| |
| |||||||
Log-Analyse und Auswertung: Trojaner oder StealerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.05.2013, 03:46
| #1 |
| |  Trojaner oder Stealer Hallo, hab von jemanden ein Programm zugeschickt bekommen Beim installieren ist mir aufgefallen, dass mehrere *.exe Dateien und *.jar Dateien erstellt wurden Unter Anderem im temp Ordner und im Java Ordner und der Installer hat nicht funktioniert Also mit hoher Sicherheit ein Trojaner oder Stealer Hab sofort Java Cache gelöscht, temp Ordner geleert usw. Mehrere Verdächtige Sachen gefunden wie ju.jar und ishi.exe und .tmp Dateien Hatte während des Setups auch die Firewall zugelassen, da ich vermutet hatte, dass Updates heruntergeladen werden. Eset, Malwarebytes, Emnisoft & Trojan Remover konnten nichts finden. Hier mal die Logs, vielleicht könnt ihr mir ja weiterhelfen OTL Code:
ATTFilter OTL logfile created on: 04.05.2013 04:02:21 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VITALITASIA\Desktop\Tools\Security 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,63% Memory free 12,00 Gb Paging File | 10,19 Gb Available in Paging File | 84,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 245,41 Gb Total Space | 202,05 Gb Free Space | 82,33% Space Free | Partition Type: NTFS Drive D: | 350,66 Gb Total Space | 88,11 Gb Free Space | 25,13% Space Free | Partition Type: NTFS Drive E: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: VITALITASIA-PC | User Name: VITALITASIA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.04 02:52:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\Tools\Security\Otl.exe PRC - [2013.04.19 06:24:21 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.04.14 18:58:32 | 000,124,416 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe ========== Modules (No Company Name) ========== MOD - [2013.04.14 18:59:20 | 002,376,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll MOD - [2013.04.14 18:59:18 | 011,387,392 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll MOD - [2013.04.14 18:59:12 | 000,221,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll MOD - [2013.04.14 18:59:12 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll MOD - [2013.04.14 18:59:12 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll MOD - [2013.04.14 18:59:12 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll MOD - [2013.04.14 18:59:12 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll MOD - [2013.04.14 18:59:10 | 000,968,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll MOD - [2013.04.14 18:59:10 | 000,387,584 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll MOD - [2013.04.14 18:59:10 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll MOD - [2013.04.14 18:59:10 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll MOD - [2013.04.14 18:59:10 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll MOD - [2013.04.14 18:59:08 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll MOD - [2013.04.14 18:59:08 | 001,338,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll MOD - [2013.04.14 18:59:08 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll MOD - [2013.04.14 18:59:08 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll MOD - [2013.04.14 18:59:08 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll MOD - [2013.04.14 18:59:06 | 008,025,600 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll MOD - [2013.04.14 18:59:06 | 000,393,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll MOD - [2013.04.14 18:59:06 | 000,279,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll MOD - [2013.04.14 18:59:00 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll MOD - [2013.04.14 18:59:00 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll MOD - [2013.04.14 18:59:00 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll MOD - [2013.04.14 18:59:00 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll MOD - [2013.04.14 18:59:00 | 000,072,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll MOD - [2013.04.14 18:59:00 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll MOD - [2013.04.14 18:59:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll MOD - [2013.04.14 18:58:58 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll MOD - [2013.04.14 18:58:56 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll MOD - [2013.04.14 18:58:56 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll MOD - [2013.04.14 18:58:56 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll MOD - [2013.04.14 18:58:54 | 001,551,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll MOD - [2013.04.14 18:58:54 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll MOD - [2013.04.14 18:58:54 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll MOD - [2013.04.14 18:58:54 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll MOD - [2013.04.14 18:58:54 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll MOD - [2013.04.14 18:58:54 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll MOD - [2013.04.14 18:58:54 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll MOD - [2013.04.14 18:58:54 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll MOD - [2013.04.14 18:58:54 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll MOD - [2013.04.14 18:58:52 | 001,405,440 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll MOD - [2013.04.14 18:58:52 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll MOD - [2013.04.14 18:58:52 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll MOD - [2013.04.14 18:58:48 | 001,285,120 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll MOD - [2013.04.14 18:58:48 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll MOD - [2013.04.14 18:58:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll MOD - [2013.04.14 18:58:48 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll MOD - [2013.04.14 18:58:48 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll MOD - [2013.04.14 18:58:46 | 000,740,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll MOD - [2013.04.14 18:58:46 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll MOD - [2013.04.14 18:58:46 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll MOD - [2013.04.14 18:58:46 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll MOD - [2013.04.14 18:58:46 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll MOD - [2013.04.14 18:58:46 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll MOD - [2013.04.14 18:58:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll MOD - [2013.04.14 18:58:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll MOD - [2013.04.14 18:58:44 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll MOD - [2013.04.14 18:58:44 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll MOD - [2013.04.14 18:58:44 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll MOD - [2013.04.14 18:58:44 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll MOD - [2013.04.14 18:58:44 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll MOD - [2013.04.14 18:58:44 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll MOD - [2013.04.14 18:58:44 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll MOD - [2013.04.14 18:58:42 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll MOD - [2013.04.14 18:58:42 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll MOD - [2013.04.14 18:58:42 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll MOD - [2013.04.14 18:58:42 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll MOD - [2013.04.14 18:58:40 | 000,134,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll MOD - [2013.04.14 18:58:40 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll MOD - [2013.04.14 18:58:38 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll MOD - [2013.04.14 18:58:38 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll MOD - [2013.04.14 18:58:36 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll MOD - [2013.04.14 18:58:34 | 000,693,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll MOD - [2013.04.14 18:58:34 | 000,469,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll MOD - [2013.04.14 18:58:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll MOD - [2013.04.14 18:58:32 | 000,071,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.25 01:30:18 | 005,784,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.19 18:10:00 | 002,570,544 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2013.04.19 06:24:21 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.04.15 18:38:22 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.04 01:45:06 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts) DRV:64bit: - [2013.04.28 22:25:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.04.15 18:38:52 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:64bit: - [2013.04.13 05:47:19 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013.04.13 05:47:19 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013.04.13 05:10:42 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013.04.13 05:04:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013.04.13 05:04:04 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2013.04.13 05:04:04 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2013.04.13 05:04:04 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2013.01.10 09:25:22 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012.12.21 07:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.12.21 07:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.11.26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.11.08 13:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2012.11.08 13:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2012.07.24 21:58:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.07.24 21:58:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.07.24 21:58:00 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronSTOR.sys -- (EtronSTOR) DRV:64bit: - [2012.06.12 23:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.26 06:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.03.08 11:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag) DRV:64bit: - [2012.02.22 18:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois) DRV:64bit: - [2012.02.22 18:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe) DRV:64bit: - [2012.02.22 16:27:02 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64) DRV:64bit: - [2012.01.24 17:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2011.10.25 19:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.10.25 19:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.04.08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009.11.16 16:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) DRV:64bit: - [2009.11.16 16:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.03.28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 DB F5 F2 48 44 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013.05.01 19:41:58 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Ultimate YouTube Downloader = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.2.1_0\ CHR - Extension: YouTube = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Photo Zoom for Facebook = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\ CHR - Extension: AdBlock = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: Downloads = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: Google Mail = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe File not found O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA1DAE1F-7C5F-404F-B763-D4CA56CA20B5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.05 14:56:54 | 000,000,099 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.04 04:00:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\OTL.exe [2013.05.04 01:45:16 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-183082 [2013.05.04 01:45:06 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.04 01:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx [2013.05.04 01:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2013.05.04 00:47:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2013.05.04 00:45:07 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\O&O [2013.05.04 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2013.05.04 00:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2013.05.04 00:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software [2013.05.04 00:03:48 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Malwarebytes [2013.05.04 00:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.04 00:03:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.04 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.03 23:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.05.03 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.05.03 22:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.05.03 22:57:17 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Simply Super Software [2013.05.03 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Simply Super Software [2013.05.03 22:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.05.03 22:41:37 | 000,000,000 | -H-D | C] -- C:\VTRoot [2013.05.03 21:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.05.03 21:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2013.05.03 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Anti-Malware [2013.05.03 17:50:31 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC [2013.05.03 16:36:12 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Virtual Machines [2013.05.03 16:32:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ [2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA [2013.05.03 16:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode [2013.05.03 16:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2013.05.03 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\ESET [2013.05.02 01:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension [2013.05.01 23:42:46 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Documents\Scanned Documents [2013.05.01 23:42:46 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Fax [2013.05.01 23:35:54 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\My Cheat Tables [2013.05.01 22:18:19 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\SoftCoder [2013.05.01 19:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2013.05.01 19:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2013.05.01 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.05.01 18:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Little Registry Cleaner [2013.05.01 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.05.01 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.05.01 18:09:50 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Runscanner.net [2013.05.01 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Moyea [2013.05.01 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Moyea [2013.05.01 16:01:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.05.01 16:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moyea [2013.05.01 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [2013.04.30 22:22:31 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\JAM Software [2013.04.30 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\QuickPar [2013.04.30 04:58:02 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\VS Revo Group [2013.04.30 04:57:56 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys [2013.04.30 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group [2013.04.30 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2013.04.30 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013.04.30 03:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps [2013.04.30 02:29:37 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker [2013.04.30 02:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegSeeker [2013.04.30 02:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegSeeker [2013.04.30 01:59:24 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Canon Easy-PhotoPrint EX [2013.04.30 01:57:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2013.04.30 01:57:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2013.04.30 01:57:13 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Canon [2013.04.30 01:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.04.30 01:51:59 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Software [2013.04.30 01:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.04.30 01:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.04.30 01:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.04.30 01:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series [2013.04.30 01:47:31 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.04.29 22:51:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Foxit Software [2013.04.29 22:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2013.04.29 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Diagnostics [2013.04.29 22:08:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSIP [2013.04.29 21:43:13 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.04.29 21:43:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.04.29 17:07:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.04.29 15:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2013.04.29 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cloning Clyde v1.0.197.0 [2013.04.29 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Programs [2013.04.29 07:12:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.04.29 00:13:29 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2013.04.29 00:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan [2013.04.29 00:13:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\athan [2013.04.29 00:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Athan [2013.04.28 23:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV-Browser [2013.04.28 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\vlc [2013.04.28 23:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2013.04.28 23:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.04.28 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Windows Live Writer [2013.04.28 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Windows Live Writer [2013.04.28 22:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013.04.28 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\QuickScan [2013.04.28 22:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.04.28 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.04.28 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.04.28 22:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2013.04.28 22:40:07 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space [2013.04.28 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2013.04.28 22:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2013.04.28 22:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2013.04.28 22:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.04.28 22:29:27 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Tools [2013.04.28 22:29:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Download [2013.04.28 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Spiele [2013.04.28 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Windows Live [2013.04.28 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp [2013.04.28 22:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp [2013.04.28 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.28 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013.04.28 22:25:38 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.28 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\DAEMON Tools Lite [2013.04.28 22:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2013.04.28 22:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.04.28 22:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.04.28 22:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2013.04.28 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2013.04.28 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2013.04.28 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2013.04.28 22:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2013.04.28 22:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2013.04.28 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\uTorrent [2013.04.28 22:20:27 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\WinRAR [2013.04.28 22:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.04.28 22:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.28 22:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.04.28 22:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.04.28 22:15:01 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.04.28 22:15:01 | 000,823,072 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll [2013.04.28 22:15:01 | 000,633,632 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltech64.dll [2013.04.28 22:15:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.04.28 22:15:01 | 000,517,408 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sl3apo64.dll [2013.04.28 22:15:01 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.04.28 22:15:01 | 000,213,792 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll [2013.04.28 22:15:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.04.28 22:15:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.04.28 22:15:01 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.04.28 22:15:01 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.04.28 22:15:01 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.04.28 22:15:01 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.04.28 22:15:00 | 014,021,912 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll [2013.04.28 22:15:00 | 009,123,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll [2013.04.28 22:15:00 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.04.28 22:15:00 | 004,957,976 | ---- | C] (A-volute) -- C:\Windows\SysNative\RTKSMlfx.dll [2013.04.28 22:15:00 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013.04.28 22:15:00 | 001,900,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.04.28 22:15:00 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.04.28 22:15:00 | 000,887,640 | ---- | C] (A-Volute) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll [2013.04.28 22:15:00 | 000,719,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll [2013.04.28 22:15:00 | 000,612,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll [2013.04.28 22:15:00 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2013.04.28 22:15:00 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.04.28 22:15:00 | 000,395,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.04.28 22:15:00 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.04.28 22:15:00 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.04.28 22:15:00 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.04.28 22:15:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.04.28 22:15:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.04.28 22:15:00 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.04.28 22:15:00 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.04.28 22:15:00 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.04.28 22:15:00 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.04.28 22:15:00 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.04.28 22:15:00 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.04.28 22:14:59 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.04.28 22:14:59 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.04.28 22:14:59 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.04.28 22:14:59 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.04.28 22:14:59 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.04.28 22:14:59 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.04.28 22:14:59 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.04.28 22:14:59 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.04.28 22:14:59 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.04.28 22:14:59 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.04.28 22:14:59 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.04.28 22:14:59 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.04.28 22:14:59 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.04.28 22:14:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.04.28 22:14:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.04.28 22:14:59 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.04.28 22:14:59 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013.04.28 22:14:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.04.28 22:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.04.28 22:14:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.04.28 22:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.04.28 22:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.04.28 22:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.04.28 22:12:21 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.04.28 22:12:21 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.04.28 22:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.04.28 22:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.04.28 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.04.28 22:10:54 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.04.28 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Alt.Binz [2013.04.28 22:04:05 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\NetSpeedMonitor [2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar [2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar [2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar [2013.04.28 22:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor [2013.04.28 22:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alt.Binz [2013.04.28 22:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alt.Binz [2013.04.28 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.04.28 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2013.04.28 21:59:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.04.28 21:58:22 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\SkyDrive [2013.04.28 21:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.04.28 21:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.04.28 21:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2013.04.28 21:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.04.28 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.28 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.28 21:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.04.28 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.04.28 21:46:48 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Google [2013.04.28 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Deployment [2013.04.28 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Apps [2013.04.28 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Adobe [2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Searches [2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.04.28 21:42:57 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Identities [2013.04.28 21:42:55 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Contacts [2013.04.28 21:42:54 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\VirtualStore [2013.04.28 21:42:51 | 000,000,000 | --SD | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Videos [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Saved Games [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Pictures [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Music [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Links [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Favorites [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Downloads [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Documents [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Desktop [2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Vorlagen [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Verlauf [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Temporary Internet Files [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Startmenü [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\SendTo [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Recent [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Netzwerkumgebung [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Lokale Einstellungen [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Videos [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Musik [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Eigene Dateien [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Bilder [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Druckumgebung [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Cookies [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Anwendungsdaten [2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Anwendungsdaten [2013.04.28 21:42:51 | 000,000,000 | -H-D | C] -- C:\Users\VITALITASIA\AppData [2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Temp [2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Microsoft [2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Media Center Programs [2013.04.28 21:30:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.04.28 21:30:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.04.28 21:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.04.28 21:28:42 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Programme [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.04.28 21:13:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.04.28 21:12:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.04.23 15:04:12 | 000,437,176 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll [2013.04.23 15:04:12 | 000,348,048 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll [2013.04.19 18:09:52 | 000,253,744 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe [2013.04.19 18:09:44 | 000,011,056 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll [2013.04.15 18:38:52 | 000,023,168 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys [2013.04.15 18:38:40 | 000,043,216 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll [2013.04.15 18:38:30 | 000,343,760 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll [2013.04.15 18:38:30 | 000,045,776 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll [2013.04.15 18:38:26 | 000,276,688 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll [2013.04.15 18:38:26 | 000,040,656 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll [2013.04.15 16:46:09 | 000,000,000 | ---D | C] -- C:\Windows\WinToolkit [2013.04.15 16:44:10 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.04.15 16:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.04.15 16:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.04.15 16:43:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.04.15 16:43:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.04.15 16:42:38 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.04.15 16:42:36 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.04.15 16:42:34 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.04.15 16:42:34 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.04.12 16:21:49 | 000,418,632 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys [2013.04.12 16:21:49 | 000,139,592 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmthub3.sys ========== Files - Modified Within 30 Days ========== [2013.05.04 04:00:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\OTL.exe [2013.05.04 03:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.04 03:30:05 | 000,000,168 | ---- | M] () -- C:\Users\VITALITASIA\defogger_reenable [2013.05.04 02:38:34 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 02:38:34 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 02:35:38 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.04 02:35:38 | 000,700,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.04 02:35:38 | 000,654,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.04 02:35:38 | 000,149,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.04 02:35:38 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.04 02:31:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.04 02:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.04 02:30:56 | 535,732,223 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 02:30:22 | 000,005,276 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat [2013.05.04 01:45:16 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-183082 [2013.05.04 01:45:06 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.01 19:26:32 | 000,000,600 | ---- | M] () -- C:\Users\VITALITASIA\PUTTY.RND [2013.05.01 15:10:39 | 000,029,768 | ---- | M] () -- C:\Users\VITALITASIA\Documents\cc_20130501_151032.reg [2013.05.01 15:09:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.30 18:04:28 | 000,000,814 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Bewerbungen.lnk [2013.04.30 15:56:38 | 000,000,659 | ---- | M] () -- C:\Users\VITALITASIA\.swfinfo [2013.04.29 21:36:33 | 000,001,124 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Picasa 3.lnk [2013.04.29 00:13:30 | 000,001,829 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Athan.lnk [2013.04.29 00:12:57 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2013.04.28 23:48:07 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\TV-Browser.lnk [2013.04.28 23:46:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2013.04.28 23:46:46 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.28 23:45:22 | 000,001,117 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\aglotze.lnk [2013.04.28 22:58:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013.04.28 22:55:50 | 000,001,749 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\SkyDrive.lnk [2013.04.28 22:53:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf [2013.04.28 22:53:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.04.28 22:53:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2013.04.28 22:43:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2013.04.28 22:43:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2013.04.28 22:37:46 | 000,013,257 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Energieoptionen.lnk [2013.04.28 22:25:58 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.28 22:25:38 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.28 22:03:32 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Alt.Binz.lnk [2013.04.28 21:40:36 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.28 21:17:21 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.04.28 21:17:21 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.04.28 21:15:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.04.28 21:13:11 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.23 15:04:12 | 000,437,176 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll [2013.04.23 15:04:12 | 000,348,048 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll [2013.04.19 18:09:52 | 000,253,744 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe [2013.04.19 18:09:44 | 000,011,056 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll [2013.04.19 06:24:21 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.04.19 06:24:21 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.04.19 06:24:21 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.04.17 19:30:28 | 003,122,645 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2013.04.15 18:38:52 | 000,023,168 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys [2013.04.15 18:38:40 | 000,043,216 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll [2013.04.15 18:38:30 | 000,343,760 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll [2013.04.15 18:38:30 | 000,045,776 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll [2013.04.15 18:38:26 | 000,276,688 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll [2013.04.15 18:38:26 | 000,040,656 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll [2013.04.15 16:43:34 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.04.15 16:43:34 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.04.15 16:42:38 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.04.15 16:42:36 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.04.15 16:42:34 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.04.15 16:42:34 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.04.13 05:49:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.13 05:49:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.13 05:18:48 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.13 05:18:11 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.05.04 03:30:05 | 000,000,168 | ---- | C] () -- C:\Users\VITALITASIA\defogger_reenable [2013.05.03 22:57:17 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll [2013.05.03 22:57:17 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2013.05.03 22:41:22 | 000,005,276 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat [2013.05.01 19:25:32 | 000,000,600 | ---- | C] () -- C:\Users\VITALITASIA\PUTTY.RND [2013.05.01 15:10:36 | 000,029,768 | ---- | C] () -- C:\Users\VITALITASIA\Documents\cc_20130501_151032.reg [2013.05.01 15:09:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.30 18:04:28 | 000,000,814 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Bewerbungen.lnk [2013.04.30 15:30:31 | 000,000,659 | ---- | C] () -- C:\Users\VITALITASIA\.swfinfo [2013.04.29 21:42:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1746D.TBL [2013.04.29 21:42:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1746D.TBL [2013.04.29 21:36:33 | 000,001,124 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Picasa 3.lnk [2013.04.29 00:13:30 | 000,001,829 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Athan.lnk [2013.04.28 23:48:07 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\TV-Browser.lnk [2013.04.28 23:46:46 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.28 23:46:45 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2013.04.28 23:45:22 | 000,001,117 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\aglotze.lnk [2013.04.28 22:58:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013.04.28 22:55:50 | 000,001,749 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\SkyDrive.lnk [2013.04.28 22:53:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf [2013.04.28 22:53:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.04.28 22:53:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2013.04.28 22:43:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2013.04.28 22:43:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2013.04.28 22:37:46 | 000,013,257 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Energieoptionen.lnk [2013.04.28 22:30:43 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.04.28 22:25:58 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.28 22:15:01 | 003,180,264 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.04.28 22:15:00 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.04.28 22:12:36 | 003,122,645 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.04.28 22:11:30 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.04.28 22:03:32 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Alt.Binz.lnk [2013.04.28 21:58:22 | 000,002,200 | ---- | C] () -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013.04.28 21:46:55 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.28 21:46:54 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.28 21:43:05 | 000,001,413 | ---- | C] () -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.28 21:31:25 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.28 21:16:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.04.28 21:16:56 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.04.28 21:15:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.04.28 21:12:52 | 535,732,223 | -HS- | C] () -- C:\hiberfil.sys [2013.04.15 16:44:40 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.04.15 16:44:39 | 000,700,562 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.04.15 16:44:39 | 000,149,462 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.04.15 16:44:39 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.04.13 05:49:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.13 05:49:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.13 05:18:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.13 05:18:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.04.13 05:20:21 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.04.13 05:20:21 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.30 02:25:29 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Canon [2013.05.03 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\DAEMON Tools Lite [2013.04.29 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Foxit Software [2013.04.30 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\JAM Software [2013.05.01 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Moyea [2013.04.28 22:04:09 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\NetSpeedMonitor [2013.04.28 22:57:22 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\QuickScan [2013.05.01 18:20:34 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Runscanner.net [2013.05.03 23:00:08 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Simply Super Software [2013.05.04 01:46:28 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\uTorrent [2013.05.02 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 04:02:21 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VITALITASIA\Desktop\Tools\Security
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,63% Memory free
12,00 Gb Paging File | 10,19 Gb Available in Paging File | 84,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 245,41 Gb Total Space | 202,05 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 88,11 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive E: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: VITALITASIA-PC | User Name: VITALITASIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097D3631-AEF4-41C8-B2F7-9CD235867A06}" = rport=445 | protocol=6 | dir=out | app=system |
"{0AE98FE3-A35E-4D09-85B2-5E28FFD8F3F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{17EA8370-EF5E-49F2-8C4F-991E87DEE99C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{386C1F4A-BCC6-4456-8B4E-AAF4EE16956D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{419F948D-BA0B-446B-9BA2-8AAF4F169FD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45D041E2-01CC-4BC6-BA02-9D7A25DA703F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4D36A25F-C4CA-4BBA-99D6-03E595EA4ED2}" = lport=137 | protocol=17 | dir=in | app=system |
"{50F9BD0C-C22A-4A0A-AEA9-96EC17D852BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{699F54F2-6CA1-4B5F-BA37-0B75D2399E61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B98DD9E-EB0D-4110-9275-B64AC5F28919}" = rport=137 | protocol=17 | dir=out | app=system |
"{6F4698FA-119D-4A71-9CD7-5DD5638F36EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F5BAB51-CE88-4212-8C0C-8BD58B8E9923}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8430AB9C-D498-4B99-A258-EFDBFA1333EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9473AA73-6CFD-4E42-9595-8D1EBF9E1729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{991887F6-3ACD-4448-A1A6-CFAC41FCE4DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A53AC3CB-52EA-4148-8B5D-72B2B46B169C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B47B3C36-409F-4874-BDFA-E3BCB155F0C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{C794BB2C-95C2-4CF6-8620-A3286DE8F18C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D41588F4-A144-4D9F-8A66-B7D44CE76978}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7EED53F-E2AE-48E4-B4FA-7305ABA8198C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DA0BA282-3796-4E6D-AF11-6ED17AFFCE06}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DEAA9023-E844-4E3A-9EF1-EFD31E39D169}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F33BA06E-C755-4F6D-BA07-E001F5437AB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F40CBE2B-2760-4C8B-81D4-F08602FA70EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F59994D0-03FF-4DF8-899B-DBE4A33AA770}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A33A945-855D-443D-83D7-3EB267109AC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1FCD53F6-6CCF-4CFA-BAE7-8B075B1559EA}" = dir=in | app=c:\users\vitalitasia\appdata\local\microsoft\skydrive\skydrive.exe |
"{2244E668-7262-4B72-A2E1-501048E98DE9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D1DCBF3-A210-4CED-BA44-51B560127D62}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{43769C55-07BD-488B-B98C-56E47B8774F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43B07018-0989-4901-90CF-C207075309F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B9BDEDD-4F66-4701-BA61-BED22178A574}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{4CA1EA80-AE39-4ECB-9601-D9D023747746}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5301EA7E-8811-4F31-9868-BA1DC6166ECA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A5736B3-784D-4FAE-9A7E-837815ECB048}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CF9B01C-F87A-42CE-BEAB-4C4275D407D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70C738B3-EA2C-42D3-89D6-437A07AA612E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{733DFA19-B365-4CD8-BAA4-9B4B45EC7513}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75AAAD62-BEF2-49D2-860A-6FC896E50D1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{936E688A-6FFC-4D56-9ADD-53BC2030899A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{93D50DD0-7112-4F12-AC7F-C50DB38BE5D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{956E03F7-2312-493A-9AA6-6035724B127A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DC31C39-CD33-4665-91A7-DA8D818F87C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B88F4937-E241-4948-B79D-E89B25017DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{C1031E8A-D201-4DEE-9266-B42FB8294DFE}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{CB94BE4A-1480-47D8-BC01-9622149220B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD0D498A-1E9A-4142-BF05-E8DF80AA9A4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1C30BA4-F47E-4096-AE1D-CB7982EF50C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6768466-3042-434E-A854-8F4E5CEFB0CF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{D91B1BC5-BF8F-4B85-AF8A-C2A9285454E9}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E4016252-7F36-49CC-B854-92E93EA61345}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E44AA3DE-D7A0-4792-8B42-72085C953E57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E623E1E0-A278-4A80-9720-DB52F504E64C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E96AD7C7-2ABB-48AB-858D-1AD1619F3F55}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{F1FDCCEE-AA47-4627-8138-EA663B730DEE}" = protocol=6 | dir=out | app=system |
"{F427E323-24C0-4E9E-A43A-8AFEC5F516B1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{5497047A-44F2-4189-85BE-76F6B8DF92AF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{4588A9C6-D75C-4CC8-944C-A5863D4A27A4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{39BFB173-09EB-4286-84E1-2FAFC97107E1}" = ESET NOD32 Antivirus
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Firewall
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FD27F016-131B-48DF-B110-DF3F82714170}" = O&O Defrag Professional
"CCleaner" = CCleaner
"HashTab" = HashTab 5.1.0.23
"Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1" = Revo Uninstaller Pro 3.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Alt.Binz" = Alt.Binz 0.39.4
"Athan" = Athan Basic 4.4
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Picasa 3" = Picasa 3
"Q2xvbmluZ0NseWRldjEwMTk3MA==_is1" = Cloning Clyde v1.0.197.0 (c) NinjaBee version 1
"QuickPar" = QuickPar 0.9
"RegSeeker" = RegSeeker
"Security Task Manager" = Security Task Manager 1.8g
"SpeedFan" = SpeedFan (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.6
"tvbrowser" = TV-Browser 3.3a
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 03.05.2013 20:32:48 | Computer Name = VITALITASIA-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 20:33:18 | Computer Name = VITALITASIA-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 28.04.2013 16:53:54 | Computer Name = VITALITASIA-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.04.2013 15:42:41 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 29.04.2013 21:23:32 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 30.04.2013 16:29:35 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 01.05.2013 05:27:22 | Computer Name = VITALITASIA-PC | Source = DCOM | ID = 10010
Description =
Error - 01.05.2013 12:01:22 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Desktop Update Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 01.05.2013 13:42:22 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 03.05.2013 09:27:17 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "COMODO Virtual Service Manager" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Geändert von batekha (04.05.2013 um 04:05 Uhr) |
|
04.05.2013, 15:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner oder Stealer Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.05.2013, 18:05
| #3 | |
| | Trojaner oder StealerZitat:
ich hab die Version gebraucht gekauft und sie war nur geringfügig teurer als die Professional Version. Scans habe ich jeweils gemacht mit: Eset Nod32, Malwarebytes, Emnisoft Antim., Trojan Remover und Prevx, keiner der angegegeben Programme hat etwas gefunden. Und OTL hat auch beim Start nichts gemeldet. Also dieser Trojaner oder was auch immer es scheint gut versteckt zu sein. Vielleicht komme ich noch an das Programm ran, was mir geschickt wurde, vielleicht würde euch das weiterhelfen Es war die Testversion von Trojan Remover. Hätte ich lieber direkt von der Homepage runterladen sollen. Wie gesagt das Setup war nicht funktionsfähig und es wurden nur diese mysteriösen Dateien erstellt. Ich bedanke mich schon einmal im Voraus für weitere Hilfe MfG |
|
04.05.2013, 22:12
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner oder StealerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.05.2013, 22:55
| #5 | |
| | Trojaner oder StealerZitat:
3 Dateien habe ich bemerkt, es könnten durchaus mehrere sein. Unter Anderem ishi.exe, die nach meinen Recherchen im Internet gefährlich ist. Java lief plötzlich in den Prozessen und ich konnte das durch das Setup erstellte "ju.jar" nicht löschen bis ich beide Java Prozesse im Task Manager beendet habe. Mfg |
|
04.05.2013, 23:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner oder Stealer Jedes Programm erstellt Dateien und fast jedes Programm will auch über das inet kommunizieren. Das allein ist also ein sehr schlechtes Merkmal um Malware zu identifizieren, denn demnach wäre ja fast jede Software Malware. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Trojaner oder Stealer |
|
05.05.2013, 14:09
| #7 |
| | Trojaner oder Stealer Hallo, danke für die ausführlichen Anleitungen. Hier sind die entsprechenden Logs Ich weiß, dass der Aufbau zum Internet nichts bedeutsames sein muss, aber das Setup hatte zwar das Trojan Remover Logo, hat aber das gewünschte Programm nicht installiert und beendete sich selbst mit einem Fehler. Als ich die Version direkt von der Herstellerseite heruntergeladen habe, hat das Setup jedoch funktioniert. MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.05.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
VITALITASIA :: VITALITASIA-PC [administrator]
05.05.2013 14:43:34
mbar-log-2013-05-05 (14-43-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28397
Time elapsed: 4 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-05 14:46:31
-----------------------------
14:46:31.958 OS Version: Windows x64 6.1.7601 Service Pack 1
14:46:31.958 Number of processors: 4 586 0x403
14:46:31.958 ComputerName: VITALITASIA-PC UserName: VITALITASIA
14:46:35.310 Initialize success
14:48:29.184 AVAST engine defs: 13050500
14:50:34.776 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
14:50:34.781 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610476MB BusType: 3
14:50:34.860 Disk 0 MBR read successfully
14:50:34.865 Disk 0 MBR scan
14:50:34.916 Disk 0 Windows 7 default MBR code
14:50:34.919 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:50:34.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 251298 MB offset 206848
14:50:34.986 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 359077 MB offset 514865152
14:50:35.043 Disk 0 scanning C:\Windows\system32\drivers
14:50:48.433 Service scanning
14:51:11.002 Modules scanning
14:51:11.019 Disk 0 trace - called modules:
14:51:11.036 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:51:11.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e07060]
14:51:11.383 3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa800500e580]
14:51:11.395 5 ACPI.sys[fffff88000f607a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8005012060]
14:51:12.965 AVAST engine scan C:\Windows
14:51:14.995 AVAST engine scan C:\Windows\system32
14:54:44.590 AVAST engine scan C:\Windows\system32\drivers
14:55:03.198 AVAST engine scan C:\Users\VITALITASIA
14:56:22.540 AVAST engine scan C:\ProgramData
14:56:36.808 Scan finished successfully
15:01:36.967 Disk 0 MBR has been saved successfully to "C:\Users\VITALITASIA\Desktop\MBR.dat"
15:01:36.989 The log file has been saved successfully to "C:\Users\VITALITASIA\Desktop\aswMBR.txt"
Code:
ATTFilter 15:02:48.0400 2096 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:02:50.0401 2096 ============================================================
15:02:50.0401 2096 Current date / time: 2013/05/05 15:02:50.0401
15:02:50.0401 2096 SystemInfo:
15:02:50.0401 2096
15:02:50.0401 2096 OS Version: 6.1.7601 ServicePack: 1.0
15:02:50.0401 2096 Product type: Workstation
15:02:50.0401 2096 ComputerName: VITALITASIA-PC
15:02:50.0402 2096 UserName: VITALITASIA
15:02:50.0402 2096 Windows directory: C:\Windows
15:02:50.0402 2096 System windows directory: C:\Windows
15:02:50.0402 2096 Running under WOW64
15:02:50.0402 2096 Processor architecture: Intel x64
15:02:50.0402 2096 Number of processors: 4
15:02:50.0402 2096 Page size: 0x1000
15:02:50.0402 2096 Boot type: Normal boot
15:02:50.0402 2096 ============================================================
15:02:53.0930 2096 Drive \Device\Harddisk0\DR0 - Size: 0x950AC4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:02:53.0933 2096 ============================================================
15:02:53.0933 2096 \Device\Harddisk0\DR0:
15:02:53.0933 2096 MBR partitions:
15:02:53.0933 2096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:02:53.0933 2096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1EAD1000
15:02:53.0933 2096 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1EB03800, BlocksNum 0x2BD52A70
15:02:53.0933 2096 ============================================================
15:02:53.0952 2096 C: <-> \Device\Harddisk0\DR0\Partition2
15:02:53.0979 2096 D: <-> \Device\Harddisk0\DR0\Partition3
15:02:53.0979 2096 ============================================================
15:02:53.0980 2096 Initialize success
15:02:53.0980 2096 ============================================================
15:03:32.0351 4280 ============================================================
15:03:32.0351 4280 Scan started
15:03:32.0351 4280 Mode: Manual; SigCheck; TDLFS;
15:03:32.0351 4280 ============================================================
15:03:32.0981 4280 ================ Scan system memory ========================
15:03:32.0981 4280 System memory - ok
15:03:32.0982 4280 ================ Scan services =============================
15:03:33.0091 4280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:03:33.0204 4280 1394ohci - ok
15:03:33.0239 4280 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
15:03:33.0262 4280 a2acc - ok
15:03:33.0396 4280 [ A7F08A73F2668FCD2B51A66751FA7FF3 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
15:03:33.0524 4280 a2AntiMalware - ok
15:03:33.0534 4280 [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
15:03:33.0543 4280 A2DDA - ok
15:03:33.0575 4280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:03:33.0612 4280 ACPI - ok
15:03:33.0624 4280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:03:33.0680 4280 AcpiPmi - ok
15:03:33.0703 4280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:03:33.0723 4280 adp94xx - ok
15:03:33.0734 4280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:03:33.0746 4280 adpahci - ok
15:03:33.0750 4280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:03:33.0761 4280 adpu320 - ok
15:03:33.0779 4280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:03:33.0868 4280 AeLookupSvc - ok
15:03:33.0893 4280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:03:33.0934 4280 AFD - ok
15:03:33.0952 4280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:03:33.0961 4280 agp440 - ok
15:03:33.0971 4280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:03:33.0992 4280 ALG - ok
15:03:33.0999 4280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:03:34.0008 4280 aliide - ok
15:03:34.0011 4280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:03:34.0020 4280 amdide - ok
15:03:34.0036 4280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:03:34.0057 4280 AmdK8 - ok
15:03:34.0074 4280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:03:34.0090 4280 AmdPPM - ok
15:03:34.0105 4280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:03:34.0114 4280 amdsata - ok
15:03:34.0119 4280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:03:34.0129 4280 amdsbs - ok
15:03:34.0144 4280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:03:34.0152 4280 amdxata - ok
15:03:34.0160 4280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:03:34.0279 4280 AppID - ok
15:03:34.0305 4280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:03:34.0354 4280 AppIDSvc - ok
15:03:34.0377 4280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:03:34.0411 4280 Appinfo - ok
15:03:34.0419 4280 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:03:34.0440 4280 AppMgmt - ok
15:03:34.0444 4280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:03:34.0453 4280 arc - ok
15:03:34.0457 4280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:03:34.0466 4280 arcsas - ok
15:03:34.0480 4280 [ 236023DAC93037A8DDE9539F36D7F3EE ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
15:03:34.0490 4280 asmthub3 - ok
15:03:34.0513 4280 [ 1390ABD16ADE1F2443B5749D06C4C8F2 ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
15:03:34.0525 4280 asmtxhci - ok
15:03:34.0587 4280 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:03:34.0628 4280 aspnet_state - ok
15:03:34.0640 4280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:34.0680 4280 AsyncMac - ok
15:03:34.0694 4280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:03:34.0702 4280 atapi - ok
15:03:34.0718 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:03:34.0760 4280 AudioEndpointBuilder - ok
15:03:34.0774 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:03:34.0802 4280 AudioSrv - ok
15:03:34.0811 4280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:03:34.0841 4280 AxInstSV - ok
15:03:34.0864 4280 [ 1FED668A08CD871ED317A0388CDD4537 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:03:34.0876 4280 b06bdrv - ok
15:03:34.0889 4280 [ CFE42B9C72CD047E478C3B7F4B1FAFFD ] b06diag C:\Windows\system32\drivers\bxdiaga.sys
15:03:34.0897 4280 b06diag - ok
15:03:34.0917 4280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:34.0937 4280 b57nd60a - ok
15:03:34.0943 4280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:03:34.0960 4280 BDESVC - ok
15:03:34.0976 4280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:03:35.0015 4280 Beep - ok
15:03:35.0033 4280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:03:35.0071 4280 BFE - ok
15:03:35.0087 4280 [ 33B114FC0394358DB521828B6F6ACC54 ] BFN7x64 C:\Windows\system32\drivers\Xeno7x64.sys
15:03:35.0095 4280 BFN7x64 - ok
15:03:35.0120 4280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:03:35.0173 4280 BITS - ok
15:03:35.0190 4280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:35.0212 4280 blbdrive - ok
15:03:35.0222 4280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:03:35.0253 4280 bowser - ok
15:03:35.0260 4280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:03:35.0278 4280 BrFiltLo - ok
15:03:35.0284 4280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:03:35.0294 4280 BrFiltUp - ok
15:03:35.0303 4280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:03:35.0314 4280 Browser - ok
15:03:35.0324 4280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:03:35.0346 4280 Brserid - ok
15:03:35.0357 4280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:35.0374 4280 BrSerWdm - ok
15:03:35.0382 4280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:35.0427 4280 BrUsbMdm - ok
15:03:35.0438 4280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:35.0451 4280 BrUsbSer - ok
15:03:35.0462 4280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:03:35.0477 4280 BTHMODEM - ok
15:03:35.0487 4280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:03:35.0518 4280 bthserv - ok
15:03:35.0535 4280 [ 96858ECF6D017E33A5A1A87E7A1E3206 ] bxfcoe C:\Windows\system32\drivers\bxfcoe.sys
15:03:35.0543 4280 bxfcoe - ok
15:03:35.0558 4280 [ 33B60616D5DE1D7FE8B5939D437BC74F ] bxois C:\Windows\system32\drivers\bxois.sys
15:03:35.0570 4280 bxois - ok
15:03:35.0581 4280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:03:35.0609 4280 cdfs - ok
15:03:35.0626 4280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:03:35.0641 4280 cdrom - ok
15:03:35.0653 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:03:35.0685 4280 CertPropSvc - ok
15:03:35.0699 4280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:03:35.0720 4280 circlass - ok
15:03:35.0744 4280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:03:35.0757 4280 CLFS - ok
15:03:35.0787 4280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:35.0795 4280 clr_optimization_v2.0.50727_32 - ok
15:03:35.0812 4280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:35.0820 4280 clr_optimization_v2.0.50727_64 - ok
15:03:35.0864 4280 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:35.0895 4280 clr_optimization_v4.0.30319_32 - ok
15:03:35.0904 4280 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:35.0919 4280 clr_optimization_v4.0.30319_64 - ok
15:03:35.0934 4280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:03:35.0959 4280 CmBatt - ok
15:03:36.0202 4280 [ C7C3794C92578A5C2F7555AC75864EB2 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
15:03:36.0280 4280 cmdAgent - ok
15:03:36.0298 4280 [ 47E7C07A0EC8D4E82701EA425EB9E275 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
15:03:36.0306 4280 cmderd - ok
15:03:36.0332 4280 [ 2BFD057D32A41AB9A1E5F5C674C59339 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
15:03:36.0347 4280 cmdGuard - ok
15:03:36.0364 4280 [ E5161A4E5C64B9D1AE024D657E0148B1 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
15:03:36.0373 4280 cmdHlp - ok
15:03:36.0379 4280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:03:36.0387 4280 cmdide - ok
15:03:36.0396 4280 [ 43EBC5556143BD468A44BC0E51555D0E ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
15:03:36.0406 4280 cmdvirth - ok
15:03:36.0420 4280 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:03:36.0438 4280 CNG - ok
15:03:36.0441 4280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:03:36.0450 4280 Compbatt - ok
15:03:36.0462 4280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:03:36.0477 4280 CompositeBus - ok
15:03:36.0487 4280 COMSysApp - ok
15:03:36.0502 4280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:03:36.0511 4280 crcdisk - ok
15:03:36.0545 4280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:03:36.0582 4280 CryptSvc - ok
15:03:36.0597 4280 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:03:36.0709 4280 CSC - ok
15:03:36.0784 4280 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:03:36.0836 4280 CscService - ok
15:03:36.0868 4280 [ BA25D4B9B067248F7CAC416E855D706B ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:03:36.0882 4280 dc3d - ok
15:03:36.0900 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:03:36.0943 4280 DcomLaunch - ok
15:03:36.0959 4280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:03:36.0987 4280 defragsvc - ok
15:03:36.0995 4280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:03:37.0025 4280 DfsC - ok
15:03:37.0031 4280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:03:37.0058 4280 Dhcp - ok
15:03:37.0065 4280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:03:37.0099 4280 discache - ok
15:03:37.0124 4280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:03:37.0133 4280 Disk - ok
15:03:37.0155 4280 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:03:37.0175 4280 dmvsc - ok
15:03:37.0189 4280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:03:37.0209 4280 Dnscache - ok
15:03:37.0224 4280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:03:37.0253 4280 dot3svc - ok
15:03:37.0264 4280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:03:37.0296 4280 DPS - ok
15:03:37.0326 4280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:03:37.0364 4280 drmkaud - ok
15:03:37.0396 4280 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:03:37.0410 4280 dtsoftbus01 - ok
15:03:37.0435 4280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:03:37.0461 4280 DXGKrnl - ok
15:03:37.0495 4280 [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
15:03:37.0510 4280 eamonm - ok
15:03:37.0514 4280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:03:37.0549 4280 EapHost - ok
15:03:37.0625 4280 [ 8947C98CC212AEEE1FABEC4582F652EE ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:03:37.0675 4280 ebdrv - ok
15:03:37.0692 4280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:03:37.0705 4280 EFS - ok
15:03:37.0740 4280 [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
15:03:37.0749 4280 ehdrv - ok
15:03:37.0776 4280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:03:37.0817 4280 ehRecvr - ok
15:03:37.0822 4280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:03:37.0842 4280 ehSched - ok
15:03:37.0909 4280 [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
15:03:37.0979 4280 ekrn - ok
15:03:37.0998 4280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:03:38.0011 4280 elxstor - ok
15:03:38.0022 4280 [ B4E8DC817963B256537B1EC09AF0647E ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
15:03:38.0030 4280 epfwwfpr - ok
15:03:38.0040 4280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:03:38.0058 4280 ErrDev - ok
15:03:38.0078 4280 [ 3DBC10CBC436288801FAEE66DE91AE47 ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys
15:03:38.0094 4280 EtronHub3 - ok
15:03:38.0108 4280 [ 1EDF0CF390B84266FD7FFED38AB7DCAC ] EtronSTOR C:\Windows\System32\Drivers\EtronSTOR.sys
15:03:38.0120 4280 EtronSTOR - ok
15:03:38.0131 4280 [ DE261095A2220D400D9603E1E42D4185 ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys
15:03:38.0139 4280 EtronXHCI - ok
15:03:38.0158 4280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:03:38.0185 4280 EventSystem - ok
15:03:38.0200 4280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:03:38.0225 4280 exfat - ok
15:03:38.0244 4280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:03:38.0280 4280 fastfat - ok
15:03:38.0313 4280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:03:38.0369 4280 Fax - ok
15:03:38.0378 4280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:03:38.0398 4280 fdc - ok
15:03:38.0408 4280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:03:38.0440 4280 fdPHost - ok
15:03:38.0443 4280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:03:38.0480 4280 FDResPub - ok
15:03:38.0499 4280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:03:38.0507 4280 FileInfo - ok
15:03:38.0521 4280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:03:38.0552 4280 Filetrace - ok
15:03:38.0579 4280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:03:38.0588 4280 flpydisk - ok
15:03:38.0616 4280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:03:38.0627 4280 FltMgr - ok
15:03:38.0657 4280 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:03:38.0687 4280 FontCache - ok
15:03:38.0767 4280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:38.0796 4280 FontCache3.0.0.0 - ok
15:03:38.0819 4280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:03:38.0831 4280 FsDepends - ok
15:03:38.0845 4280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:03:38.0857 4280 Fs_Rec - ok
15:03:38.0920 4280 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:03:38.0955 4280 fvevol - ok
15:03:38.0996 4280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:03:39.0009 4280 gagp30kx - ok
15:03:39.0077 4280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:03:39.0182 4280 gpsvc - ok
15:03:39.0230 4280 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:39.0251 4280 gupdate - ok
15:03:39.0293 4280 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:39.0303 4280 gupdatem - ok
15:03:39.0337 4280 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:03:39.0351 4280 gusvc - ok
15:03:39.0363 4280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:03:39.0386 4280 hcw85cir - ok
15:03:39.0399 4280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:03:39.0424 4280 HdAudAddService - ok
15:03:39.0445 4280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:03:39.0460 4280 HDAudBus - ok
15:03:39.0471 4280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:03:39.0491 4280 HidBatt - ok
15:03:39.0499 4280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:03:39.0515 4280 HidBth - ok
15:03:39.0525 4280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:03:39.0535 4280 HidIr - ok
15:03:39.0545 4280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:03:39.0578 4280 hidserv - ok
15:03:39.0594 4280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:03:39.0603 4280 HidUsb - ok
15:03:39.0607 4280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:03:39.0643 4280 hkmsvc - ok
15:03:39.0661 4280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:03:39.0672 4280 HomeGroupListener - ok
15:03:39.0682 4280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:03:39.0698 4280 HomeGroupProvider - ok
15:03:39.0714 4280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:03:39.0722 4280 HpSAMD - ok
15:03:39.0747 4280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:03:39.0785 4280 HTTP - ok
15:03:39.0793 4280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:03:39.0801 4280 hwpolicy - ok
15:03:39.0809 4280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:03:39.0818 4280 i8042prt - ok
15:03:39.0836 4280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:03:39.0848 4280 iaStorV - ok
15:03:39.0902 4280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:39.0945 4280 idsvc - ok
15:03:39.0955 4280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:03:39.0967 4280 iirsp - ok
15:03:39.0990 4280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:03:40.0036 4280 IKEEXT - ok
15:03:40.0052 4280 [ 50305DDD75C45BE853488390038F6EA0 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
15:03:40.0061 4280 inspect - ok
15:03:40.0171 4280 [ CCEDD47ABD068C58C8513DEB785093BB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:03:40.0225 4280 IntcAzAudAddService - ok
15:03:40.0249 4280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:03:40.0258 4280 intelide - ok
15:03:40.0275 4280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:03:40.0290 4280 intelppm - ok
15:03:40.0305 4280 [ E45575812630B049CE0F679D87561A4D ] ioatdma1 C:\Windows\System32\Drivers\qd162x64.sys
15:03:40.0312 4280 ioatdma1 - ok
15:03:40.0339 4280 [ 2C23820DD9E81199E60F553EB50BC449 ] ioatdma2 C:\Windows\System32\Drivers\qd262x64.sys
15:03:40.0346 4280 ioatdma2 - ok
15:03:40.0350 4280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:03:40.0439 4280 IPBusEnum - ok
15:03:40.0458 4280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:40.0482 4280 IpFilterDriver - ok
15:03:40.0489 4280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:03:40.0517 4280 iphlpsvc - ok
15:03:40.0531 4280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:03:40.0544 4280 IPMIDRV - ok
15:03:40.0552 4280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:03:40.0587 4280 IPNAT - ok
15:03:40.0604 4280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:03:40.0624 4280 IRENUM - ok
15:03:40.0635 4280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:03:40.0643 4280 isapnp - ok
15:03:40.0662 4280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:03:40.0673 4280 iScsiPrt - ok
15:03:40.0692 4280 [ 2D15CEDF619796002E8640F73A4BF920 ] iusb3hub C:\Windows\system32\drivers\iusb3hub.sys
15:03:40.0703 4280 iusb3hub - ok
15:03:40.0724 4280 [ F1E93FE111924D0BC853155AADF8048B ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
15:03:40.0739 4280 iusb3xhc - ok
15:03:40.0753 4280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:03:40.0762 4280 kbdclass - ok
15:03:40.0773 4280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:03:40.0791 4280 kbdhid - ok
15:03:40.0800 4280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:03:40.0809 4280 KeyIso - ok
15:03:40.0821 4280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:03:40.0830 4280 KSecDD - ok
15:03:40.0836 4280 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:03:40.0846 4280 KSecPkg - ok
15:03:40.0852 4280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:03:40.0886 4280 ksthunk - ok
15:03:40.0904 4280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:03:40.0939 4280 KtmRm - ok
15:03:40.0969 4280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:03:41.0002 4280 LanmanServer - ok
15:03:41.0013 4280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:03:41.0046 4280 LanmanWorkstation - ok
15:03:41.0062 4280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:03:41.0094 4280 lltdio - ok
15:03:41.0111 4280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:03:41.0155 4280 lltdsvc - ok
15:03:41.0158 4280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:03:41.0183 4280 lmhosts - ok
15:03:41.0201 4280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:03:41.0211 4280 LSI_FC - ok
15:03:41.0220 4280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:03:41.0230 4280 LSI_SAS - ok
15:03:41.0233 4280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:03:41.0242 4280 LSI_SAS2 - ok
15:03:41.0246 4280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:03:41.0256 4280 LSI_SCSI - ok
15:03:41.0270 4280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:03:41.0307 4280 luafv - ok
15:03:41.0320 4280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:03:41.0338 4280 Mcx2Svc - ok
15:03:41.0341 4280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:03:41.0349 4280 megasas - ok
15:03:41.0355 4280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:03:41.0366 4280 MegaSR - ok
15:03:41.0378 4280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:03:41.0412 4280 MMCSS - ok
15:03:41.0423 4280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:03:41.0451 4280 Modem - ok
15:03:41.0461 4280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:03:41.0481 4280 monitor - ok
15:03:41.0487 4280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:03:41.0495 4280 mouclass - ok
15:03:41.0515 4280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:03:41.0552 4280 mouhid - ok
15:03:41.0559 4280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:03:41.0573 4280 mountmgr - ok
15:03:41.0587 4280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:03:41.0601 4280 mpio - ok
15:03:41.0615 4280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:03:41.0649 4280 mpsdrv - ok
15:03:41.0666 4280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:03:41.0718 4280 MpsSvc - ok
15:03:41.0732 4280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:03:41.0759 4280 MRxDAV - ok
15:03:41.0764 4280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:41.0787 4280 mrxsmb - ok
15:03:41.0795 4280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:41.0805 4280 mrxsmb10 - ok
15:03:41.0809 4280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:41.0818 4280 mrxsmb20 - ok
15:03:41.0831 4280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:03:41.0839 4280 msahci - ok
15:03:41.0851 4280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:03:41.0861 4280 msdsm - ok
15:03:41.0873 4280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:03:41.0885 4280 MSDTC - ok
15:03:41.0891 4280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:03:41.0915 4280 Msfs - ok
15:03:41.0927 4280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:03:41.0958 4280 mshidkmdf - ok
15:03:41.0961 4280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:03:41.0970 4280 msisadrv - ok
15:03:41.0987 4280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:03:42.0013 4280 MSiSCSI - ok
15:03:42.0016 4280 msiserver - ok
15:03:42.0032 4280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:03:42.0060 4280 MSKSSRV - ok
15:03:42.0073 4280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:42.0107 4280 MSPCLOCK - ok
15:03:42.0119 4280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:03:42.0151 4280 MSPQM - ok
15:03:42.0167 4280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:03:42.0178 4280 MsRPC - ok
15:03:42.0190 4280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:03:42.0198 4280 mssmbios - ok
15:03:42.0206 4280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:03:42.0240 4280 MSTEE - ok
15:03:42.0249 4280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:03:42.0263 4280 MTConfig - ok
15:03:42.0266 4280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:03:42.0275 4280 Mup - ok
15:03:42.0292 4280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:03:42.0328 4280 napagent - ok
15:03:42.0343 4280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:03:42.0362 4280 NativeWifiP - ok
15:03:42.0387 4280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:03:42.0405 4280 NDIS - ok
15:03:42.0422 4280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:42.0446 4280 NdisCap - ok
15:03:42.0457 4280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:42.0481 4280 NdisTapi - ok
15:03:42.0492 4280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:42.0515 4280 Ndisuio - ok
15:03:42.0520 4280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:42.0551 4280 NdisWan - ok
15:03:42.0565 4280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:03:42.0596 4280 NDProxy - ok
15:03:42.0605 4280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:03:42.0640 4280 NetBIOS - ok
15:03:42.0654 4280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:03:42.0679 4280 NetBT - ok
15:03:42.0692 4280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:03:42.0701 4280 Netlogon - ok
15:03:42.0723 4280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:03:42.0756 4280 Netman - ok
15:03:42.0780 4280 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0793 4280 NetMsmqActivator - ok
15:03:42.0805 4280 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0816 4280 NetPipeActivator - ok
15:03:42.0833 4280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:03:42.0871 4280 netprofm - ok
15:03:42.0879 4280 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0890 4280 NetTcpActivator - ok
15:03:42.0894 4280 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0904 4280 NetTcpPortSharing - ok
15:03:42.0914 4280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:03:42.0923 4280 nfrd960 - ok
15:03:42.0929 4280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:03:42.0951 4280 NlaSvc - ok
15:03:42.0954 4280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:03:42.0978 4280 Npfs - ok
15:03:42.0981 4280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:03:43.0014 4280 nsi - ok
15:03:43.0017 4280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:03:43.0049 4280 nsiproxy - ok
15:03:43.0083 4280 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:03:43.0108 4280 Ntfs - ok
15:03:43.0148 4280 [ 77EB11DA191D12D12E28D7BD8905C42C ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
15:03:43.0190 4280 NuidFltr - ok
15:03:43.0210 4280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:03:43.0254 4280 Null - ok
15:03:43.0276 4280 [ B227E75AD10A142DD326B4CC8D73A6D9 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
15:03:43.0284 4280 nusb3hub - ok
15:03:43.0293 4280 [ 55959DB860E4E484681586824D09E52C ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
15:03:43.0302 4280 nusb3xhc - ok
15:03:43.0332 4280 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:03:43.0342 4280 NVHDA - ok
15:03:43.0542 4280 [ 1C16AEA28FA168FEB8FCB3D4FFED883E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:03:43.0665 4280 nvlddmkm - ok
15:03:43.0694 4280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:03:43.0704 4280 nvraid - ok
15:03:43.0716 4280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:03:43.0726 4280 nvstor - ok
15:03:43.0749 4280 [ D742C0EBCF9255EF9C6C6110C4FC278E ] nvsvc C:\Windows\system32\nvvsvc.exe
15:03:43.0766 4280 nvsvc - ok
15:03:43.0806 4280 [ 78F176DBFA41330633B6C2CBBF23DE24 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:03:43.0855 4280 nvUpdatusService - ok
15:03:43.0869 4280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:03:43.0879 4280 nv_agp - ok
15:03:43.0888 4280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:03:43.0898 4280 ohci1394 - ok
15:03:43.0988 4280 [ 257E17923B9521FEAF65900499049AA9 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
15:03:44.0029 4280 OODefragAgent - ok
15:03:44.0047 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:03:44.0069 4280 p2pimsvc - ok
15:03:44.0095 4280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:03:44.0112 4280 p2psvc - ok
15:03:44.0121 4280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:03:44.0130 4280 Parport - ok
15:03:44.0137 4280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:03:44.0145 4280 partmgr - ok
15:03:44.0150 4280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:03:44.0176 4280 PcaSvc - ok
15:03:44.0181 4280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:03:44.0191 4280 pci - ok
15:03:44.0194 4280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:03:44.0202 4280 pciide - ok
15:03:44.0219 4280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:03:44.0229 4280 pcmcia - ok
15:03:44.0232 4280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:03:44.0241 4280 pcw - ok
15:03:44.0256 4280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:03:44.0292 4280 PEAUTH - ok
15:03:44.0318 4280 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:03:44.0360 4280 PeerDistSvc - ok
15:03:44.0409 4280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:03:44.0443 4280 PerfHost - ok
15:03:44.0472 4280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:03:44.0522 4280 pla - ok
15:03:44.0547 4280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:03:44.0571 4280 PlugPlay - ok
15:03:44.0574 4280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:03:44.0592 4280 PNRPAutoReg - ok
15:03:44.0605 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:03:44.0617 4280 PNRPsvc - ok
15:03:44.0636 4280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:03:44.0670 4280 PolicyAgent - ok
15:03:44.0676 4280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:03:44.0710 4280 Power - ok
15:03:44.0736 4280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:03:44.0770 4280 PptpMiniport - ok
15:03:44.0782 4280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:03:44.0798 4280 Processor - ok
15:03:44.0811 4280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:03:44.0823 4280 ProfSvc - ok
15:03:44.0834 4280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:03:44.0843 4280 ProtectedStorage - ok
15:03:44.0855 4280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:03:44.0880 4280 Psched - ok
15:03:44.0917 4280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:03:44.0941 4280 ql2300 - ok
15:03:44.0945 4280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:03:44.0954 4280 ql40xx - ok
15:03:44.0960 4280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:03:44.0975 4280 QWAVE - ok
15:03:44.0979 4280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:03:44.0992 4280 QWAVEdrv - ok
15:03:45.0000 4280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:03:45.0035 4280 RasAcd - ok
15:03:45.0055 4280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:45.0079 4280 RasAgileVpn - ok
15:03:45.0083 4280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:03:45.0111 4280 RasAuto - ok
15:03:45.0123 4280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:45.0150 4280 Rasl2tp - ok
15:03:45.0160 4280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:03:45.0189 4280 RasMan - ok
15:03:45.0193 4280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:45.0229 4280 RasPppoe - ok
15:03:45.0232 4280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:03:45.0260 4280 RasSstp - ok
15:03:45.0276 4280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:03:45.0308 4280 rdbss - ok
15:03:45.0322 4280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:45.0338 4280 rdpbus - ok
15:03:45.0345 4280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:45.0370 4280 RDPCDD - ok
15:03:45.0386 4280 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:03:45.0396 4280 RDPDR - ok
15:03:45.0409 4280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:03:45.0440 4280 RDPENCDD - ok
15:03:45.0444 4280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:03:45.0469 4280 RDPREFMP - ok
15:03:45.0485 4280 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:03:45.0501 4280 RdpVideoMiniport - ok
15:03:45.0510 4280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:03:45.0528 4280 RDPWD - ok
15:03:45.0541 4280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:03:45.0552 4280 rdyboost - ok
15:03:45.0560 4280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:03:45.0586 4280 RemoteAccess - ok
15:03:45.0597 4280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:03:45.0630 4280 RemoteRegistry - ok
15:03:45.0646 4280 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
15:03:45.0654 4280 Revoflt - ok
15:03:45.0666 4280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:03:45.0692 4280 RpcEptMapper - ok
15:03:45.0700 4280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:03:45.0715 4280 RpcLocator - ok
15:03:45.0733 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:03:45.0761 4280 RpcSs - ok
15:03:45.0779 4280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:03:45.0804 4280 rspndr - ok
15:03:45.0840 4280 [ 3713DACCA1025B05A6343104112708D9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:03:45.0854 4280 RTL8167 - ok
15:03:45.0862 4280 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:03:45.0880 4280 s3cap - ok
15:03:45.0892 4280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:03:45.0901 4280 SamSs - ok
15:03:45.0910 4280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:03:45.0919 4280 sbp2port - ok
15:03:45.0923 4280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:03:45.0951 4280 SCardSvr - ok
15:03:45.0954 4280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:03:45.0985 4280 scfilter - ok
15:03:46.0003 4280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:03:46.0053 4280 Schedule - ok
15:03:46.0074 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:03:46.0097 4280 SCPolicySvc - ok
15:03:46.0102 4280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:03:46.0121 4280 SDRSVC - ok
15:03:46.0132 4280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:03:46.0163 4280 secdrv - ok
15:03:46.0166 4280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:03:46.0191 4280 seclogon - ok
15:03:46.0195 4280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:03:46.0224 4280 SENS - ok
15:03:46.0228 4280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:03:46.0248 4280 SensrSvc - ok
15:03:46.0258 4280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:03:46.0276 4280 Serenum - ok
15:03:46.0288 4280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:03:46.0311 4280 Serial - ok
15:03:46.0335 4280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:03:46.0350 4280 sermouse - ok
15:03:46.0362 4280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:03:46.0398 4280 SessionEnv - ok
15:03:46.0412 4280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:03:46.0426 4280 sffdisk - ok
15:03:46.0433 4280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:03:46.0452 4280 sffp_mmc - ok
15:03:46.0464 4280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:03:46.0484 4280 sffp_sd - ok
15:03:46.0492 4280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:03:46.0502 4280 sfloppy - ok
15:03:46.0516 4280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:03:46.0552 4280 SharedAccess - ok
15:03:46.0559 4280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:03:46.0588 4280 ShellHWDetection - ok
15:03:46.0605 4280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:03:46.0615 4280 SiSRaid2 - ok
15:03:46.0675 4280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:03:46.0711 4280 SiSRaid4 - ok
15:03:46.0806 4280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:03:46.0883 4280 Smb - ok
15:03:46.0905 4280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:03:46.0923 4280 SNMPTRAP - ok
15:03:46.0960 4280 [ 0FFE35F0B0CD5A324BBE22F02569AE3B ] speedfan C:\Windows\syswow64\speedfan.sys
15:03:46.0991 4280 speedfan - ok
15:03:47.0000 4280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:03:47.0012 4280 spldr - ok
15:03:47.0036 4280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:03:47.0052 4280 Spooler - ok
15:03:47.0101 4280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:03:47.0190 4280 sppsvc - ok
15:03:47.0195 4280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:03:47.0221 4280 sppuinotify - ok
15:03:47.0228 4280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:03:47.0244 4280 srv - ok
15:03:47.0260 4280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:03:47.0275 4280 srv2 - ok
15:03:47.0289 4280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:03:47.0298 4280 srvnet - ok
15:03:47.0305 4280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:03:47.0331 4280 SSDPSRV - ok
15:03:47.0344 4280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:03:47.0370 4280 SstpSvc - ok
15:03:47.0394 4280 Steam Client Service - ok
15:03:47.0407 4280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:03:47.0438 4280 stexstor - ok
15:03:47.0466 4280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:03:47.0514 4280 stisvc - ok
15:03:47.0518 4280 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:03:47.0529 4280 storflt - ok
15:03:47.0537 4280 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:03:47.0545 4280 storvsc - ok
15:03:47.0554 4280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:03:47.0562 4280 swenum - ok
15:03:47.0572 4280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:03:47.0608 4280 swprv - ok
15:03:47.0621 4280 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
15:03:47.0631 4280 Synth3dVsc - ok
15:03:47.0663 4280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:03:47.0708 4280 SysMain - ok
15:03:47.0712 4280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:03:47.0729 4280 TabletInputService - ok
15:03:47.0735 4280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:03:47.0765 4280 TapiSrv - ok
15:03:47.0810 4280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:03:47.0876 4280 TBS - ok
15:03:47.0906 4280 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:03:47.0934 4280 Tcpip - ok
15:03:47.0964 4280 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:03:47.0991 4280 TCPIP6 - ok
15:03:48.0002 4280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:03:48.0011 4280 tcpipreg - ok
15:03:48.0026 4280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:03:48.0039 4280 TDPIPE - ok
15:03:48.0045 4280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:03:48.0057 4280 TDTCP - ok
15:03:48.0072 4280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:03:48.0096 4280 tdx - ok
15:03:48.0106 4280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:03:48.0115 4280 TermDD - ok
15:03:48.0126 4280 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys
15:03:48.0143 4280 terminpt - ok
15:03:48.0163 4280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:03:48.0192 4280 TermService - ok
15:03:48.0195 4280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:03:48.0210 4280 Themes - ok
15:03:48.0228 4280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:03:48.0253 4280 THREADORDER - ok
15:03:48.0257 4280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:03:48.0289 4280 TrkWks - ok
15:03:48.0316 4280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:03:48.0340 4280 TrustedInstaller - ok
15:03:48.0346 4280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:48.0380 4280 tssecsrv - ok
15:03:48.0389 4280 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:03:48.0405 4280 TsUsbFlt - ok
15:03:48.0419 4280 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:03:48.0427 4280 TsUsbGD - ok
15:03:48.0431 4280 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
15:03:48.0440 4280 tsusbhub - ok
15:03:48.0457 4280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:03:48.0485 4280 tunnel - ok
15:03:48.0495 4280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:03:48.0504 4280 uagp35 - ok
15:03:48.0515 4280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:03:48.0551 4280 udfs - ok
15:03:48.0558 4280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:03:48.0569 4280 UI0Detect - ok
15:03:48.0579 4280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:03:48.0588 4280 uliagpkx - ok
15:03:48.0598 4280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:03:48.0616 4280 umbus - ok
15:03:48.0633 4280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:03:48.0648 4280 UmPass - ok
15:03:48.0660 4280 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:03:48.0682 4280 UmRdpService - ok
15:03:48.0697 4280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:03:48.0738 4280 upnphost - ok
15:03:48.0752 4280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:48.0762 4280 usbccgp - ok
15:03:48.0782 4280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:03:48.0793 4280 usbcir - ok
15:03:48.0803 4280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:03:48.0821 4280 usbehci - ok
15:03:48.0835 4280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:03:48.0855 4280 usbhub - ok
15:03:48.0860 4280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:03:48.0877 4280 usbohci - ok
15:03:48.0897 4280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:03:48.0936 4280 usbprint - ok
15:03:48.0963 4280 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:03:48.0988 4280 usbscan - ok
15:03:49.0000 4280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:49.0017 4280 USBSTOR - ok
15:03:49.0030 4280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:03:49.0049 4280 usbuhci - ok
15:03:49.0070 4280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:03:49.0114 4280 UxSms - ok
15:03:49.0125 4280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:03:49.0134 4280 VaultSvc - ok
15:03:49.0139 4280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:03:49.0148 4280 vdrvroot - ok
15:03:49.0165 4280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:03:49.0214 4280 vds - ok
15:03:49.0233 4280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:49.0244 4280 vga - ok
15:03:49.0252 4280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:03:49.0281 4280 VgaSave - ok
15:03:49.0297 4280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:03:49.0307 4280 vhdmp - ok
15:03:49.0319 4280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:03:49.0328 4280 viaide - ok
15:03:49.0332 4280 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:03:49.0342 4280 vmbus - ok
15:03:49.0352 4280 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:03:49.0371 4280 VMBusHID - ok
15:03:49.0374 4280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:03:49.0383 4280 volmgr - ok
15:03:49.0389 4280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:03:49.0400 4280 volmgrx - ok
15:03:49.0412 4280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:03:49.0423 4280 volsnap - ok
15:03:49.0450 4280 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
15:03:49.0460 4280 vpcbus - ok
15:03:49.0482 4280 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:03:49.0495 4280 vpcnfltr - ok
15:03:49.0509 4280 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
15:03:49.0528 4280 vpcusb - ok
15:03:49.0556 4280 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
15:03:49.0568 4280 vpcvmm - ok
15:03:49.0584 4280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:03:49.0594 4280 vsmraid - ok
15:03:49.0647 4280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:03:49.0718 4280 VSS - ok
15:03:49.0722 4280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:03:49.0737 4280 vwifibus - ok
15:03:49.0743 4280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:03:49.0773 4280 W32Time - ok
15:03:49.0787 4280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:03:49.0806 4280 WacomPen - ok
15:03:49.0823 4280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:03:49.0858 4280 WANARP - ok
15:03:49.0870 4280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:03:49.0894 4280 Wanarpv6 - ok
15:03:49.0924 4280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:03:49.0975 4280 wbengine - ok
15:03:49.0980 4280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:03:49.0995 4280 WbioSrvc - ok
15:03:50.0001 4280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:03:50.0024 4280 wcncsvc - ok
15:03:50.0027 4280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:03:50.0048 4280 WcsPlugInService - ok
15:03:50.0059 4280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:03:50.0067 4280 Wd - ok
15:03:50.0087 4280 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:03:50.0105 4280 Wdf01000 - ok
15:03:50.0110 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:03:50.0134 4280 WdiServiceHost - ok
15:03:50.0137 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:03:50.0150 4280 WdiSystemHost - ok
15:03:50.0159 4280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:03:50.0184 4280 WebClient - ok
15:03:50.0195 4280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:03:50.0239 4280 Wecsvc - ok
15:03:50.0243 4280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:03:50.0269 4280 wercplsupport - ok
15:03:50.0334 4280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:03:50.0452 4280 WerSvc - ok
15:03:50.0462 4280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:50.0487 4280 WfpLwf - ok
15:03:50.0497 4280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:03:50.0505 4280 WIMMount - ok
15:03:50.0524 4280 WinDefend - ok
15:03:50.0529 4280 WinHttpAutoProxySvc - ok
15:03:50.0566 4280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:03:50.0592 4280 Winmgmt - ok
15:03:50.0630 4280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:03:50.0676 4280 WinRM - ok
15:03:50.0701 4280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:03:50.0731 4280 Wlansvc - ok
15:03:50.0811 4280 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:50.0884 4280 wlidsvc - ok
15:03:50.0906 4280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:03:50.0944 4280 WmiAcpi - ok
15:03:50.0954 4280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:03:50.0977 4280 wmiApSrv - ok
15:03:50.0988 4280 WMPNetworkSvc - ok
15:03:50.0997 4280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:03:51.0007 4280 WPCSvc - ok
15:03:51.0011 4280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:03:51.0022 4280 WPDBusEnum - ok
15:03:51.0025 4280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:03:51.0049 4280 ws2ifsl - ok
15:03:51.0053 4280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:03:51.0071 4280 wscsvc - ok
15:03:51.0074 4280 WSearch - ok
15:03:51.0125 4280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:03:51.0158 4280 wuauserv - ok
15:03:51.0163 4280 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:03:51.0181 4280 WudfPf - ok
15:03:51.0199 4280 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:51.0210 4280 WUDFRd - ok
15:03:51.0227 4280 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:03:51.0245 4280 wudfsvc - ok
15:03:51.0250 4280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:03:51.0265 4280 WwanSvc - ok
15:03:51.0307 4280 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
15:03:51.0347 4280 xnacc - ok
15:03:51.0386 4280 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
15:03:51.0408 4280 xusb21 - ok
15:03:51.0416 4280 ================ Scan global ===============================
15:03:51.0431 4280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:03:51.0447 4280 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:03:51.0463 4280 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:03:51.0486 4280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:03:51.0511 4280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:03:51.0518 4280 [Global] - ok
15:03:51.0518 4280 ================ Scan MBR ==================================
15:03:51.0524 4280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:03:51.0878 4280 \Device\Harddisk0\DR0 - ok
15:03:51.0878 4280 ================ Scan VBR ==================================
15:03:51.0884 4280 [ 8B01FBDC36ED49E191929C0AAC04AA6D ] \Device\Harddisk0\DR0\Partition1
15:03:51.0887 4280 \Device\Harddisk0\DR0\Partition1 - ok
15:03:51.0915 4280 [ 6BC3077448699216B900D856293C1104 ] \Device\Harddisk0\DR0\Partition2
15:03:51.0918 4280 \Device\Harddisk0\DR0\Partition2 - ok
15:03:51.0934 4280 [ 8033D99DF9B7417362D190E1A5322550 ] \Device\Harddisk0\DR0\Partition3
15:03:51.0937 4280 \Device\Harddisk0\DR0\Partition3 - ok
15:03:51.0938 4280 ============================================================
15:03:51.0938 4280 Scan finished
15:03:51.0938 4280 ============================================================
15:03:51.0963 1708 Detected object count: 0
15:03:51.0963 1708 Actual detected object count: 0
15:04:21.0679 1148 Deinitialize success
|
|
06.05.2013, 09:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner oder Stealer Unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner oder Stealer |
| adblock, antivirus, autorun, desktop, downloader, emsisoft, error, eset nod32, firefox, flash player, focus, format, helper, homepage, iexplore.exe, install.exe, installation, logfile, msvcrt, plug-in, programm, realtek, registry, revo uninstaller, rundll, scan, software, super, svchost.exe, trojaner, udp, updates, windows, windows xp, youtube downloader |
Linear-Darstellung
