sergej\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 14:17]
.
2012-03-29 c:\windows\Tasks\Norton Security Scan for Sergej.job
- c:\progra~1\NORTON~2\Engine\351~1.10\Nss.exe [2011-12-10 08:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yandex.ru/?clid=135293
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Sergej\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Sergej\AppData\Roaming\Mozilla\Firefox\Profiles\9vf96daw.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5c193b9c-4380-4e57-8331-232fbecf72b6%7D&mid=51d7a9552fd210ebebfa465bce1e8ba5-7ebc928e1b564e5c6954c8267f138bb6c56906b0&ds=AVG&v=10.2.0.3&lang=de&pr=fr&d=2011-12-04%2011%3A24%3A05&sap=ku&q=
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: GMX Toolbar: toolbar@gmx.net - %profile%\extensions\toolbar@gmx.net
FF - Ext: Winload Community Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - %profile%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Freeware.de Community Toolbar: {7e111a5c-3d11-4f56-9463-5310c3c69025} - %profile%\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: NCH DE Community Toolbar: {b106b661-3e1b-4015-af5c-195e909f35c6} - %profile%\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru_bak2 - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.2.0.3
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
HKCU-Run-Praetorian - c:\users\Sergej\AppData\Local\Yandex\Updater\praetorian.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-19  21:56:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-19 19:56
.
Vor Suchlauf: 8 Verzeichnis(se), 48.929.136.640 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 48.751.779.840 Bytes frei
.
- - End Of File - - 4D564F7D18B8D667AD53F7E334EC0EA3
         
--- --- ---

Alt 20.04.2012, 11:15   #8
markusg
/// Malware-holic
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.04.2012, 21:09   #9
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



Das ist der Report:


21:06:34.0468 2460 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
21:06:34.0702 2460 ============================================================
21:06:34.0702 2460 Current date / time: 2012/04/20 21:06:34.0702
21:06:34.0702 2460 SystemInfo:
21:06:34.0702 2460
21:06:34.0702 2460 OS Version: 6.1.7601 ServicePack: 1.0
21:06:34.0702 2460 Product type: Workstation
21:06:34.0702 2460 ComputerName: SERGEJ-PC
21:06:34.0702 2460 UserName: Sergej
21:06:34.0702 2460 Windows directory: C:\Windows
21:06:34.0702 2460 System windows directory: C:\Windows
21:06:34.0702 2460 Processor architecture: Intel x86
21:06:34.0702 2460 Number of processors: 2
21:06:34.0702 2460 Page size: 0x1000
21:06:34.0702 2460 Boot type: Normal boot
21:06:34.0702 2460 ============================================================
21:06:36.0293 2460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:06:36.0293 2460 \Device\Harddisk0\DR0:
21:06:36.0293 2460 MBR partitions:
21:06:36.0293 2460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:06:36.0293 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
21:06:36.0293 2460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x190DD800
21:06:36.0325 2460 C: <-> \Device\Harddisk0\DR0\Partition1
21:06:36.0371 2460 D: <-> \Device\Harddisk0\DR0\Partition2
21:06:36.0371 2460 Initialize success
21:06:36.0371 2460 ============================================================
21:06:48.0025 6096 ============================================================
21:06:48.0025 6096 Scan started
21:06:48.0025 6096 Mode: Manual; SigCheck; TDLFS;
21:06:48.0025 6096 ============================================================
21:06:50.0006 6096 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:06:50.0209 6096 1394ohci - ok
21:06:50.0271 6096 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:06:50.0318 6096 ACPI - ok
21:06:50.0458 6096 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:06:50.0567 6096 AcpiPmi - ok
21:06:50.0770 6096 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:50.0801 6096 AdobeARMservice - ok
21:06:50.0989 6096 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:51.0035 6096 adp94xx - ok
21:06:51.0067 6096 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:06:51.0082 6096 adpahci - ok
21:06:51.0113 6096 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:06:51.0160 6096 adpu320 - ok
21:06:51.0223 6096 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:06:51.0301 6096 AeLookupSvc - ok
21:06:51.0613 6096 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:06:51.0722 6096 AFD - ok
21:06:51.0800 6096 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:06:51.0831 6096 agp440 - ok
21:06:51.0878 6096 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:06:51.0909 6096 aic78xx - ok
21:06:52.0034 6096 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:06:52.0096 6096 ALG - ok
21:06:52.0159 6096 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:06:52.0190 6096 aliide - ok
21:06:52.0330 6096 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
21:06:52.0408 6096 AMD External Events Utility - ok
21:06:52.0455 6096 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:06:52.0502 6096 amdagp - ok
21:06:52.0595 6096 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:06:52.0627 6096 amdide - ok
21:06:52.0705 6096 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:06:52.0783 6096 AmdK8 - ok
21:06:52.0829 6096 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:06:52.0892 6096 AmdPPM - ok
21:06:52.0939 6096 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:06:52.0985 6096 amdsata - ok
21:06:53.0126 6096 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:53.0173 6096 amdsbs - ok
21:06:53.0188 6096 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:06:53.0204 6096 amdxata - ok
21:06:53.0266 6096 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:06:53.0438 6096 AppID - ok
21:06:53.0516 6096 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:06:53.0594 6096 AppIDSvc - ok
21:06:53.0672 6096 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:06:53.0734 6096 Appinfo - ok
21:06:53.0906 6096 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:06:53.0937 6096 Apple Mobile Device - ok
21:06:54.0046 6096 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:06:54.0124 6096 AppMgmt - ok
21:06:54.0171 6096 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:06:54.0218 6096 arc - ok
21:06:54.0233 6096 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:06:54.0249 6096 arcsas - ok
21:06:54.0296 6096 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:54.0452 6096 AsyncMac - ok
21:06:54.0530 6096 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:06:54.0577 6096 atapi - ok
21:06:54.0795 6096 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
21:06:54.0998 6096 atikmdag - ok
21:06:55.0169 6096 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:06:55.0263 6096 AudioEndpointBuilder - ok
21:06:55.0294 6096 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:06:55.0325 6096 Audiosrv - ok
21:06:55.0403 6096 AVG Security Toolbar Service - ok
21:06:55.0606 6096 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
21:06:55.0669 6096 AVP - ok
21:06:55.0825 6096 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:06:55.0903 6096 AxInstSV - ok
21:06:55.0981 6096 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:06:56.0059 6096 b06bdrv - ok
21:06:56.0137 6096 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:06:56.0183 6096 b57nd60x - ok
21:06:56.0293 6096 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:06:56.0371 6096 BDESVC - ok
21:06:56.0402 6096 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:06:56.0480 6096 Beep - ok
21:06:56.0651 6096 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:06:56.0745 6096 BFE - ok
21:06:56.0854 6096 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:06:56.0948 6096 BITS - ok
21:06:57.0026 6096 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:57.0119 6096 blbdrive - ok
21:06:57.0244 6096 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:06:57.0307 6096 Bonjour Service - ok
21:06:57.0478 6096 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:06:57.0541 6096 bowser - ok
21:06:57.0587 6096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:57.0712 6096 BrFiltLo - ok
21:06:57.0775 6096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:57.0821 6096 BrFiltUp - ok
21:06:57.0931 6096 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:06:58.0009 6096 BridgeMP - ok
21:06:58.0087 6096 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:06:58.0196 6096 Browser - ok
21:06:58.0274 6096 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:06:58.0352 6096 Brserid - ok
21:06:58.0414 6096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:58.0445 6096 BrSerWdm - ok
21:06:58.0461 6096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:58.0492 6096 BrUsbMdm - ok
21:06:58.0523 6096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:58.0555 6096 BrUsbSer - ok
21:06:58.0664 6096 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:58.0726 6096 BTHMODEM - ok
21:06:58.0804 6096 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:06:58.0867 6096 bthserv - ok
21:06:59.0007 6096 catchme - ok
21:06:59.0147 6096 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:59.0194 6096 cdfs - ok
21:06:59.0272 6096 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:06:59.0319 6096 cdrom - ok
21:06:59.0459 6096 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:06:59.0522 6096 CertPropSvc - ok
21:06:59.0600 6096 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:06:59.0647 6096 circlass - ok
21:06:59.0740 6096 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:06:59.0771 6096 CLFS - ok
21:06:59.0849 6096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:59.0912 6096 clr_optimization_v2.0.50727_32 - ok
21:06:59.0990 6096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:07:00.0021 6096 clr_optimization_v4.0.30319_32 - ok
21:07:00.0130 6096 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:07:00.0161 6096 CmBatt - ok
21:07:00.0208 6096 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:07:00.0239 6096 cmdide - ok
21:07:00.0286 6096 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:07:00.0364 6096 CNG - ok
21:07:00.0458 6096 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:07:00.0489 6096 Compbatt - ok
21:07:00.0551 6096 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:07:00.0614 6096 CompositeBus - ok
21:07:00.0676 6096 COMSysApp - ok
21:07:00.0723 6096 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:07:00.0754 6096 crcdisk - ok
21:07:00.0848 6096 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:07:00.0941 6096 CryptSvc - ok
21:07:01.0019 6096 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:07:01.0113 6096 CSC - ok
21:07:01.0207 6096 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:07:01.0285 6096 CscService - ok
21:07:01.0378 6096 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:07:01.0487 6096 DcomLaunch - ok
21:07:01.0519 6096 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:07:01.0565 6096 defragsvc - ok
21:07:01.0690 6096 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:07:01.0784 6096 DfsC - ok
21:07:02.0080 6096 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:07:02.0189 6096 Dhcp - ok
21:07:02.0252 6096 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:07:02.0345 6096 discache - ok
21:07:02.0408 6096 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:07:02.0455 6096 Disk - ok
21:07:02.0564 6096 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:07:02.0673 6096 Dnscache - ok
21:07:02.0720 6096 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:07:02.0782 6096 dot3svc - ok
21:07:02.0891 6096 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:07:02.0954 6096 DPS - ok
21:07:03.0063 6096 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:07:03.0172 6096 drmkaud - ok
21:07:03.0266 6096 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:07:03.0344 6096 DXGKrnl - ok
21:07:03.0453 6096 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:07:03.0531 6096 EapHost - ok
21:07:03.0749 6096 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:07:03.0890 6096 ebdrv - ok
21:07:03.0999 6096 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:07:04.0061 6096 EFS - ok
21:07:04.0171 6096 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:07:04.0280 6096 ehRecvr - ok
21:07:04.0311 6096 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:07:04.0342 6096 ehSched - ok
21:07:04.0420 6096 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:07:04.0483 6096 elxstor - ok
21:07:04.0623 6096 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
21:07:04.0685 6096 EPSON_EB_RPCV4_01 - ok
21:07:04.0732 6096 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:07:04.0795 6096 EPSON_PM_RPCV4_01 - ok
21:07:04.0873 6096 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:07:04.0919 6096 ErrDev - ok
21:07:05.0029 6096 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:07:05.0122 6096 EventSystem - ok
21:07:05.0169 6096 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:07:05.0247 6096 exfat - ok
21:07:05.0325 6096 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:07:05.0387 6096 fastfat - ok
21:07:05.0512 6096 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:07:05.0621 6096 Fax - ok
21:07:05.0699 6096 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:07:05.0746 6096 fdc - ok
21:07:05.0824 6096 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:07:05.0902 6096 fdPHost - ok
21:07:05.0933 6096 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:07:05.0996 6096 FDResPub - ok
21:07:06.0089 6096 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:07:06.0121 6096 FileInfo - ok
21:07:06.0136 6096 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:07:06.0230 6096 Filetrace - ok
21:07:06.0308 6096 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:07:06.0339 6096 flpydisk - ok
21:07:06.0433 6096 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:07:06.0479 6096 FltMgr - ok
21:07:06.0557 6096 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:07:06.0667 6096 FontCache - ok
21:07:06.0760 6096 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:07:06.0791 6096 FontCache3.0.0.0 - ok
21:07:06.0869 6096 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:07:06.0901 6096 FsDepends - ok
21:07:06.0963 6096 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:07:07.0025 6096 Fs_Rec - ok
21:07:07.0103 6096 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:07:07.0166 6096 fvevol - ok
21:07:07.0431 6096 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:07:07.0478 6096 gagp30kx - ok
21:07:07.0525 6096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:07:07.0556 6096 GEARAspiWDM - ok
21:07:07.0649 6096 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:07:07.0759 6096 gpsvc - ok
21:07:07.0915 6096 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:07:07.0961 6096 gupdate - ok
21:07:07.0977 6096 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:07:07.0977 6096 gupdatem - ok
21:07:08.0055 6096 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:07:08.0133 6096 hcw85cir - ok
21:07:08.0211 6096 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:07:08.0242 6096 HdAudAddService - ok
21:07:08.0398 6096 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:07:08.0445 6096 HDAudBus - ok
21:07:08.0492 6096 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:07:08.0539 6096 HidBatt - ok
21:07:08.0617 6096 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:07:08.0648 6096 HidBth - ok
21:07:08.0741 6096 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:07:08.0773 6096 HidIr - ok
21:07:08.0819 6096 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:07:08.0944 6096 hidserv - ok
21:07:09.0022 6096 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:07:09.0069 6096 HidUsb - ok
21:07:09.0209 6096 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:07:09.0303 6096 hkmsvc - ok
21:07:09.0350 6096 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:07:09.0443 6096 HomeGroupListener - ok
21:07:09.0506 6096 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:07:09.0568 6096 HomeGroupProvider - ok
21:07:09.0709 6096 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:07:09.0755 6096 HpSAMD - ok
21:07:09.0818 6096 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:07:09.0896 6096 HTTP - ok
21:07:09.0958 6096 hwdatacard - ok
21:07:10.0052 6096 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:07:10.0083 6096 hwpolicy - ok
21:07:10.0177 6096 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:07:10.0270 6096 i8042prt - ok
21:07:10.0333 6096 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:07:10.0364 6096 iaStorV - ok
21:07:10.0535 6096 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:07:10.0629 6096 idsvc - ok
21:07:10.0691 6096 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:07:10.0723 6096 iirsp - ok
21:07:10.0832 6096 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:07:10.0925 6096 IKEEXT - ok
21:07:11.0003 6096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:07:11.0050 6096 intelide - ok
21:07:11.0128 6096 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:07:11.0206 6096 intelppm - ok
21:07:11.0284 6096 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:07:11.0362 6096 IPBusEnum - ok
21:07:11.0393 6096 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:11.0471 6096 IpFilterDriver - ok
21:07:11.0581 6096 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:07:11.0690 6096 iphlpsvc - ok
21:07:11.0815 6096 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:07:11.0877 6096 IPMIDRV - ok
21:07:11.0939 6096 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:07:11.0986 6096 IPNAT - ok
21:07:12.0111 6096 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:07:12.0189 6096 iPod Service - ok
21:07:12.0345 6096 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:07:12.0423 6096 IRENUM - ok
21:07:12.0532 6096 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:07:12.0563 6096 isapnp - ok
21:07:12.0626 6096 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:07:12.0673 6096 iScsiPrt - ok
21:07:12.0797 6096 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
21:07:12.0844 6096 ISODrive - ok
21:07:12.0953 6096 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:07:12.0985 6096 kbdclass - ok
21:07:13.0094 6096 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:07:13.0156 6096 kbdhid - ok
21:07:13.0219 6096 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:13.0265 6096 KeyIso - ok
21:07:13.0453 6096 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
21:07:13.0484 6096 KL1 - ok
21:07:13.0546 6096 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
21:07:13.0577 6096 kl2 - ok
21:07:13.0718 6096 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
21:07:13.0780 6096 KLIF - ok
21:07:13.0952 6096 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
21:07:13.0999 6096 KLIM6 - ok
21:07:14.0030 6096 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
21:07:14.0045 6096 klmouflt - ok
21:07:14.0123 6096 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:07:14.0170 6096 KSecDD - ok
21:07:14.0217 6096 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:07:14.0264 6096 KSecPkg - ok
21:07:14.0357 6096 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:07:14.0420 6096 KtmRm - ok
21:07:14.0482 6096 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:07:14.0591 6096 LanmanServer - ok
21:07:14.0654 6096 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:07:14.0716 6096 LanmanWorkstation - ok
21:07:14.0825 6096 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:07:14.0919 6096 lltdio - ok
21:07:15.0013 6096 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:07:15.0044 6096 lltdsvc - ok
21:07:15.0137 6096 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:07:15.0184 6096 lmhosts - ok
21:07:15.0278 6096 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:07:15.0309 6096 LSI_FC - ok
21:07:15.0356 6096 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:07:15.0371 6096 LSI_SAS - ok
21:07:15.0403 6096 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:07:15.0418 6096 LSI_SAS2 - ok
21:07:15.0434 6096 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:07:15.0449 6096 LSI_SCSI - ok
21:07:15.0512 6096 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:07:15.0559 6096 luafv - ok
21:07:15.0668 6096 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:07:15.0715 6096 Mcx2Svc - ok
21:07:15.0777 6096 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:07:15.0824 6096 megasas - ok
21:07:15.0886 6096 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:07:15.0902 6096 MegaSR - ok
21:07:16.0027 6096 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:07:16.0042 6096 Microsoft Office Groove Audit Service - ok
21:07:16.0183 6096 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:07:16.0245 6096 MMCSS - ok
21:07:16.0307 6096 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:07:16.0370 6096 Modem - ok
21:07:16.0526 6096 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:07:16.0573 6096 monitor - ok
21:07:16.0635 6096 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:07:16.0666 6096 mouclass - ok
21:07:16.0775 6096 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:07:16.0838 6096 mouhid - ok
21:07:16.0978 6096 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:07:16.0994 6096 mountmgr - ok
21:07:17.0072 6096 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:07:17.0087 6096 mpio - ok
21:07:17.0134 6096 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:07:17.0243 6096 mpsdrv - ok
21:07:17.0399 6096 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:07:17.0587 6096 MpsSvc - ok
21:07:17.0789 6096 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:07:17.0867 6096 MRxDAV - ok
21:07:18.0133 6096 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:18.0304 6096 mrxsmb - ok
21:07:18.0382 6096 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:18.0445 6096 mrxsmb10 - ok
21:07:18.0476 6096 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:18.0554 6096 mrxsmb20 - ok
21:07:18.0647 6096 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:07:18.0694 6096 msahci - ok
21:07:18.0788 6096 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:07:18.0819 6096 msdsm - ok
21:07:18.0866 6096 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:07:18.0897 6096 MSDTC - ok
21:07:18.0959 6096 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:07:18.0991 6096 Msfs - ok
21:07:19.0053 6096 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:07:19.0115 6096 mshidkmdf - ok
21:07:19.0162 6096 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:07:19.0178 6096 msisadrv - ok
21:07:19.0287 6096 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:07:19.0365 6096 MSiSCSI - ok
21:07:19.0365 6096 msiserver - ok
21:07:19.0412 6096 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:07:19.0474 6096 MSKSSRV - ok
21:07:19.0599 6096 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:19.0661 6096 MSPCLOCK - ok
21:07:19.0693 6096 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:07:19.0739 6096 MSPQM - ok
21:07:19.0833 6096 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:07:19.0895 6096 MsRPC - ok
21:07:19.0989 6096 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:07:20.0020 6096 mssmbios - ok
21:07:20.0114 6096 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:07:20.0161 6096 MSTEE - ok
21:07:20.0176 6096 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:07:20.0207 6096 MTConfig - ok
21:07:20.0254 6096 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
21:07:20.0317 6096 MTsensor - ok
21:07:20.0410 6096 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:07:20.0441 6096 Mup - ok
21:07:20.0488 6096 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:07:20.0582 6096 napagent - ok
21:07:20.0675 6096 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:07:20.0722 6096 NativeWifiP - ok
21:07:20.0909 6096 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:07:20.0987 6096 NBService - ok
21:07:21.0128 6096 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:07:21.0206 6096 NDIS - ok
21:07:21.0253 6096 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:21.0315 6096 NdisCap - ok
21:07:21.0455 6096 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:21.0518 6096 NdisTapi - ok
21:07:21.0565 6096 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:21.0643 6096 Ndisuio - ok
21:07:21.0705 6096 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:21.0783 6096 NdisWan - ok
21:07:21.0861 6096 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:07:21.0923 6096 NDProxy - ok
21:07:21.0970 6096 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:07:22.0033 6096 NetBIOS - ok
21:07:22.0095 6096 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:07:22.0204 6096 NetBT - ok
21:07:22.0282 6096 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:22.0329 6096 Netlogon - ok
21:07:22.0454 6096 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:07:22.0579 6096 Netman - ok
21:07:22.0610 6096 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:07:22.0657 6096 netprofm - ok
21:07:22.0781 6096 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:22.0813 6096 NetTcpPortSharing - ok
21:07:23.0343 6096 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:07:23.0624 6096 NETw5s32 - ok
21:07:23.0889 6096 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:07:24.0045 6096 netw5v32 - ok
21:07:24.0107 6096 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:07:24.0123 6096 nfrd960 - ok
21:07:24.0232 6096 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:07:24.0326 6096 NlaSvc - ok
21:07:24.0451 6096 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:07:24.0482 6096 NMIndexingService - ok
21:07:24.0575 6096 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:07:24.0638 6096 Npfs - ok
21:07:24.0716 6096 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:07:24.0778 6096 nsi - ok
21:07:24.0794 6096 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:07:24.0825 6096 nsiproxy - ok
21:07:24.0919 6096 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:07:25.0012 6096 Ntfs - ok
21:07:25.0090 6096 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:07:25.0168 6096 Null - ok
21:07:25.0277 6096 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:07:25.0324 6096 nvraid - ok
21:07:25.0387 6096 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:07:25.0418 6096 nvstor - ok
21:07:25.0511 6096 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:07:25.0558 6096 nv_agp - ok
21:07:25.0683 6096 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:07:25.0746 6096 odserv - ok
21:07:25.0855 6096 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:07:25.0902 6096 ohci1394 - ok
21:07:26.0026 6096 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:26.0058 6096 ose - ok
21:07:26.0136 6096 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:07:26.0182 6096 p2pimsvc - ok
21:07:26.0323 6096 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:07:26.0370 6096 p2psvc - ok
21:07:26.0432 6096 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:07:26.0463 6096 Parport - ok
21:07:26.0635 6096 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:07:26.0666 6096 partmgr - ok
21:07:26.0713 6096 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:07:26.0744 6096 Parvdm - ok
21:07:26.0791 6096 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:07:26.0853 6096 PcaSvc - ok
21:07:26.0900 6096 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:07:26.0947 6096 pci - ok
21:07:27.0025 6096 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:07:27.0056 6096 pciide - ok
21:07:27.0118 6096 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:27.0150 6096 pcmcia - ok
21:07:27.0196 6096 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:07:27.0212 6096 pcw - ok
21:07:27.0321 6096 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:07:27.0415 6096 PEAUTH - ok
21:07:27.0586 6096 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:07:27.0696 6096 PeerDistSvc - ok
21:07:27.0867 6096 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:07:27.0992 6096 pla - ok
21:07:28.0117 6096 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:07:28.0195 6096 PlugPlay - ok
21:07:28.0304 6096 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:07:28.0351 6096 PNRPAutoReg - ok
21:07:28.0366 6096 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:07:28.0398 6096 PNRPsvc - ok
21:07:28.0460 6096 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:07:28.0569 6096 PolicyAgent - ok
21:07:28.0647 6096 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:07:28.0694 6096 Power - ok
21:07:28.0803 6096 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:28.0881 6096 PptpMiniport - ok
21:07:28.0928 6096 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:07:28.0975 6096 Processor - ok
21:07:29.0037 6096 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:07:29.0100 6096 ProfSvc - ok
21:07:29.0162 6096 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:29.0193 6096 ProtectedStorage - ok
21:07:29.0318 6096 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:07:29.0396 6096 Psched - ok
21:07:29.0458 6096 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:29.0568 6096 ql2300 - ok
21:07:29.0630 6096 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:29.0677 6096 ql40xx - ok
21:07:29.0724 6096 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:07:29.0770 6096 QWAVE - ok
21:07:29.0817 6096 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:07:29.0848 6096 QWAVEdrv - ok
21:07:29.0895 6096 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:29.0942 6096 RasAcd - ok
21:07:30.0020 6096 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:30.0082 6096 RasAgileVpn - ok
21:07:30.0129 6096 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:07:30.0192 6096 RasAuto - ok
21:07:30.0207 6096 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:30.0254 6096 Rasl2tp - ok
21:07:30.0363 6096 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:07:30.0441 6096 RasMan - ok
21:07:30.0566 6096 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:30.0613 6096 RasPppoe - ok
21:07:30.0660 6096 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:30.0753 6096 RasSstp - ok
21:07:30.0831 6096 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:30.0894 6096 rdbss - ok
21:07:30.0956 6096 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:31.0003 6096 rdpbus - ok
21:07:31.0081 6096 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:31.0143 6096 RDPCDD - ok
21:07:31.0206 6096 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:07:31.0268 6096 RDPDR - ok
21:07:31.0424 6096 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:07:31.0502 6096 RDPENCDD - ok
21:07:31.0533 6096 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:07:31.0564 6096 RDPREFMP - ok
21:07:31.0658 6096 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:07:31.0736 6096 RDPWD - ok
21:07:31.0892 6096 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:07:31.0939 6096 rdyboost - ok
21:07:32.0001 6096 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:07:32.0064 6096 RemoteAccess - ok
21:07:32.0157 6096 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:07:32.0220 6096 RemoteRegistry - ok
21:07:32.0298 6096 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:07:32.0376 6096 RpcEptMapper - ok
21:07:32.0407 6096 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:07:32.0438 6096 RpcLocator - ok
21:07:32.0500 6096 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:07:32.0547 6096 RpcSs - ok
21:07:32.0625 6096 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:32.0688 6096 rspndr - ok
21:07:32.0797 6096 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:07:32.0828 6096 RTL8167 - ok
21:07:32.0922 6096 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:07:32.0984 6096 s3cap - ok
21:07:33.0046 6096 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:33.0062 6096 SamSs - ok
21:07:33.0218 6096 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:07:33.0312 6096 sbp2port - ok
21:07:33.0514 6096 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:07:33.0577 6096 SCardSvr - ok
21:07:33.0655 6096 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:33.0717 6096 scfilter - ok
21:07:33.0795 6096 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:07:33.0904 6096 Schedule - ok
21:07:34.0045 6096 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:07:34.0092 6096 SCPolicySvc - ok
21:07:34.0154 6096 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:07:34.0232 6096 SDRSVC - ok
21:07:34.0294 6096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:07:34.0372 6096 secdrv - ok
21:07:34.0435 6096 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:07:34.0528 6096 seclogon - ok
21:07:34.0560 6096 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:07:34.0606 6096 SENS - ok
21:07:34.0653 6096 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:07:34.0731 6096 SensrSvc - ok
21:07:34.0809 6096 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:07:34.0856 6096 Serenum - ok
21:07:34.0903 6096 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:07:34.0934 6096 Serial - ok
21:07:34.0996 6096 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:35.0028 6096 sermouse - ok
21:07:35.0090 6096 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:07:35.0137 6096 SessionEnv - ok
21:07:35.0215 6096 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:07:35.0277 6096 sffdisk - ok
21:07:35.0355 6096 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:07:35.0402 6096 sffp_mmc - ok
21:07:35.0464 6096 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:07:35.0496 6096 sffp_sd - ok
21:07:35.0558 6096 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:35.0605 6096 sfloppy - ok
21:07:35.0683 6096 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:07:35.0761 6096 SharedAccess - ok
21:07:35.0839 6096 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:07:35.0917 6096 ShellHWDetection - ok
21:07:36.0010 6096 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:07:36.0057 6096 sisagp - ok
21:07:36.0088 6096 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:36.0120 6096 SiSRaid2 - ok
21:07:36.0135 6096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:36.0151 6096 SiSRaid4 - ok
21:07:36.0307 6096 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:07:36.0338 6096 SkypeUpdate - ok
21:07:36.0432 6096 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:07:36.0478 6096 Smb - ok
21:07:36.0556 6096 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:07:36.0603 6096 SNMPTRAP - ok
21:07:36.0619 6096 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:07:36.0650 6096 spldr - ok
21:07:36.0697 6096 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:07:36.0775 6096 Spooler - ok
21:07:36.0931 6096 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:07:37.0087 6096 sppsvc - ok
21:07:37.0165 6096 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:07:37.0227 6096 sppuinotify - ok
21:07:37.0290 6096 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:07:37.0383 6096 srv - ok
21:07:37.0461 6096 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:07:37.0492 6096 srv2 - ok
21:07:37.0524 6096 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:37.0555 6096 srvnet - ok
21:07:37.0633 6096 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:07:37.0711 6096 SSDPSRV - ok
21:07:37.0773 6096 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:07:37.0836 6096 SstpSvc - ok
21:07:37.0882 6096 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:37.0898 6096 stexstor - ok
21:07:38.0007 6096 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:07:38.0085 6096 StiSvc - ok
21:07:38.0179 6096 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:07:38.0210 6096 storflt - ok
21:07:38.0257 6096 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:07:38.0288 6096 StorSvc - ok
21:07:38.0350 6096 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:07:38.0382 6096 storvsc - ok
21:07:38.0444 6096 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:07:38.0460 6096 swenum - ok
21:07:38.0616 6096 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:07:38.0694 6096 swprv - ok
21:07:38.0818 6096 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:07:38.0912 6096 SysMain - ok
21:07:39.0006 6096 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:07:39.0084 6096 TabletInputService - ok
21:07:39.0162 6096 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:07:39.0208 6096 TapiSrv - ok
21:07:39.0286 6096 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:07:39.0349 6096 TBS - ok
21:07:39.0474 6096 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:07:39.0552 6096 Tcpip - ok
21:07:39.0676 6096 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:39.0708 6096 TCPIP6 - ok
21:07:39.0786 6096 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:07:39.0864 6096 tcpipreg - ok
21:07:39.0942 6096 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:07:39.0988 6096 TDPIPE - ok
21:07:40.0051 6096 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:07:40.0082 6096 TDTCP - ok
21:07:40.0160 6096 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:07:40.0238 6096 tdx - ok
21:07:40.0332 6096 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:07:40.0378 6096 TermDD - ok
21:07:40.0441 6096 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:07:40.0550 6096 TermService - ok
21:07:40.0659 6096 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:07:40.0722 6096 Themes - ok
21:07:40.0800 6096 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:07:40.0846 6096 THREADORDER - ok
21:07:40.0893 6096 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:07:40.0971 6096 TrkWks - ok
21:07:41.0034 6096 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:07:41.0112 6096 TrustedInstaller - ok
21:07:41.0174 6096 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:41.0236 6096 tssecsrv - ok
21:07:41.0314 6096 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:07:41.0392 6096 TsUsbFlt - ok
21:07:41.0486 6096 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:41.0548 6096 tunnel - ok
21:07:41.0642 6096 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:41.0673 6096 uagp35 - ok
21:07:41.0736 6096 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:07:41.0798 6096 udfs - ok
21:07:41.0860 6096 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:07:41.0938 6096 UI0Detect - ok
21:07:42.0016 6096 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:07:42.0063 6096 uliagpkx - ok
21:07:42.0126 6096 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:07:42.0188 6096 umbus - ok
21:07:42.0235 6096 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:07:42.0282 6096 UmPass - ok
21:07:42.0375 6096 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
21:07:42.0438 6096 UmRdpService - ok
21:07:42.0516 6096 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:07:42.0562 6096 upnphost - ok
21:07:42.0687 6096 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:07:42.0734 6096 USBAAPL - ok
21:07:42.0828 6096 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:42.0921 6096 usbccgp - ok
21:07:42.0999 6096 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:07:43.0062 6096 usbcir - ok
21:07:43.0108 6096 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:07:43.0140 6096 usbehci - ok
21:07:43.0249 6096 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:07:43.0311 6096 usbhub - ok
21:07:43.0389 6096 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:07:43.0420 6096 usbohci - ok
21:07:43.0498 6096 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:43.0545 6096 usbprint - ok
21:07:43.0639 6096 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:07:43.0686 6096 usbscan - ok
21:07:43.0779 6096 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:43.0857 6096 USBSTOR - ok
21:07:43.0951 6096 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:07:43.0998 6096 usbuhci - ok
21:07:44.0076 6096 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:07:44.0138 6096 usbvideo - ok
21:07:44.0185 6096 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:07:44.0247 6096 UxSms - ok
21:07:44.0310 6096 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:44.0341 6096 VaultSvc - ok
21:07:44.0434 6096 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:07:44.0466 6096 vdrvroot - ok
21:07:44.0528 6096 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:07:44.0622 6096 vds - ok
21:07:44.0684 6096 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:44.0731 6096 vga - ok
21:07:44.0793 6096 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:07:44.0840 6096 VgaSave - ok
21:07:44.0918 6096 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:07:44.0965 6096 vhdmp - ok
21:07:45.0043 6096 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:07:45.0074 6096 viaagp - ok
21:07:45.0152 6096 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:07:45.0199 6096 ViaC7 - ok
21:07:45.0277 6096 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:07:45.0308 6096 viaide - ok
21:07:45.0448 6096 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:07:45.0480 6096 vmbus - ok
21:07:45.0526 6096 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:07:45.0542 6096 VMBusHID - ok
21:07:45.0604 6096 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:07:45.0636 6096 volmgr - ok
21:07:45.0698 6096 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:07:45.0729 6096 volmgrx - ok
21:07:45.0792 6096 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:07:45.0823 6096 volsnap - ok
21:07:45.0916 6096 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:45.0963 6096 vsmraid - ok
21:07:46.0041 6096 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:07:46.0135 6096 VSS - ok
21:07:46.0369 6096 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
21:07:46.0400 6096 vToolbarUpdater10.2.0 - ok
21:07:46.0478 6096 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:46.0509 6096 vwifibus - ok
21:07:46.0540 6096 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:46.0587 6096 vwififlt - ok
21:07:46.0665 6096 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:07:46.0743 6096 W32Time - ok
21:07:46.0821 6096 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:46.0884 6096 WacomPen - ok
21:07:46.0962 6096 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:47.0008 6096 WANARP - ok
21:07:47.0008 6096 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:47.0040 6096 Wanarpv6 - ok
21:07:47.0227 6096 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:07:47.0320 6096 WatAdminSvc - ok
21:07:47.0508 6096 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:07:47.0617 6096 wbengine - ok
21:07:47.0664 6096 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:07:47.0695 6096 WbioSrvc - ok
21:07:47.0804 6096 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:07:47.0866 6096 wcncsvc - ok
21:07:47.0898 6096 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:07:47.0976 6096 WcsPlugInService - ok
21:07:48.0022 6096 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:07:48.0069 6096 Wd - ok
21:07:48.0147 6096 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:07:48.0210 6096 Wdf01000 - ok
21:07:48.0256 6096 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:07:48.0350 6096 WdiServiceHost - ok
21:07:48.0350 6096 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:07:48.0381 6096 WdiSystemHost - ok
21:07:48.0490 6096 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:07:48.0537 6096 WebClient - ok
21:07:48.0600 6096 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:07:48.0662 6096 Wecsvc - ok
21:07:48.0724 6096 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:07:48.0880 6096 wercplsupport - ok
21:07:49.0036 6096 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:07:49.0099 6096 WerSvc - ok
21:07:49.0177 6096 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:49.0239 6096 WfpLwf - ok
21:07:49.0302 6096 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:07:49.0317 6096 WIMMount - ok
21:07:49.0395 6096 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:07:49.0536 6096 WinDefend - ok
21:07:49.0536 6096 WinHttpAutoProxySvc - ok
21:07:49.0629 6096 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:07:49.0707 6096 Winmgmt - ok
21:07:49.0832 6096 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:07:49.0926 6096 WinRM - ok
21:07:50.0004 6096 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:07:50.0066 6096 WinUsb - ok
21:07:50.0128 6096 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:07:50.0222 6096 Wlansvc - ok
21:07:50.0300 6096 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:07:50.0347 6096 WmiAcpi - ok
21:07:50.0456 6096 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:07:50.0487 6096 wmiApSrv - ok
21:07:50.0612 6096 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:07:50.0752 6096 WMPNetworkSvc - ok
21:07:50.0846 6096 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:07:50.0893 6096 WPCSvc - ok
21:07:50.0940 6096 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:07:51.0033 6096 WPDBusEnum - ok
21:07:51.0080 6096 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:51.0127 6096 ws2ifsl - ok
21:07:51.0236 6096 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
21:07:51.0283 6096 wscsvc - ok
21:07:51.0314 6096 WSearch - ok
21:07:51.0408 6096 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:07:51.0548 6096 wuauserv - ok
21:07:51.0595 6096 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:07:51.0626 6096 WudfPf - ok
21:07:51.0704 6096 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:51.0766 6096 WUDFRd - ok
21:07:51.0829 6096 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:07:51.0891 6096 wudfsvc - ok
21:07:51.0938 6096 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:07:51.0985 6096 WwanSvc - ok
21:07:52.0032 6096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:07:52.0156 6096 \Device\Harddisk0\DR0 - ok
21:07:52.0156 6096 Boot (0x1200) (017c1d57b7be04f207dc3198ad6f1c2d) \Device\Harddisk0\DR0\Partition0
21:07:52.0172 6096 \Device\Harddisk0\DR0\Partition0 - ok
21:07:52.0203 6096 Boot (0x1200) (a583dc67e9e6be02ff2ba2398aba1c79) \Device\Harddisk0\DR0\Partition1
21:07:52.0203 6096 \Device\Harddisk0\DR0\Partition1 - ok
21:07:52.0219 6096 Boot (0x1200) (8b8ba81fe489a9c60ddbf80df69af1fd) \Device\Harddisk0\DR0\Partition2
21:07:52.0250 6096 \Device\Harddisk0\DR0\Partition2 - ok
21:07:52.0250 6096 ============================================================
21:07:52.0250 6096 Scan finished
21:07:52.0250 6096 ============================================================
21:07:52.0281 4444 Detected object count: 0
21:07:52.0281 4444 Actual detected object count: 0

Alt 20.04.2012, 21:10   #10
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



Sorry, das ist der log-file:


21:06:34.0468 2460 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
21:06:34.0702 2460 ============================================================
21:06:34.0702 2460 Current date / time: 2012/04/20 21:06:34.0702
21:06:34.0702 2460 SystemInfo:
21:06:34.0702 2460
21:06:34.0702 2460 OS Version: 6.1.7601 ServicePack: 1.0
21:06:34.0702 2460 Product type: Workstation
21:06:34.0702 2460 ComputerName: SERGEJ-PC
21:06:34.0702 2460 UserName: Sergej
21:06:34.0702 2460 Windows directory: C:\Windows
21:06:34.0702 2460 System windows directory: C:\Windows
21:06:34.0702 2460 Processor architecture: Intel x86
21:06:34.0702 2460 Number of processors: 2
21:06:34.0702 2460 Page size: 0x1000
21:06:34.0702 2460 Boot type: Normal boot
21:06:34.0702 2460 ============================================================
21:06:36.0293 2460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:06:36.0293 2460 \Device\Harddisk0\DR0:
21:06:36.0293 2460 MBR partitions:
21:06:36.0293 2460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:06:36.0293 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
21:06:36.0293 2460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x190DD800
21:06:36.0325 2460 C: <-> \Device\Harddisk0\DR0\Partition1
21:06:36.0371 2460 D: <-> \Device\Harddisk0\DR0\Partition2
21:06:36.0371 2460 Initialize success
21:06:36.0371 2460 ============================================================
21:06:48.0025 6096 ============================================================
21:06:48.0025 6096 Scan started
21:06:48.0025 6096 Mode: Manual; SigCheck; TDLFS;
21:06:48.0025 6096 ============================================================
21:06:50.0006 6096 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:06:50.0209 6096 1394ohci - ok
21:06:50.0271 6096 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:06:50.0318 6096 ACPI - ok
21:06:50.0458 6096 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:06:50.0567 6096 AcpiPmi - ok
21:06:50.0770 6096 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:06:50.0801 6096 AdobeARMservice - ok
21:06:50.0989 6096 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:06:51.0035 6096 adp94xx - ok
21:06:51.0067 6096 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:06:51.0082 6096 adpahci - ok
21:06:51.0113 6096 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:06:51.0160 6096 adpu320 - ok
21:06:51.0223 6096 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:06:51.0301 6096 AeLookupSvc - ok
21:06:51.0613 6096 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:06:51.0722 6096 AFD - ok
21:06:51.0800 6096 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:06:51.0831 6096 agp440 - ok
21:06:51.0878 6096 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:06:51.0909 6096 aic78xx - ok
21:06:52.0034 6096 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:06:52.0096 6096 ALG - ok
21:06:52.0159 6096 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:06:52.0190 6096 aliide - ok
21:06:52.0330 6096 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
21:06:52.0408 6096 AMD External Events Utility - ok
21:06:52.0455 6096 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:06:52.0502 6096 amdagp - ok
21:06:52.0595 6096 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:06:52.0627 6096 amdide - ok
21:06:52.0705 6096 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:06:52.0783 6096 AmdK8 - ok
21:06:52.0829 6096 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:06:52.0892 6096 AmdPPM - ok
21:06:52.0939 6096 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:06:52.0985 6096 amdsata - ok
21:06:53.0126 6096 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:06:53.0173 6096 amdsbs - ok
21:06:53.0188 6096 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:06:53.0204 6096 amdxata - ok
21:06:53.0266 6096 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:06:53.0438 6096 AppID - ok
21:06:53.0516 6096 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:06:53.0594 6096 AppIDSvc - ok
21:06:53.0672 6096 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:06:53.0734 6096 Appinfo - ok
21:06:53.0906 6096 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:06:53.0937 6096 Apple Mobile Device - ok
21:06:54.0046 6096 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:06:54.0124 6096 AppMgmt - ok
21:06:54.0171 6096 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:06:54.0218 6096 arc - ok
21:06:54.0233 6096 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:06:54.0249 6096 arcsas - ok
21:06:54.0296 6096 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:54.0452 6096 AsyncMac - ok
21:06:54.0530 6096 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:06:54.0577 6096 atapi - ok
21:06:54.0795 6096 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
21:06:54.0998 6096 atikmdag - ok
21:06:55.0169 6096 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:06:55.0263 6096 AudioEndpointBuilder - ok
21:06:55.0294 6096 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:06:55.0325 6096 Audiosrv - ok
21:06:55.0403 6096 AVG Security Toolbar Service - ok
21:06:55.0606 6096 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
21:06:55.0669 6096 AVP - ok
21:06:55.0825 6096 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:06:55.0903 6096 AxInstSV - ok
21:06:55.0981 6096 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:06:56.0059 6096 b06bdrv - ok
21:06:56.0137 6096 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:06:56.0183 6096 b57nd60x - ok
21:06:56.0293 6096 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:06:56.0371 6096 BDESVC - ok
21:06:56.0402 6096 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:06:56.0480 6096 Beep - ok
21:06:56.0651 6096 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:06:56.0745 6096 BFE - ok
21:06:56.0854 6096 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
21:06:56.0948 6096 BITS - ok
21:06:57.0026 6096 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:57.0119 6096 blbdrive - ok
21:06:57.0244 6096 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:06:57.0307 6096 Bonjour Service - ok
21:06:57.0478 6096 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:06:57.0541 6096 bowser - ok
21:06:57.0587 6096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:06:57.0712 6096 BrFiltLo - ok
21:06:57.0775 6096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:06:57.0821 6096 BrFiltUp - ok
21:06:57.0931 6096 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:06:58.0009 6096 BridgeMP - ok
21:06:58.0087 6096 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:06:58.0196 6096 Browser - ok
21:06:58.0274 6096 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:06:58.0352 6096 Brserid - ok
21:06:58.0414 6096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:58.0445 6096 BrSerWdm - ok
21:06:58.0461 6096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:58.0492 6096 BrUsbMdm - ok
21:06:58.0523 6096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:58.0555 6096 BrUsbSer - ok
21:06:58.0664 6096 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:06:58.0726 6096 BTHMODEM - ok
21:06:58.0804 6096 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:06:58.0867 6096 bthserv - ok
21:06:59.0007 6096 catchme - ok
21:06:59.0147 6096 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:06:59.0194 6096 cdfs - ok
21:06:59.0272 6096 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:06:59.0319 6096 cdrom - ok
21:06:59.0459 6096 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:06:59.0522 6096 CertPropSvc - ok
21:06:59.0600 6096 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:06:59.0647 6096 circlass - ok
21:06:59.0740 6096 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:06:59.0771 6096 CLFS - ok
21:06:59.0849 6096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:59.0912 6096 clr_optimization_v2.0.50727_32 - ok
21:06:59.0990 6096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:07:00.0021 6096 clr_optimization_v4.0.30319_32 - ok
21:07:00.0130 6096 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:07:00.0161 6096 CmBatt - ok
21:07:00.0208 6096 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:07:00.0239 6096 cmdide - ok
21:07:00.0286 6096 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:07:00.0364 6096 CNG - ok
21:07:00.0458 6096 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:07:00.0489 6096 Compbatt - ok
21:07:00.0551 6096 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:07:00.0614 6096 CompositeBus - ok
21:07:00.0676 6096 COMSysApp - ok
21:07:00.0723 6096 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:07:00.0754 6096 crcdisk - ok
21:07:00.0848 6096 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:07:00.0941 6096 CryptSvc - ok
21:07:01.0019 6096 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:07:01.0113 6096 CSC - ok
21:07:01.0207 6096 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:07:01.0285 6096 CscService - ok
21:07:01.0378 6096 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:07:01.0487 6096 DcomLaunch - ok
21:07:01.0519 6096 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:07:01.0565 6096 defragsvc - ok
21:07:01.0690 6096 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:07:01.0784 6096 DfsC - ok
21:07:02.0080 6096 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:07:02.0189 6096 Dhcp - ok
21:07:02.0252 6096 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:07:02.0345 6096 discache - ok
21:07:02.0408 6096 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:07:02.0455 6096 Disk - ok
21:07:02.0564 6096 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:07:02.0673 6096 Dnscache - ok
21:07:02.0720 6096 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:07:02.0782 6096 dot3svc - ok
21:07:02.0891 6096 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:07:02.0954 6096 DPS - ok
21:07:03.0063 6096 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:07:03.0172 6096 drmkaud - ok
21:07:03.0266 6096 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:07:03.0344 6096 DXGKrnl - ok
21:07:03.0453 6096 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:07:03.0531 6096 EapHost - ok
21:07:03.0749 6096 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:07:03.0890 6096 ebdrv - ok
21:07:03.0999 6096 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:07:04.0061 6096 EFS - ok
21:07:04.0171 6096 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:07:04.0280 6096 ehRecvr - ok
21:07:04.0311 6096 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:07:04.0342 6096 ehSched - ok
21:07:04.0420 6096 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:07:04.0483 6096 elxstor - ok
21:07:04.0623 6096 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
21:07:04.0685 6096 EPSON_EB_RPCV4_01 - ok
21:07:04.0732 6096 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:07:04.0795 6096 EPSON_PM_RPCV4_01 - ok
21:07:04.0873 6096 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:07:04.0919 6096 ErrDev - ok
21:07:05.0029 6096 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:07:05.0122 6096 EventSystem - ok
21:07:05.0169 6096 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:07:05.0247 6096 exfat - ok
21:07:05.0325 6096 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:07:05.0387 6096 fastfat - ok
21:07:05.0512 6096 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:07:05.0621 6096 Fax - ok
21:07:05.0699 6096 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:07:05.0746 6096 fdc - ok
21:07:05.0824 6096 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:07:05.0902 6096 fdPHost - ok
21:07:05.0933 6096 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:07:05.0996 6096 FDResPub - ok
21:07:06.0089 6096 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:07:06.0121 6096 FileInfo - ok
21:07:06.0136 6096 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:07:06.0230 6096 Filetrace - ok
21:07:06.0308 6096 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:07:06.0339 6096 flpydisk - ok
21:07:06.0433 6096 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:07:06.0479 6096 FltMgr - ok
21:07:06.0557 6096 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:07:06.0667 6096 FontCache - ok
21:07:06.0760 6096 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:07:06.0791 6096 FontCache3.0.0.0 - ok
21:07:06.0869 6096 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:07:06.0901 6096 FsDepends - ok
21:07:06.0963 6096 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:07:07.0025 6096 Fs_Rec - ok
21:07:07.0103 6096 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:07:07.0166 6096 fvevol - ok
21:07:07.0431 6096 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:07:07.0478 6096 gagp30kx - ok
21:07:07.0525 6096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:07:07.0556 6096 GEARAspiWDM - ok
21:07:07.0649 6096 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:07:07.0759 6096 gpsvc - ok
21:07:07.0915 6096 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:07:07.0961 6096 gupdate - ok
21:07:07.0977 6096 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:07:07.0977 6096 gupdatem - ok
21:07:08.0055 6096 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:07:08.0133 6096 hcw85cir - ok
21:07:08.0211 6096 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:07:08.0242 6096 HdAudAddService - ok
21:07:08.0398 6096 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:07:08.0445 6096 HDAudBus - ok
21:07:08.0492 6096 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:07:08.0539 6096 HidBatt - ok
21:07:08.0617 6096 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:07:08.0648 6096 HidBth - ok
21:07:08.0741 6096 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:07:08.0773 6096 HidIr - ok
21:07:08.0819 6096 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:07:08.0944 6096 hidserv - ok
21:07:09.0022 6096 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:07:09.0069 6096 HidUsb - ok
21:07:09.0209 6096 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:07:09.0303 6096 hkmsvc - ok
21:07:09.0350 6096 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:07:09.0443 6096 HomeGroupListener - ok
21:07:09.0506 6096 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:07:09.0568 6096 HomeGroupProvider - ok
21:07:09.0709 6096 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:07:09.0755 6096 HpSAMD - ok
21:07:09.0818 6096 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:07:09.0896 6096 HTTP - ok
21:07:09.0958 6096 hwdatacard - ok
21:07:10.0052 6096 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:07:10.0083 6096 hwpolicy - ok
21:07:10.0177 6096 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:07:10.0270 6096 i8042prt - ok
21:07:10.0333 6096 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:07:10.0364 6096 iaStorV - ok
21:07:10.0535 6096 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:07:10.0629 6096 idsvc - ok
21:07:10.0691 6096 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:07:10.0723 6096 iirsp - ok
21:07:10.0832 6096 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:07:10.0925 6096 IKEEXT - ok
21:07:11.0003 6096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:07:11.0050 6096 intelide - ok
21:07:11.0128 6096 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:07:11.0206 6096 intelppm - ok
21:07:11.0284 6096 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:07:11.0362 6096 IPBusEnum - ok
21:07:11.0393 6096 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:11.0471 6096 IpFilterDriver - ok
21:07:11.0581 6096 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:07:11.0690 6096 iphlpsvc - ok
21:07:11.0815 6096 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:07:11.0877 6096 IPMIDRV - ok
21:07:11.0939 6096 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:07:11.0986 6096 IPNAT - ok
21:07:12.0111 6096 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:07:12.0189 6096 iPod Service - ok
21:07:12.0345 6096 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:07:12.0423 6096 IRENUM - ok
21:07:12.0532 6096 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:07:12.0563 6096 isapnp - ok
21:07:12.0626 6096 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:07:12.0673 6096 iScsiPrt - ok
21:07:12.0797 6096 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
21:07:12.0844 6096 ISODrive - ok
21:07:12.0953 6096 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:07:12.0985 6096 kbdclass - ok
21:07:13.0094 6096 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:07:13.0156 6096 kbdhid - ok
21:07:13.0219 6096 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:13.0265 6096 KeyIso - ok
21:07:13.0453 6096 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
21:07:13.0484 6096 KL1 - ok
21:07:13.0546 6096 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
21:07:13.0577 6096 kl2 - ok
21:07:13.0718 6096 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
21:07:13.0780 6096 KLIF - ok
21:07:13.0952 6096 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
21:07:13.0999 6096 KLIM6 - ok
21:07:14.0030 6096 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
21:07:14.0045 6096 klmouflt - ok
21:07:14.0123 6096 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:07:14.0170 6096 KSecDD - ok
21:07:14.0217 6096 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:07:14.0264 6096 KSecPkg - ok
21:07:14.0357 6096 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:07:14.0420 6096 KtmRm - ok
21:07:14.0482 6096 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
21:07:14.0591 6096 LanmanServer - ok
21:07:14.0654 6096 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:07:14.0716 6096 LanmanWorkstation - ok
21:07:14.0825 6096 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:07:14.0919 6096 lltdio - ok
21:07:15.0013 6096 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:07:15.0044 6096 lltdsvc - ok
21:07:15.0137 6096 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:07:15.0184 6096 lmhosts - ok
21:07:15.0278 6096 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:07:15.0309 6096 LSI_FC - ok
21:07:15.0356 6096 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:07:15.0371 6096 LSI_SAS - ok
21:07:15.0403 6096 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:07:15.0418 6096 LSI_SAS2 - ok
21:07:15.0434 6096 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:07:15.0449 6096 LSI_SCSI - ok
21:07:15.0512 6096 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:07:15.0559 6096 luafv - ok
21:07:15.0668 6096 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:07:15.0715 6096 Mcx2Svc - ok
21:07:15.0777 6096 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:07:15.0824 6096 megasas - ok
21:07:15.0886 6096 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:07:15.0902 6096 MegaSR - ok
21:07:16.0027 6096 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:07:16.0042 6096 Microsoft Office Groove Audit Service - ok
21:07:16.0183 6096 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:07:16.0245 6096 MMCSS - ok
21:07:16.0307 6096 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:07:16.0370 6096 Modem - ok
21:07:16.0526 6096 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:07:16.0573 6096 monitor - ok
21:07:16.0635 6096 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:07:16.0666 6096 mouclass - ok
21:07:16.0775 6096 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:07:16.0838 6096 mouhid - ok
21:07:16.0978 6096 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:07:16.0994 6096 mountmgr - ok
21:07:17.0072 6096 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:07:17.0087 6096 mpio - ok
21:07:17.0134 6096 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:07:17.0243 6096 mpsdrv - ok
21:07:17.0399 6096 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:07:17.0587 6096 MpsSvc - ok
21:07:17.0789 6096 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:07:17.0867 6096 MRxDAV - ok
21:07:18.0133 6096 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:18.0304 6096 mrxsmb - ok
21:07:18.0382 6096 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:18.0445 6096 mrxsmb10 - ok
21:07:18.0476 6096 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:18.0554 6096 mrxsmb20 - ok
21:07:18.0647 6096 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:07:18.0694 6096 msahci - ok
21:07:18.0788 6096 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:07:18.0819 6096 msdsm - ok
21:07:18.0866 6096 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:07:18.0897 6096 MSDTC - ok
21:07:18.0959 6096 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:07:18.0991 6096 Msfs - ok
21:07:19.0053 6096 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:07:19.0115 6096 mshidkmdf - ok
21:07:19.0162 6096 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:07:19.0178 6096 msisadrv - ok
21:07:19.0287 6096 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:07:19.0365 6096 MSiSCSI - ok
21:07:19.0365 6096 msiserver - ok
21:07:19.0412 6096 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:07:19.0474 6096 MSKSSRV - ok
21:07:19.0599 6096 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:19.0661 6096 MSPCLOCK - ok
21:07:19.0693 6096 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:07:19.0739 6096 MSPQM - ok
21:07:19.0833 6096 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:07:19.0895 6096 MsRPC - ok
21:07:19.0989 6096 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:07:20.0020 6096 mssmbios - ok
21:07:20.0114 6096 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:07:20.0161 6096 MSTEE - ok
21:07:20.0176 6096 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:07:20.0207 6096 MTConfig - ok
21:07:20.0254 6096 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
21:07:20.0317 6096 MTsensor - ok
21:07:20.0410 6096 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:07:20.0441 6096 Mup - ok
21:07:20.0488 6096 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:07:20.0582 6096 napagent - ok
21:07:20.0675 6096 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:07:20.0722 6096 NativeWifiP - ok
21:07:20.0909 6096 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:07:20.0987 6096 NBService - ok
21:07:21.0128 6096 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:07:21.0206 6096 NDIS - ok
21:07:21.0253 6096 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:21.0315 6096 NdisCap - ok
21:07:21.0455 6096 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:21.0518 6096 NdisTapi - ok
21:07:21.0565 6096 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:21.0643 6096 Ndisuio - ok
21:07:21.0705 6096 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:21.0783 6096 NdisWan - ok
21:07:21.0861 6096 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:07:21.0923 6096 NDProxy - ok
21:07:21.0970 6096 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:07:22.0033 6096 NetBIOS - ok
21:07:22.0095 6096 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:07:22.0204 6096 NetBT - ok
21:07:22.0282 6096 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:22.0329 6096 Netlogon - ok
21:07:22.0454 6096 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:07:22.0579 6096 Netman - ok
21:07:22.0610 6096 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:07:22.0657 6096 netprofm - ok
21:07:22.0781 6096 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:22.0813 6096 NetTcpPortSharing - ok
21:07:23.0343 6096 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:07:23.0624 6096 NETw5s32 - ok
21:07:23.0889 6096 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:07:24.0045 6096 netw5v32 - ok
21:07:24.0107 6096 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:07:24.0123 6096 nfrd960 - ok
21:07:24.0232 6096 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:07:24.0326 6096 NlaSvc - ok
21:07:24.0451 6096 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:07:24.0482 6096 NMIndexingService - ok
21:07:24.0575 6096 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:07:24.0638 6096 Npfs - ok
21:07:24.0716 6096 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:07:24.0778 6096 nsi - ok
21:07:24.0794 6096 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:07:24.0825 6096 nsiproxy - ok
21:07:24.0919 6096 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:07:25.0012 6096 Ntfs - ok
21:07:25.0090 6096 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:07:25.0168 6096 Null - ok
21:07:25.0277 6096 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:07:25.0324 6096 nvraid - ok
21:07:25.0387 6096 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:07:25.0418 6096 nvstor - ok
21:07:25.0511 6096 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:07:25.0558 6096 nv_agp - ok
21:07:25.0683 6096 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:07:25.0746 6096 odserv - ok
21:07:25.0855 6096 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:07:25.0902 6096 ohci1394 - ok
21:07:26.0026 6096 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:26.0058 6096 ose - ok
21:07:26.0136 6096 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:07:26.0182 6096 p2pimsvc - ok
21:07:26.0323 6096 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:07:26.0370 6096 p2psvc - ok
21:07:26.0432 6096 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:07:26.0463 6096 Parport - ok
21:07:26.0635 6096 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:07:26.0666 6096 partmgr - ok
21:07:26.0713 6096 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:07:26.0744 6096 Parvdm - ok
21:07:26.0791 6096 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:07:26.0853 6096 PcaSvc - ok
21:07:26.0900 6096 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:07:26.0947 6096 pci - ok
21:07:27.0025 6096 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:07:27.0056 6096 pciide - ok
21:07:27.0118 6096 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:27.0150 6096 pcmcia - ok
21:07:27.0196 6096 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:07:27.0212 6096 pcw - ok
21:07:27.0321 6096 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:07:27.0415 6096 PEAUTH - ok
21:07:27.0586 6096 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:07:27.0696 6096 PeerDistSvc - ok
21:07:27.0867 6096 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:07:27.0992 6096 pla - ok
21:07:28.0117 6096 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:07:28.0195 6096 PlugPlay - ok
21:07:28.0304 6096 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:07:28.0351 6096 PNRPAutoReg - ok
21:07:28.0366 6096 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:07:28.0398 6096 PNRPsvc - ok
21:07:28.0460 6096 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:07:28.0569 6096 PolicyAgent - ok
21:07:28.0647 6096 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:07:28.0694 6096 Power - ok
21:07:28.0803 6096 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:28.0881 6096 PptpMiniport - ok
21:07:28.0928 6096 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:07:28.0975 6096 Processor - ok
21:07:29.0037 6096 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:07:29.0100 6096 ProfSvc - ok
21:07:29.0162 6096 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:29.0193 6096 ProtectedStorage - ok
21:07:29.0318 6096 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:07:29.0396 6096 Psched - ok
21:07:29.0458 6096 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:29.0568 6096 ql2300 - ok
21:07:29.0630 6096 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:29.0677 6096 ql40xx - ok
21:07:29.0724 6096 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:07:29.0770 6096 QWAVE - ok
21:07:29.0817 6096 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:07:29.0848 6096 QWAVEdrv - ok
21:07:29.0895 6096 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:29.0942 6096 RasAcd - ok
21:07:30.0020 6096 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:30.0082 6096 RasAgileVpn - ok
21:07:30.0129 6096 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:07:30.0192 6096 RasAuto - ok
21:07:30.0207 6096 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:30.0254 6096 Rasl2tp - ok
21:07:30.0363 6096 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:07:30.0441 6096 RasMan - ok
21:07:30.0566 6096 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:30.0613 6096 RasPppoe - ok
21:07:30.0660 6096 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:30.0753 6096 RasSstp - ok
21:07:30.0831 6096 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:30.0894 6096 rdbss - ok
21:07:30.0956 6096 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:31.0003 6096 rdpbus - ok
21:07:31.0081 6096 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:31.0143 6096 RDPCDD - ok
21:07:31.0206 6096 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:07:31.0268 6096 RDPDR - ok
21:07:31.0424 6096 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:07:31.0502 6096 RDPENCDD - ok
21:07:31.0533 6096 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:07:31.0564 6096 RDPREFMP - ok
21:07:31.0658 6096 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:07:31.0736 6096 RDPWD - ok
21:07:31.0892 6096 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:07:31.0939 6096 rdyboost - ok
21:07:32.0001 6096 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:07:32.0064 6096 RemoteAccess - ok
21:07:32.0157 6096 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:07:32.0220 6096 RemoteRegistry - ok
21:07:32.0298 6096 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:07:32.0376 6096 RpcEptMapper - ok
21:07:32.0407 6096 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:07:32.0438 6096 RpcLocator - ok
21:07:32.0500 6096 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:07:32.0547 6096 RpcSs - ok
21:07:32.0625 6096 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:32.0688 6096 rspndr - ok
21:07:32.0797 6096 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:07:32.0828 6096 RTL8167 - ok
21:07:32.0922 6096 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:07:32.0984 6096 s3cap - ok
21:07:33.0046 6096 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:33.0062 6096 SamSs - ok
21:07:33.0218 6096 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:07:33.0312 6096 sbp2port - ok
21:07:33.0514 6096 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:07:33.0577 6096 SCardSvr - ok
21:07:33.0655 6096 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:33.0717 6096 scfilter - ok
21:07:33.0795 6096 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:07:33.0904 6096 Schedule - ok
21:07:34.0045 6096 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:07:34.0092 6096 SCPolicySvc - ok
21:07:34.0154 6096 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:07:34.0232 6096 SDRSVC - ok
21:07:34.0294 6096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:07:34.0372 6096 secdrv - ok
21:07:34.0435 6096 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:07:34.0528 6096 seclogon - ok
21:07:34.0560 6096 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:07:34.0606 6096 SENS - ok
21:07:34.0653 6096 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:07:34.0731 6096 SensrSvc - ok
21:07:34.0809 6096 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:07:34.0856 6096 Serenum - ok
21:07:34.0903 6096 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:07:34.0934 6096 Serial - ok
21:07:34.0996 6096 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:35.0028 6096 sermouse - ok
21:07:35.0090 6096 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:07:35.0137 6096 SessionEnv - ok
21:07:35.0215 6096 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:07:35.0277 6096 sffdisk - ok
21:07:35.0355 6096 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:07:35.0402 6096 sffp_mmc - ok
21:07:35.0464 6096 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:07:35.0496 6096 sffp_sd - ok
21:07:35.0558 6096 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:35.0605 6096 sfloppy - ok
21:07:35.0683 6096 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:07:35.0761 6096 SharedAccess - ok
21:07:35.0839 6096 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:07:35.0917 6096 ShellHWDetection - ok
21:07:36.0010 6096 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:07:36.0057 6096 sisagp - ok
21:07:36.0088 6096 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:36.0120 6096 SiSRaid2 - ok
21:07:36.0135 6096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:36.0151 6096 SiSRaid4 - ok
21:07:36.0307 6096 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:07:36.0338 6096 SkypeUpdate - ok
21:07:36.0432 6096 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:07:36.0478 6096 Smb - ok
21:07:36.0556 6096 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:07:36.0603 6096 SNMPTRAP - ok
21:07:36.0619 6096 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:07:36.0650 6096 spldr - ok
21:07:36.0697 6096 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:07:36.0775 6096 Spooler - ok
21:07:36.0931 6096 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:07:37.0087 6096 sppsvc - ok
21:07:37.0165 6096 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:07:37.0227 6096 sppuinotify - ok
21:07:37.0290 6096 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:07:37.0383 6096 srv - ok
21:07:37.0461 6096 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:07:37.0492 6096 srv2 - ok
21:07:37.0524 6096 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:37.0555 6096 srvnet - ok
21:07:37.0633 6096 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:07:37.0711 6096 SSDPSRV - ok
21:07:37.0773 6096 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:07:37.0836 6096 SstpSvc - ok
21:07:37.0882 6096 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:37.0898 6096 stexstor - ok
21:07:38.0007 6096 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:07:38.0085 6096 StiSvc - ok
21:07:38.0179 6096 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:07:38.0210 6096 storflt - ok
21:07:38.0257 6096 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:07:38.0288 6096 StorSvc - ok
21:07:38.0350 6096 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:07:38.0382 6096 storvsc - ok
21:07:38.0444 6096 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:07:38.0460 6096 swenum - ok
21:07:38.0616 6096 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:07:38.0694 6096 swprv - ok
21:07:38.0818 6096 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:07:38.0912 6096 SysMain - ok
21:07:39.0006 6096 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:07:39.0084 6096 TabletInputService - ok
21:07:39.0162 6096 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:07:39.0208 6096 TapiSrv - ok
21:07:39.0286 6096 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:07:39.0349 6096 TBS - ok
21:07:39.0474 6096 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:07:39.0552 6096 Tcpip - ok
21:07:39.0676 6096 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:39.0708 6096 TCPIP6 - ok
21:07:39.0786 6096 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:07:39.0864 6096 tcpipreg - ok
21:07:39.0942 6096 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:07:39.0988 6096 TDPIPE - ok
21:07:40.0051 6096 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:07:40.0082 6096 TDTCP - ok
21:07:40.0160 6096 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:07:40.0238 6096 tdx - ok
21:07:40.0332 6096 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:07:40.0378 6096 TermDD - ok
21:07:40.0441 6096 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:07:40.0550 6096 TermService - ok
21:07:40.0659 6096 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:07:40.0722 6096 Themes - ok
21:07:40.0800 6096 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:07:40.0846 6096 THREADORDER - ok
21:07:40.0893 6096 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:07:40.0971 6096 TrkWks - ok
21:07:41.0034 6096 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:07:41.0112 6096 TrustedInstaller - ok
21:07:41.0174 6096 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:41.0236 6096 tssecsrv - ok
21:07:41.0314 6096 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:07:41.0392 6096 TsUsbFlt - ok
21:07:41.0486 6096 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:41.0548 6096 tunnel - ok
21:07:41.0642 6096 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:41.0673 6096 uagp35 - ok
21:07:41.0736 6096 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:07:41.0798 6096 udfs - ok
21:07:41.0860 6096 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:07:41.0938 6096 UI0Detect - ok
21:07:42.0016 6096 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:07:42.0063 6096 uliagpkx - ok
21:07:42.0126 6096 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:07:42.0188 6096 umbus - ok
21:07:42.0235 6096 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:07:42.0282 6096 UmPass - ok
21:07:42.0375 6096 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
21:07:42.0438 6096 UmRdpService - ok
21:07:42.0516 6096 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:07:42.0562 6096 upnphost - ok
21:07:42.0687 6096 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:07:42.0734 6096 USBAAPL - ok
21:07:42.0828 6096 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:42.0921 6096 usbccgp - ok
21:07:42.0999 6096 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:07:43.0062 6096 usbcir - ok
21:07:43.0108 6096 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:07:43.0140 6096 usbehci - ok
21:07:43.0249 6096 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:07:43.0311 6096 usbhub - ok
21:07:43.0389 6096 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:07:43.0420 6096 usbohci - ok
21:07:43.0498 6096 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:43.0545 6096 usbprint - ok
21:07:43.0639 6096 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:07:43.0686 6096 usbscan - ok
21:07:43.0779 6096 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:07:43.0857 6096 USBSTOR - ok
21:07:43.0951 6096 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:07:43.0998 6096 usbuhci - ok
21:07:44.0076 6096 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:07:44.0138 6096 usbvideo - ok
21:07:44.0185 6096 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:07:44.0247 6096 UxSms - ok
21:07:44.0310 6096 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:07:44.0341 6096 VaultSvc - ok
21:07:44.0434 6096 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:07:44.0466 6096 vdrvroot - ok
21:07:44.0528 6096 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:07:44.0622 6096 vds - ok
21:07:44.0684 6096 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:44.0731 6096 vga - ok
21:07:44.0793 6096 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:07:44.0840 6096 VgaSave - ok
21:07:44.0918 6096 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:07:44.0965 6096 vhdmp - ok
21:07:45.0043 6096 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:07:45.0074 6096 viaagp - ok
21:07:45.0152 6096 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:07:45.0199 6096 ViaC7 - ok
21:07:45.0277 6096 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:07:45.0308 6096 viaide - ok
21:07:45.0448 6096 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:07:45.0480 6096 vmbus - ok
21:07:45.0526 6096 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:07:45.0542 6096 VMBusHID - ok
21:07:45.0604 6096 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:07:45.0636 6096 volmgr - ok
21:07:45.0698 6096 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:07:45.0729 6096 volmgrx - ok
21:07:45.0792 6096 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:07:45.0823 6096 volsnap - ok
21:07:45.0916 6096 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:45.0963 6096 vsmraid - ok
21:07:46.0041 6096 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:07:46.0135 6096 VSS - ok
21:07:46.0369 6096 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
21:07:46.0400 6096 vToolbarUpdater10.2.0 - ok
21:07:46.0478 6096 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:07:46.0509 6096 vwifibus - ok
21:07:46.0540 6096 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:07:46.0587 6096 vwififlt - ok
21:07:46.0665 6096 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:07:46.0743 6096 W32Time - ok
21:07:46.0821 6096 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:46.0884 6096 WacomPen - ok
21:07:46.0962 6096 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:47.0008 6096 WANARP - ok
21:07:47.0008 6096 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:47.0040 6096 Wanarpv6 - ok
21:07:47.0227 6096 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:07:47.0320 6096 WatAdminSvc - ok
21:07:47.0508 6096 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:07:47.0617 6096 wbengine - ok
21:07:47.0664 6096 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:07:47.0695 6096 WbioSrvc - ok
21:07:47.0804 6096 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:07:47.0866 6096 wcncsvc - ok
21:07:47.0898 6096 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:07:47.0976 6096 WcsPlugInService - ok
21:07:48.0022 6096 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:07:48.0069 6096 Wd - ok
21:07:48.0147 6096 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:07:48.0210 6096 Wdf01000 - ok
21:07:48.0256 6096 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:07:48.0350 6096 WdiServiceHost - ok
21:07:48.0350 6096 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:07:48.0381 6096 WdiSystemHost - ok
21:07:48.0490 6096 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:07:48.0537 6096 WebClient - ok
21:07:48.0600 6096 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:07:48.0662 6096 Wecsvc - ok
21:07:48.0724 6096 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:07:48.0880 6096 wercplsupport - ok
21:07:49.0036 6096 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:07:49.0099 6096 WerSvc - ok
21:07:49.0177 6096 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:49.0239 6096 WfpLwf - ok
21:07:49.0302 6096 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:07:49.0317 6096 WIMMount - ok
21:07:49.0395 6096 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:07:49.0536 6096 WinDefend - ok
21:07:49.0536 6096 WinHttpAutoProxySvc - ok
21:07:49.0629 6096 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:07:49.0707 6096 Winmgmt - ok
21:07:49.0832 6096 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:07:49.0926 6096 WinRM - ok
21:07:50.0004 6096 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:07:50.0066 6096 WinUsb - ok
21:07:50.0128 6096 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:07:50.0222 6096 Wlansvc - ok
21:07:50.0300 6096 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:07:50.0347 6096 WmiAcpi - ok
21:07:50.0456 6096 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:07:50.0487 6096 wmiApSrv - ok
21:07:50.0612 6096 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:07:50.0752 6096 WMPNetworkSvc - ok
21:07:50.0846 6096 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:07:50.0893 6096 WPCSvc - ok
21:07:50.0940 6096 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:07:51.0033 6096 WPDBusEnum - ok
21:07:51.0080 6096 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:51.0127 6096 ws2ifsl - ok
21:07:51.0236 6096 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
21:07:51.0283 6096 wscsvc - ok
21:07:51.0314 6096 WSearch - ok
21:07:51.0408 6096 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:07:51.0548 6096 wuauserv - ok
21:07:51.0595 6096 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:07:51.0626 6096 WudfPf - ok
21:07:51.0704 6096 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:51.0766 6096 WUDFRd - ok
21:07:51.0829 6096 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:07:51.0891 6096 wudfsvc - ok
21:07:51.0938 6096 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:07:51.0985 6096 WwanSvc - ok
21:07:52.0032 6096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:07:52.0156 6096 \Device\Harddisk0\DR0 - ok
21:07:52.0156 6096 Boot (0x1200) (017c1d57b7be04f207dc3198ad6f1c2d) \Device\Harddisk0\DR0\Partition0
21:07:52.0172 6096 \Device\Harddisk0\DR0\Partition0 - ok
21:07:52.0203 6096 Boot (0x1200) (a583dc67e9e6be02ff2ba2398aba1c79) \Device\Harddisk0\DR0\Partition1
21:07:52.0203 6096 \Device\Harddisk0\DR0\Partition1 - ok
21:07:52.0219 6096 Boot (0x1200) (8b8ba81fe489a9c60ddbf80df69af1fd) \Device\Harddisk0\DR0\Partition2
21:07:52.0250 6096 \Device\Harddisk0\DR0\Partition2 - ok
21:07:52.0250 6096 ============================================================
21:07:52.0250 6096 Scan finished
21:07:52.0250 6096 ============================================================
21:07:52.0281 4444 Detected object count: 0
21:07:52.0281 4444 Actual detected object count: 0
21:08:20.0531 5392 Deinitialize success

Alt 21.04.2012, 13:20   #11
markusg
/// Malware-holic
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



öffne malwarebytes, logdateien, poste alle berichte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.04.2012, 18:16   #12
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



hier ist bericht von malwarebytes:


Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.21.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sergej :: SERGEJ-PC [Administrator]

21.04.2012 18:08:26
mbam-log-2012-04-21 (18-08-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214325
Laufzeit: 7 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 21.04.2012, 18:17   #13
markusg
/// Malware-holic
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.04.2012, 18:34   #14
Sergio
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 21.07.2010 6,00MB 10.1.53.64 (notwendig)
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 13.09.2010 6,00MB 10.1.82.76 (notwendig)
Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 18.04.2012 168,8MB 10.1.3 (notwendig)
Apple Application Support Apple Inc. 08.03.2012 61,0MB 2.1.7 (notwendig)
Apple Mobile Device Support Apple Inc. 08.03.2012 24,2MB 5.1.1.4 (notwendig)
Apple Software Update Apple Inc. 22.07.2011 2,38MB 2.1.3.127 (notwendig)
Bonjour Apple Inc. 26.11.2011 1,02MB 3.0.0.10 (notwendig)
Camera RAW Plug-In for EPSON Creativity Suite SEIKO EPSON CORPORATION 21.07.2010 2.3.0.0 (unbekannt)
CCleaner Piriform 21.04.2012 3.17 (unbekannt)
DivX-Setup DivX, LLC 09.12.2011 2.6.0.34 (notwendig)
DVDVideoSoftTB Toolbar DVDVideoSoftTB 09.04.2011 6.3.3.3 (unnötig)
EPSON Attach To Email SEIKO EPSON 21.07.2010 1,08MB 1.01.0000 (notwendig)
EPSON Easy Photo Print SEIKO EPSON CORPORATION 21.07.2010 1.5.1.0 (notwendig)
EPSON File Manager 21.07.2010 1.3.1.0 (notwendig)
EPSON Scan 21.07.2010 (notwendig)
EPSON Scan Assistant 21.07.2010 1.10.00 (notwendig)
EPSON Stylus SX200 Series Printer Uninstall SEIKO EPSON Corporation 21.07.2010 (notwendig)
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch 21.07.2010 (notwendig)
eT-Fahrtenbuch 7 escorTec 05.02.2012 20,2MB 7 (unnötig)
Foxit PDF Creator Toolbar Ask.com 19.01.2012 4,22MB 1.14.1.0 (unnötig)
Foxit PDF Creator Toolbar Updater Ask.com 19.01.2012 1.2.0.20007 (unnötig)
Foxit Reader 5.1 Foxit Corporation 09.12.2011 35,5MB 5.1.3.1201 (unbekannt)
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 09.04.2011 10,7MB (unnötig)
Free Mp3 Wma Converter V 2.0 Koyote Soft 10.09.2011 38,4MB 2.0.0.0 (unnötig)
Free YouTube Download 2.3 DVDVideoSoft Limited. 22.07.2010 (notwendig)
Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 09.04.2011 36,0MB (notwendig)
Full Tilt Poker 15.06.2011 4.40.9.WIN.FullTilt.COM (unnötig)
Google Chrome Google Inc. 06.08.2011 18.0.1025.162 (notwendig)
Google Earth Plug-in Google 11.11.2011 40,9MB 6.1.0.5001 (notwendig)
GutscheinRausch.de - AddOn für Chrome GutscheinRausch.de 05.02.2012 0,76MB 2.0 (unnötig)
iCloud Apple Inc. 08.03.2012 24,3MB 1.1.0.40 (unnötig)
iTunes Apple Inc. 07.04.2012 156,1MB 10.6.1.7 (notwendig)
Java(TM) 6 Update 31 Oracle 06.04.2012 95,1MB 6.0.310 (notwendig)
JDownloader 0.9 AppWork GmbH 29.10.2011 0.9 (unbekannt)
K-Lite Mega Codec Pack 6.1.0 05.08.2010 68,6MB 6.1.0 (notwendig)
Kaspersky Anti-Virus 2012 Kaspersky Lab 02.04.2012 12.0.0.374 (notwendig)
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 20.04.2012 18,0MB 1.61.0.1400 (notwendig)
MATLAB R2008a The MathWorks, Inc. 17.07.2010 7.6 (unnötig)
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.07.2010 38,8MB 4.0.30319 (notwendig)
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 21.07.2010 2,94MB 4.0.30319 (notwendig)
Microsoft Age of Empires II 07.01.2012 (notwendig)
Microsoft Office Enterprise 2007 Microsoft Corporation 17.07.2010 12.0.4518.1014 (notwendig)
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.07.2010 0,34MB 8.0.59193 (notwendig)
MobileMe Control Panel Apple Inc. 25.12.2011 12,9MB 3.1.8.0 (unnötig)
Mozilla Firefox (3.6.13) Mozilla 30.12.2010 3.6.13 (de) (notwendig)
Mozilla Thunderbird (6.0) Mozilla 20.09.2011 6.0 (de) (notwendig)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.07.2010 35,00KB 4.20.9870.0 (unbekannt)
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 19.07.2010 1,33MB 4.20.9876.0 (unbekannt)
Nero 7 Premium Nero AG 17.07.2010 2.538MB 7.02.9755 (unnötig)
Norton Security Scan Symantec Corporation 09.12.2011 3.5.1.10 (unnötig)
PDF24 Creator 4.1.2 PDF24.org 01.01.2012 34,0MB (notwendig)
PokerStars.net PokerStars.net 17.12.2010 (unnötig)
PriceGong 2.1.0 PriceGong 05.08.2010 2.1.0 (unnötig)
QuickTime Apple Inc. 26.11.2011 73,3MB 7.71.80.42 (unnötig)
Russisch für Deutsche - Transliteration Uni Leipzig 09.12.2011 0,13MB 1.0.3.40 (notwendig)
Safari Apple Inc. 07.04.2012 104,3MB 5.34.55.3 (notwendig)
Skype Click to Call Skype Technologies S.A. 13.03.2012 15,1MB 5.9.9216 (notwendig)
Skype™ 5.8 Skype Technologies S.A. 13.03.2012 19,0MB 5.8.158 (notwendig)
softonic-de3 Toolbar softonic-de3 02.07.2011 (unbekannt)
Total Commander (Remove or Repair) C. Ghisler & Co. 26.11.2010 7.50 (unnötig)
UltraISO Premium V9.52 11.01.2012 6,33MB (notwendig)
Uninstall 1.0.0.1 09.04.2011 10,9MB (unbekannt)
Visual Studio 2005 Tools for Office Second Edition Runtime Microsoft Corporation 10.08.2010 (unbekannt)
VLC media player 1.1.11 VideoLAN 15.10.2011 1.1.11 (unbekannt)
WinRAR 4.00 (32-Bit) win.rar GmbH 09.04.2011 4.00.0 (notwendig)
Яндекс.Бар 6.5 для Internet Explorer Яндекс 16.02.2012 26,8MB 6.5.0.1829 (unnötig)

Alt 22.04.2012, 19:19   #15
markusg
/// Malware-holic
 
Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Standard

Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
DVDVideoSoftTB
Foxit : alle
Free Audio
Free Mp3
Full Tilt
GutscheinRausch
iCloud
JDownloader
MATLAB
Mozilla Firefox :
1. deine version ist total veraltet, aktuell ist version 11.
2. würde ich an deiner stelle eh komplett auf chrome umsteigen, da sicherer.
spricht da was gegen? wenn nicht kann der ff runter.
Nero
Norton
PokerStars
PriceGong
softonic
Total Commander
Яндекс.

öffne otl bereinigen neustart.
öffne CCleaner analysieren, ccleaner starten, pc neustarten, testen wie das system läuft.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...
achtung, bezahl, compu, computer, deutschland, festgestellt, folge, folgender, geld, gesperrt, gestellt, heute, ihr computer wurde gesperrt, installier, installiert, laptop, meldung, microsoft, software, sperre, sperren, troja, trojaner, trojaner?, verbietet, windows



Ähnliche Themen: Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...


  1. Build 7601 (Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt)
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (9)
  2. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  3. GUV Trojaner - Windows 7 64 Bit. Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (12)
  4. Windows Security Center - Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 19.04.2012 (41)
  5. HILFE Bitte: Windows-Sicherheitscenter: Ihr Computer wurde gesperrt...
    Log-Analyse und Auswertung - 16.04.2012 (11)
  6. Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ...
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (19)
  7. Achtung! Ihr Computer wurde gesperrt. Windows Security Center!?
    Log-Analyse und Auswertung - 02.04.2012 (21)
  8. Windows Sec.Center Achtung ! Computer wurde gesperrt....
    Log-Analyse und Auswertung - 20.03.2012 (19)
  9. Computer wurde gesperrt! ; Windows Security Center.
    Log-Analyse und Auswertung - 16.03.2012 (1)
  10. Windows security Ihr computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (19)
  11. Windows Sicherheitszenter-Fenster Computer wurde gesperrt
    Log-Analyse und Auswertung - 19.02.2012 (6)
  12. Achtung! Ihr Computer wurde gesperrt! Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (9)
  13. Windows Securety Center - Achtung ihr Computer wurde gesperrt !!!
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (13)
  14. Windows Security Fenster - Achtung ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (3)
  15. Achtung! Ihr Computer wurde gesperrt! Windows Security
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (11)
  16. windows 7, weißer Bildschirm, Meldung: windows security center, Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 06.02.2012 (11)
  17. Windows Security Center ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 04.02.2012 (1)

Zum Thema Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... - Hallo, mein laptop wurde heute früh gesperrt mit folgender Meldung "Achtung! Ihr Computer wurde gesperrt!!! Bei der Überprüfung der Echtheit von Windows wurde festgestellt, dass auf Ihrem Computer nicht lizensierte - Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ......
Archiv
Du betrachtest: Ihr Computer wurde gesperrt! Bei der Überprüfung der Echtheit von Windows ... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.