Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner oder Stealer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.05.2013, 04:46   #1
batekha
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Hallo,

hab von jemanden ein Programm zugeschickt bekommen
Beim installieren ist mir aufgefallen, dass mehrere *.exe Dateien und *.jar Dateien erstellt wurden

Unter Anderem im temp Ordner und im Java Ordner und der Installer hat nicht funktioniert

Also mit hoher Sicherheit ein Trojaner oder Stealer

Hab sofort Java Cache gelöscht, temp Ordner geleert usw.

Mehrere Verdächtige Sachen gefunden wie ju.jar und ishi.exe und .tmp Dateien
Hatte während des Setups auch die Firewall zugelassen, da ich vermutet hatte, dass Updates heruntergeladen werden.

Eset, Malwarebytes, Emnisoft & Trojan Remover konnten nichts finden.

Hier mal die Logs, vielleicht könnt ihr mir ja weiterhelfen

OTL
Code:
ATTFilter
OTL logfile created on: 04.05.2013 04:02:21 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VITALITASIA\Desktop\Tools\Security
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,63% Memory free
12,00 Gb Paging File | 10,19 Gb Available in Paging File | 84,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 245,41 Gb Total Space | 202,05 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 88,11 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive E: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VITALITASIA-PC | User Name: VITALITASIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.04 02:52:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\Tools\Security\Otl.exe
PRC - [2013.04.19 06:24:21 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.04.14 18:58:32 | 000,124,416 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.14 18:59:20 | 002,376,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2013.04.14 18:59:18 | 011,387,392 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,221,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2013.04.14 18:59:12 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,968,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,387,584 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2013.04.14 18:59:10 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2013.04.14 18:59:08 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2013.04.14 18:59:08 | 001,338,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2013.04.14 18:59:08 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2013.04.14 18:59:08 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2013.04.14 18:59:08 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2013.04.14 18:59:06 | 008,025,600 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2013.04.14 18:59:06 | 000,393,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2013.04.14 18:59:06 | 000,279,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,072,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2013.04.14 18:59:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2013.04.14 18:58:58 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2013.04.14 18:58:56 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2013.04.14 18:58:56 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2013.04.14 18:58:56 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2013.04.14 18:58:54 | 001,551,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2013.04.14 18:58:54 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2013.04.14 18:58:52 | 001,405,440 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2013.04.14 18:58:52 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2013.04.14 18:58:52 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2013.04.14 18:58:48 | 001,285,120 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2013.04.14 18:58:48 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,740,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2013.04.14 18:58:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2013.04.14 18:58:44 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2013.04.14 18:58:42 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2013.04.14 18:58:40 | 000,134,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2013.04.14 18:58:40 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2013.04.14 18:58:38 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2013.04.14 18:58:38 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2013.04.14 18:58:36 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2013.04.14 18:58:34 | 000,693,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2013.04.14 18:58:34 | 000,469,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2013.04.14 18:58:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2013.04.14 18:58:32 | 000,071,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.25 01:30:18 | 005,784,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.19 18:10:00 | 002,570,544 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2013.04.19 06:24:21 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.04.15 18:38:22 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013.03.28 19:02:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013.03.21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.04 01:45:06 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2013.04.28 22:25:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.04.15 18:38:52 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013.04.13 05:47:19 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013.04.13 05:47:19 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013.04.13 05:10:42 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.04.13 05:04:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.04.13 05:04:04 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.04.13 05:04:04 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013.04.13 05:04:04 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 09:25:22 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.12.21 07:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.12.21 07:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.11.26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.11.08 13:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012.11.08 13:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012.07.24 21:58:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.07.24 21:58:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.07.24 21:58:00 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronSTOR.sys -- (EtronSTOR)
DRV:64bit: - [2012.06.12 23:00:48 | 000,726,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.03.26 06:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.03.08 11:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:64bit: - [2012.02.22 18:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)
DRV:64bit: - [2012.02.22 18:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)
DRV:64bit: - [2012.02.22 16:27:02 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:64bit: - [2012.01.24 17:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2011.10.25 19:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.10.25 19:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.04.08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.11.16 16:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009.11.16 16:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.03.28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 DB F5 F2 48 44 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013.05.01 19:41:58 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Ultimate YouTube Downloader = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.2.1_0\
CHR - Extension: YouTube = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Downloads = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: Google Mail = C:\Users\VITALITASIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA1DAE1F-7C5F-404F-B763-D4CA56CA20B5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.05 14:56:54 | 000,000,099 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.04 04:00:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\OTL.exe
[2013.05.04 01:45:16 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-183082
[2013.05.04 01:45:06 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2013.05.04 01:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2013.05.04 01:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2013.05.04 00:47:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2013.05.04 00:45:07 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\O&O
[2013.05.04 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2013.05.04 00:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2013.05.04 00:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2013.05.04 00:03:48 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Malwarebytes
[2013.05.04 00:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 00:03:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.04 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.03 23:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.03 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.05.03 22:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.05.03 22:57:17 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Simply Super Software
[2013.05.03 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Simply Super Software
[2013.05.03 22:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.03 22:41:37 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013.05.03 21:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.05.03 21:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.05.03 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Anti-Malware
[2013.05.03 17:50:31 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2013.05.03 16:36:12 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Virtual Machines
[2013.05.03 16:32:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2013.05.03 16:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2013.05.03 16:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2013.05.03 16:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013.05.03 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\ESET
[2013.05.02 01:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension
[2013.05.01 23:42:46 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Documents\Scanned Documents
[2013.05.01 23:42:46 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Fax
[2013.05.01 23:35:54 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\My Cheat Tables
[2013.05.01 22:18:19 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\SoftCoder
[2013.05.01 19:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.05.01 19:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.05.01 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.05.01 18:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Little Registry Cleaner
[2013.05.01 18:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.05.01 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.05.01 18:09:50 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Runscanner.net
[2013.05.01 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Documents\Moyea
[2013.05.01 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Moyea
[2013.05.01 16:01:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.05.01 16:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moyea
[2013.05.01 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea
[2013.04.30 22:22:31 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\JAM Software
[2013.04.30 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\QuickPar
[2013.04.30 04:58:02 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\VS Revo Group
[2013.04.30 04:57:56 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013.04.30 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013.04.30 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013.04.30 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.04.30 03:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2013.04.30 02:29:37 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker
[2013.04.30 02:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegSeeker
[2013.04.30 02:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegSeeker
[2013.04.30 01:59:24 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Canon Easy-PhotoPrint EX
[2013.04.30 01:57:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2013.04.30 01:57:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2013.04.30 01:57:13 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Canon
[2013.04.30 01:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013.04.30 01:51:59 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Software
[2013.04.30 01:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.04.30 01:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.04.30 01:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013.04.30 01:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
[2013.04.30 01:47:31 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.04.29 22:51:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Foxit Software
[2013.04.29 22:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.04.29 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Diagnostics
[2013.04.29 22:08:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSIP
[2013.04.29 21:43:13 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.04.29 21:43:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.04.29 17:07:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.29 15:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2013.04.29 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cloning Clyde v1.0.197.0
[2013.04.29 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Programs
[2013.04.29 07:12:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.29 00:13:29 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2013.04.29 00:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan
[2013.04.29 00:13:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\athan
[2013.04.29 00:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Athan
[2013.04.28 23:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV-Browser
[2013.04.28 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\vlc
[2013.04.28 23:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013.04.28 23:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.04.28 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Windows Live Writer
[2013.04.28 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Windows Live Writer
[2013.04.28 22:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013.04.28 22:57:22 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\QuickScan
[2013.04.28 22:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.28 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.28 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.04.28 22:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2013.04.28 22:40:07 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013.04.28 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013.04.28 22:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2013.04.28 22:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.04.28 22:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.04.28 22:29:27 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Tools
[2013.04.28 22:29:15 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Download
[2013.04.28 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\Desktop\Spiele
[2013.04.28 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Windows Live
[2013.04.28 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2013.04.28 22:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2013.04.28 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.28 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.04.28 22:25:38 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.28 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\DAEMON Tools Lite
[2013.04.28 22:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.04.28 22:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.04.28 22:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.04.28 22:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013.04.28 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013.04.28 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013.04.28 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013.04.28 22:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.04.28 22:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013.04.28 22:20:44 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\uTorrent
[2013.04.28 22:20:27 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\WinRAR
[2013.04.28 22:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.04.28 22:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.28 22:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.04.28 22:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.04.28 22:15:01 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.04.28 22:15:01 | 000,823,072 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2013.04.28 22:15:01 | 000,633,632 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2013.04.28 22:15:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.04.28 22:15:01 | 000,517,408 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2013.04.28 22:15:01 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.04.28 22:15:01 | 000,213,792 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2013.04.28 22:15:01 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.04.28 22:15:01 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.04.28 22:15:01 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.04.28 22:15:01 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.04.28 22:15:01 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.04.28 22:15:01 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.04.28 22:15:00 | 014,021,912 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013.04.28 22:15:00 | 009,123,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2013.04.28 22:15:00 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.04.28 22:15:00 | 004,957,976 | ---- | C] (A-volute) -- C:\Windows\SysNative\RTKSMlfx.dll
[2013.04.28 22:15:00 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.04.28 22:15:00 | 001,900,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.04.28 22:15:00 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.04.28 22:15:00 | 000,887,640 | ---- | C] (A-Volute) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2013.04.28 22:15:00 | 000,719,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2013.04.28 22:15:00 | 000,612,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2013.04.28 22:15:00 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.04.28 22:15:00 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.04.28 22:15:00 | 000,395,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.04.28 22:15:00 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.04.28 22:15:00 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.04.28 22:15:00 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.04.28 22:15:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.04.28 22:15:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.04.28 22:15:00 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.04.28 22:15:00 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.04.28 22:15:00 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.04.28 22:15:00 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.04.28 22:15:00 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.04.28 22:15:00 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.04.28 22:14:59 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.04.28 22:14:59 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.04.28 22:14:59 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.04.28 22:14:59 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.04.28 22:14:59 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.04.28 22:14:59 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.04.28 22:14:59 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.04.28 22:14:59 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.04.28 22:14:59 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.04.28 22:14:59 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.04.28 22:14:59 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.04.28 22:14:59 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.04.28 22:14:59 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.04.28 22:14:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.04.28 22:14:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.04.28 22:14:59 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.04.28 22:14:59 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.04.28 22:14:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.04.28 22:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.04.28 22:14:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.04.28 22:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.28 22:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.28 22:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.04.28 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.04.28 22:12:21 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.04.28 22:12:21 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.04.28 22:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.28 22:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.04.28 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.04.28 22:10:54 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.04.28 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Alt.Binz
[2013.04.28 22:04:05 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\NetSpeedMonitor
[2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2013.04.28 22:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2013.04.28 22:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[2013.04.28 22:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alt.Binz
[2013.04.28 22:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alt.Binz
[2013.04.28 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.04.28 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.28 21:59:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.04.28 21:58:22 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\SkyDrive
[2013.04.28 21:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.04.28 21:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.04.28 21:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.28 21:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.28 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.28 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.28 21:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.04.28 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.28 21:46:48 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Google
[2013.04.28 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Deployment
[2013.04.28 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Apps
[2013.04.28 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Adobe
[2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Searches
[2013.04.28 21:43:04 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.28 21:42:57 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Identities
[2013.04.28 21:42:55 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Contacts
[2013.04.28 21:42:54 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\VirtualStore
[2013.04.28 21:42:51 | 000,000,000 | --SD | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Videos
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Saved Games
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Pictures
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Music
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Links
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Favorites
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Downloads
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Documents
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\Desktop
[2013.04.28 21:42:51 | 000,000,000 | R--D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Vorlagen
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Verlauf
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Temporary Internet Files
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Startmenü
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\SendTo
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Recent
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Netzwerkumgebung
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Lokale Einstellungen
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Videos
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Musik
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Eigene Dateien
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Documents\Eigene Bilder
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Druckumgebung
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Cookies
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\AppData\Local\Anwendungsdaten
[2013.04.28 21:42:51 | 000,000,000 | -HSD | C] -- C:\Users\VITALITASIA\Anwendungsdaten
[2013.04.28 21:42:51 | 000,000,000 | -H-D | C] -- C:\Users\VITALITASIA\AppData
[2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Temp
[2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Local\Microsoft
[2013.04.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\VITALITASIA\AppData\Roaming\Media Center Programs
[2013.04.28 21:30:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.04.28 21:30:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.04.28 21:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.28 21:28:42 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.28 21:28:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.28 21:13:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.04.28 21:12:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.04.23 15:04:12 | 000,437,176 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2013.04.23 15:04:12 | 000,348,048 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2013.04.19 18:09:52 | 000,253,744 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013.04.19 18:09:44 | 000,011,056 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013.04.15 18:38:52 | 000,023,168 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2013.04.15 18:38:40 | 000,043,216 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2013.04.15 18:38:30 | 000,343,760 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2013.04.15 18:38:30 | 000,045,776 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2013.04.15 18:38:26 | 000,276,688 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2013.04.15 18:38:26 | 000,040,656 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2013.04.15 16:46:09 | 000,000,000 | ---D | C] -- C:\Windows\WinToolkit
[2013.04.15 16:44:10 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2013.04.15 16:44:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2013.04.15 16:44:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2013.04.15 16:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2013.04.15 16:43:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013.04.15 16:43:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2013.04.15 16:42:38 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.04.15 16:42:36 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.04.15 16:42:34 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.04.15 16:42:34 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.04.12 16:21:49 | 000,418,632 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmtxhci.sys
[2013.04.12 16:21:49 | 000,139,592 | ---- | C] (ASMedia Technology Inc) -- C:\Windows\SysNative\drivers\asmthub3.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 04:00:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VITALITASIA\Desktop\OTL.exe
[2013.05.04 03:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 03:30:05 | 000,000,168 | ---- | M] () -- C:\Users\VITALITASIA\defogger_reenable
[2013.05.04 02:38:34 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 02:38:34 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 02:35:38 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.04 02:35:38 | 000,700,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.04 02:35:38 | 000,654,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.04 02:35:38 | 000,149,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.04 02:35:38 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.04 02:31:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 02:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 02:30:56 | 535,732,223 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.04 02:30:22 | 000,005,276 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.05.04 01:45:16 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-183082
[2013.05.04 01:45:06 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2013.05.01 19:26:32 | 000,000,600 | ---- | M] () -- C:\Users\VITALITASIA\PUTTY.RND
[2013.05.01 15:10:39 | 000,029,768 | ---- | M] () -- C:\Users\VITALITASIA\Documents\cc_20130501_151032.reg
[2013.05.01 15:09:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.30 18:04:28 | 000,000,814 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Bewerbungen.lnk
[2013.04.30 15:56:38 | 000,000,659 | ---- | M] () -- C:\Users\VITALITASIA\.swfinfo
[2013.04.29 21:36:33 | 000,001,124 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Picasa 3.lnk
[2013.04.29 00:13:30 | 000,001,829 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Athan.lnk
[2013.04.29 00:12:57 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2013.04.28 23:48:07 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2013.04.28 23:46:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.04.28 23:46:46 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.28 23:45:22 | 000,001,117 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\aglotze.lnk
[2013.04.28 22:58:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.04.28 22:55:50 | 000,001,749 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\SkyDrive.lnk
[2013.04.28 22:53:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2013.04.28 22:53:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.04.28 22:53:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013.04.28 22:43:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.04.28 22:43:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013.04.28 22:37:46 | 000,013,257 | ---- | M] () -- C:\Users\VITALITASIA\Desktop\Energieoptionen.lnk
[2013.04.28 22:25:58 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.28 22:25:38 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.28 22:03:32 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Alt.Binz.lnk
[2013.04.28 21:40:36 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.28 21:17:21 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.04.28 21:17:21 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.04.28 21:15:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.28 21:13:11 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.23 15:04:12 | 000,437,176 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2013.04.23 15:04:12 | 000,348,048 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2013.04.19 18:09:52 | 000,253,744 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2013.04.19 18:09:44 | 000,011,056 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2013.04.19 06:24:21 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.04.19 06:24:21 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.04.19 06:24:21 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.17 19:30:28 | 003,122,645 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.04.15 18:38:52 | 000,023,168 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2013.04.15 18:38:40 | 000,043,216 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2013.04.15 18:38:30 | 000,343,760 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2013.04.15 18:38:30 | 000,045,776 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2013.04.15 18:38:26 | 000,276,688 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2013.04.15 18:38:26 | 000,040,656 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2013.04.15 16:43:34 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2013.04.15 16:43:34 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2013.04.15 16:42:38 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.04.15 16:42:36 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.04.15 16:42:34 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.04.15 16:42:34 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.04.13 05:49:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.13 05:49:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.13 05:18:48 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.13 05:18:11 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.04 03:30:05 | 000,000,168 | ---- | C] () -- C:\Users\VITALITASIA\defogger_reenable
[2013.05.03 22:57:17 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2013.05.03 22:57:17 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2013.05.03 22:41:22 | 000,005,276 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.05.01 19:25:32 | 000,000,600 | ---- | C] () -- C:\Users\VITALITASIA\PUTTY.RND
[2013.05.01 15:10:36 | 000,029,768 | ---- | C] () -- C:\Users\VITALITASIA\Documents\cc_20130501_151032.reg
[2013.05.01 15:09:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.30 18:04:28 | 000,000,814 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Bewerbungen.lnk
[2013.04.30 15:30:31 | 000,000,659 | ---- | C] () -- C:\Users\VITALITASIA\.swfinfo
[2013.04.29 21:42:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1746D.TBL
[2013.04.29 21:42:07 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1746D.TBL
[2013.04.29 21:36:33 | 000,001,124 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Picasa 3.lnk
[2013.04.29 00:13:30 | 000,001,829 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Athan.lnk
[2013.04.28 23:48:07 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2013.04.28 23:46:46 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.28 23:46:45 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.04.28 23:45:22 | 000,001,117 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\aglotze.lnk
[2013.04.28 22:58:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013.04.28 22:55:50 | 000,001,749 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\SkyDrive.lnk
[2013.04.28 22:53:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2013.04.28 22:53:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.04.28 22:53:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013.04.28 22:43:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.04.28 22:43:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013.04.28 22:37:46 | 000,013,257 | ---- | C] () -- C:\Users\VITALITASIA\Desktop\Energieoptionen.lnk
[2013.04.28 22:30:43 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.04.28 22:25:58 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.28 22:15:01 | 003,180,264 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.04.28 22:15:00 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.04.28 22:12:36 | 003,122,645 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.04.28 22:11:30 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.28 22:03:32 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Alt.Binz.lnk
[2013.04.28 21:58:22 | 000,002,200 | ---- | C] () -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.04.28 21:46:55 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.28 21:46:54 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.28 21:43:05 | 000,001,413 | ---- | C] () -- C:\Users\VITALITASIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.28 21:31:25 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.28 21:16:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.28 21:16:56 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.28 21:15:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.28 21:12:52 | 535,732,223 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.15 16:44:40 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2013.04.15 16:44:39 | 000,700,562 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.15 16:44:39 | 000,149,462 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.15 16:44:39 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2013.04.13 05:49:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.13 05:49:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.13 05:18:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.13 05:18:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.04.13 05:20:21 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.04.13 05:20:21 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.30 02:25:29 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Canon
[2013.05.03 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\DAEMON Tools Lite
[2013.04.29 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Foxit Software
[2013.04.30 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\JAM Software
[2013.05.01 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Moyea
[2013.04.28 22:04:09 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\NetSpeedMonitor
[2013.04.28 22:57:22 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\QuickScan
[2013.05.01 18:20:34 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Runscanner.net
[2013.05.03 23:00:08 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Simply Super Software
[2013.05.04 01:46:28 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\uTorrent
[2013.05.02 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\VITALITASIA\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2013 04:02:21 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VITALITASIA\Desktop\Tools\Security
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,63% Memory free
12,00 Gb Paging File | 10,19 Gb Available in Paging File | 84,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 245,41 Gb Total Space | 202,05 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 88,11 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive E: | 2,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VITALITASIA-PC | User Name: VITALITASIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097D3631-AEF4-41C8-B2F7-9CD235867A06}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0AE98FE3-A35E-4D09-85B2-5E28FFD8F3F3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{17EA8370-EF5E-49F2-8C4F-991E87DEE99C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{386C1F4A-BCC6-4456-8B4E-AAF4EE16956D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{419F948D-BA0B-446B-9BA2-8AAF4F169FD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45D041E2-01CC-4BC6-BA02-9D7A25DA703F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4D36A25F-C4CA-4BBA-99D6-03E595EA4ED2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{50F9BD0C-C22A-4A0A-AEA9-96EC17D852BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{699F54F2-6CA1-4B5F-BA37-0B75D2399E61}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6B98DD9E-EB0D-4110-9275-B64AC5F28919}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6F4698FA-119D-4A71-9CD7-5DD5638F36EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6F5BAB51-CE88-4212-8C0C-8BD58B8E9923}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8430AB9C-D498-4B99-A258-EFDBFA1333EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9473AA73-6CFD-4E42-9595-8D1EBF9E1729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{991887F6-3ACD-4448-A1A6-CFAC41FCE4DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A53AC3CB-52EA-4148-8B5D-72B2B46B169C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B47B3C36-409F-4874-BDFA-E3BCB155F0C9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C794BB2C-95C2-4CF6-8620-A3286DE8F18C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D41588F4-A144-4D9F-8A66-B7D44CE76978}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D7EED53F-E2AE-48E4-B4FA-7305ABA8198C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DA0BA282-3796-4E6D-AF11-6ED17AFFCE06}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DEAA9023-E844-4E3A-9EF1-EFD31E39D169}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F33BA06E-C755-4F6D-BA07-E001F5437AB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F40CBE2B-2760-4C8B-81D4-F08602FA70EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F59994D0-03FF-4DF8-899B-DBE4A33AA770}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A33A945-855D-443D-83D7-3EB267109AC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1FCD53F6-6CCF-4CFA-BAE7-8B075B1559EA}" = dir=in | app=c:\users\vitalitasia\appdata\local\microsoft\skydrive\skydrive.exe | 
"{2244E668-7262-4B72-A2E1-501048E98DE9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D1DCBF3-A210-4CED-BA44-51B560127D62}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{43769C55-07BD-488B-B98C-56E47B8774F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43B07018-0989-4901-90CF-C207075309F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4B9BDEDD-4F66-4701-BA61-BED22178A574}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{4CA1EA80-AE39-4ECB-9601-D9D023747746}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5301EA7E-8811-4F31-9868-BA1DC6166ECA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A5736B3-784D-4FAE-9A7E-837815ECB048}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CF9B01C-F87A-42CE-BEAB-4C4275D407D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{70C738B3-EA2C-42D3-89D6-437A07AA612E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{733DFA19-B365-4CD8-BAA4-9B4B45EC7513}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75AAAD62-BEF2-49D2-860A-6FC896E50D1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{936E688A-6FFC-4D56-9ADD-53BC2030899A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{93D50DD0-7112-4F12-AC7F-C50DB38BE5D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{956E03F7-2312-493A-9AA6-6035724B127A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DC31C39-CD33-4665-91A7-DA8D818F87C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B88F4937-E241-4948-B79D-E89B25017DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{C1031E8A-D201-4DEE-9266-B42FB8294DFE}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{CB94BE4A-1480-47D8-BC01-9622149220B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD0D498A-1E9A-4142-BF05-E8DF80AA9A4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1C30BA4-F47E-4096-AE1D-CB7982EF50C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6768466-3042-434E-A854-8F4E5CEFB0CF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{D91B1BC5-BF8F-4B85-AF8A-C2A9285454E9}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{E4016252-7F36-49CC-B854-92E93EA61345}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{E44AA3DE-D7A0-4792-8B42-72085C953E57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E623E1E0-A278-4A80-9720-DB52F504E64C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E96AD7C7-2ABB-48AB-858D-1AD1619F3F55}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{F1FDCCEE-AA47-4627-8138-EA663B730DEE}" = protocol=6 | dir=out | app=system | 
"{F427E323-24C0-4E9E-A43A-8AFEC5F516B1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{5497047A-44F2-4189-85BE-76F6B8DF92AF}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{4588A9C6-D75C-4CC8-944C-A5863D4A27A4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{39BFB173-09EB-4286-84E1-2FAFC97107E1}" = ESET NOD32 Antivirus
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Firewall
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FD27F016-131B-48DF-B110-DF3F82714170}" = O&O Defrag Professional
"CCleaner" = CCleaner
"HashTab" = HashTab 5.1.0.23
"Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1" = Revo Uninstaller Pro 3.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Alt.Binz" = Alt.Binz 0.39.4
"Athan" = Athan Basic 4.4
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Picasa 3" = Picasa 3
"Q2xvbmluZ0NseWRldjEwMTk3MA==_is1" = Cloning Clyde v1.0.197.0 (c) NinjaBee version 1
"QuickPar" = QuickPar 0.9
"RegSeeker" = RegSeeker
"Security Task Manager" = Security Task Manager 1.8g
"SpeedFan" = SpeedFan (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.6
"tvbrowser" = TV-Browser 3.3a
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 03.05.2013 20:32:48 | Computer Name = VITALITASIA-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2013 20:33:18 | Computer Name = VITALITASIA-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 28.04.2013 16:53:54 | Computer Name = VITALITASIA-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 29.04.2013 15:42:41 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 29.04.2013 21:23:32 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 30.04.2013 16:29:35 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 01.05.2013 05:27:22 | Computer Name = VITALITASIA-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.05.2013 12:01:22 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Desktop Update Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 01.05.2013 13:42:22 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 03.05.2013 09:27:17 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "COMODO Virtual Service Manager" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 03.05.2013 20:31:29 | Computer Name = VITALITASIA-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         

Geändert von batekha (04.05.2013 um 05:05 Uhr)

Alt 04.05.2013, 16:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Hallo und

Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.05.2013, 19:05   #3
batekha
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo und



Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Hallo, ersteinmal danke für die Antwort

ich hab die Version gebraucht gekauft und sie war nur geringfügig teurer als die Professional Version.

Scans habe ich jeweils gemacht mit: Eset Nod32, Malwarebytes, Emnisoft Antim., Trojan Remover und Prevx, keiner der angegegeben Programme hat etwas gefunden.
Und OTL hat auch beim Start nichts gemeldet.

Also dieser Trojaner oder was auch immer es scheint gut versteckt zu sein.

Vielleicht komme ich noch an das Programm ran, was mir geschickt wurde, vielleicht würde euch das weiterhelfen

Es war die Testversion von Trojan Remover. Hätte ich lieber direkt von der Homepage runterladen sollen. Wie gesagt das Setup war nicht funktionsfähig und es wurden nur diese mysteriösen Dateien erstellt.

Ich bedanke mich schon einmal im Voraus für weitere Hilfe


MfG
__________________

Alt 04.05.2013, 23:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Zitat:
Also dieser Trojaner oder was auch immer es scheint gut versteckt zu sein.
Warum bitte legst du dich schon auf eine Infektion fest, wenn noch nie etwas gefunden wurde?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.05.2013, 23:55   #5
batekha
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Zitat:
Zitat von cosinus Beitrag anzeigen
Warum bitte legst du dich schon auf eine Infektion fest, wenn noch nie etwas gefunden wurde?
Wie gesagt, weil mehrere Dateien erstellt wurden, die eine Verbindung zum Internet aufgebaut haben.

3 Dateien habe ich bemerkt, es könnten durchaus mehrere sein.

Unter Anderem ishi.exe, die nach meinen Recherchen im Internet gefährlich ist.

Java lief plötzlich in den Prozessen und ich konnte das durch das Setup erstellte "ju.jar" nicht löschen bis ich beide Java Prozesse im Task Manager beendet habe.

Mfg


Alt 05.05.2013, 00:13   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Jedes Programm erstellt Dateien und fast jedes Programm will auch über das inet kommunizieren. Das allein ist also ein sehr schlechtes Merkmal um Malware zu identifizieren, denn demnach wäre ja fast jede Software Malware.



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Trojaner oder Stealer

Alt 05.05.2013, 15:09   #7
batekha
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Hallo, danke für die ausführlichen Anleitungen.

Hier sind die entsprechenden Logs

Ich weiß, dass der Aufbau zum Internet nichts bedeutsames sein muss, aber das Setup hatte zwar das Trojan Remover Logo, hat aber das gewünschte Programm nicht installiert und beendete sich selbst mit einem Fehler.

Als ich die Version direkt von der Herstellerseite heruntergeladen habe, hat das Setup jedoch funktioniert.

MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
VITALITASIA :: VITALITASIA-PC [administrator]

05.05.2013 14:43:34
mbar-log-2013-05-05 (14-43-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28397
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-05 14:46:31
-----------------------------
14:46:31.958    OS Version: Windows x64 6.1.7601 Service Pack 1
14:46:31.958    Number of processors: 4 586 0x403
14:46:31.958    ComputerName: VITALITASIA-PC  UserName: VITALITASIA
14:46:35.310    Initialize success
14:48:29.184    AVAST engine defs: 13050500
14:50:34.776    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
14:50:34.781    Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610476MB BusType: 3
14:50:34.860    Disk 0 MBR read successfully
14:50:34.865    Disk 0 MBR scan
14:50:34.916    Disk 0 Windows 7 default MBR code
14:50:34.919    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:50:34.951    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       251298 MB offset 206848
14:50:34.986    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       359077 MB offset 514865152
14:50:35.043    Disk 0 scanning C:\Windows\system32\drivers
14:50:48.433    Service scanning
14:51:11.002    Modules scanning
14:51:11.019    Disk 0 trace - called modules:
14:51:11.036    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
14:51:11.373    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e07060]
14:51:11.383    3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa800500e580]
14:51:11.395    5 ACPI.sys[fffff88000f607a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa8005012060]
14:51:12.965    AVAST engine scan C:\Windows
14:51:14.995    AVAST engine scan C:\Windows\system32
14:54:44.590    AVAST engine scan C:\Windows\system32\drivers
14:55:03.198    AVAST engine scan C:\Users\VITALITASIA
14:56:22.540    AVAST engine scan C:\ProgramData
14:56:36.808    Scan finished successfully
15:01:36.967    Disk 0 MBR has been saved successfully to "C:\Users\VITALITASIA\Desktop\MBR.dat"
15:01:36.989    The log file has been saved successfully to "C:\Users\VITALITASIA\Desktop\aswMBR.txt"
         
TDSS-Killer
Code:
ATTFilter
15:02:48.0400 2096  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:02:50.0401 2096  ============================================================
15:02:50.0401 2096  Current date / time: 2013/05/05 15:02:50.0401
15:02:50.0401 2096  SystemInfo:
15:02:50.0401 2096  
15:02:50.0401 2096  OS Version: 6.1.7601 ServicePack: 1.0
15:02:50.0401 2096  Product type: Workstation
15:02:50.0401 2096  ComputerName: VITALITASIA-PC
15:02:50.0402 2096  UserName: VITALITASIA
15:02:50.0402 2096  Windows directory: C:\Windows
15:02:50.0402 2096  System windows directory: C:\Windows
15:02:50.0402 2096  Running under WOW64
15:02:50.0402 2096  Processor architecture: Intel x64
15:02:50.0402 2096  Number of processors: 4
15:02:50.0402 2096  Page size: 0x1000
15:02:50.0402 2096  Boot type: Normal boot
15:02:50.0402 2096  ============================================================
15:02:53.0930 2096  Drive \Device\Harddisk0\DR0 - Size: 0x950AC4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:02:53.0933 2096  ============================================================
15:02:53.0933 2096  \Device\Harddisk0\DR0:
15:02:53.0933 2096  MBR partitions:
15:02:53.0933 2096  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:02:53.0933 2096  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1EAD1000
15:02:53.0933 2096  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1EB03800, BlocksNum 0x2BD52A70
15:02:53.0933 2096  ============================================================
15:02:53.0952 2096  C: <-> \Device\Harddisk0\DR0\Partition2
15:02:53.0979 2096  D: <-> \Device\Harddisk0\DR0\Partition3
15:02:53.0979 2096  ============================================================
15:02:53.0980 2096  Initialize success
15:02:53.0980 2096  ============================================================
15:03:32.0351 4280  ============================================================
15:03:32.0351 4280  Scan started
15:03:32.0351 4280  Mode: Manual; SigCheck; TDLFS; 
15:03:32.0351 4280  ============================================================
15:03:32.0981 4280  ================ Scan system memory ========================
15:03:32.0981 4280  System memory - ok
15:03:32.0982 4280  ================ Scan services =============================
15:03:33.0091 4280  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:03:33.0204 4280  1394ohci - ok
15:03:33.0239 4280  [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
15:03:33.0262 4280  a2acc - ok
15:03:33.0396 4280  [ A7F08A73F2668FCD2B51A66751FA7FF3 ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
15:03:33.0524 4280  a2AntiMalware - ok
15:03:33.0534 4280  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA           C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
15:03:33.0543 4280  A2DDA - ok
15:03:33.0575 4280  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:03:33.0612 4280  ACPI - ok
15:03:33.0624 4280  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:03:33.0680 4280  AcpiPmi - ok
15:03:33.0703 4280  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:03:33.0723 4280  adp94xx - ok
15:03:33.0734 4280  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:03:33.0746 4280  adpahci - ok
15:03:33.0750 4280  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:03:33.0761 4280  adpu320 - ok
15:03:33.0779 4280  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:03:33.0868 4280  AeLookupSvc - ok
15:03:33.0893 4280  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:03:33.0934 4280  AFD - ok
15:03:33.0952 4280  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:03:33.0961 4280  agp440 - ok
15:03:33.0971 4280  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:03:33.0992 4280  ALG - ok
15:03:33.0999 4280  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:03:34.0008 4280  aliide - ok
15:03:34.0011 4280  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:03:34.0020 4280  amdide - ok
15:03:34.0036 4280  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:03:34.0057 4280  AmdK8 - ok
15:03:34.0074 4280  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:03:34.0090 4280  AmdPPM - ok
15:03:34.0105 4280  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:03:34.0114 4280  amdsata - ok
15:03:34.0119 4280  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:03:34.0129 4280  amdsbs - ok
15:03:34.0144 4280  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:03:34.0152 4280  amdxata - ok
15:03:34.0160 4280  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:03:34.0279 4280  AppID - ok
15:03:34.0305 4280  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:03:34.0354 4280  AppIDSvc - ok
15:03:34.0377 4280  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:03:34.0411 4280  Appinfo - ok
15:03:34.0419 4280  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:03:34.0440 4280  AppMgmt - ok
15:03:34.0444 4280  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:03:34.0453 4280  arc - ok
15:03:34.0457 4280  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:03:34.0466 4280  arcsas - ok
15:03:34.0480 4280  [ 236023DAC93037A8DDE9539F36D7F3EE ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
15:03:34.0490 4280  asmthub3 - ok
15:03:34.0513 4280  [ 1390ABD16ADE1F2443B5749D06C4C8F2 ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
15:03:34.0525 4280  asmtxhci - ok
15:03:34.0587 4280  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:03:34.0628 4280  aspnet_state - ok
15:03:34.0640 4280  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:34.0680 4280  AsyncMac - ok
15:03:34.0694 4280  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:03:34.0702 4280  atapi - ok
15:03:34.0718 4280  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:03:34.0760 4280  AudioEndpointBuilder - ok
15:03:34.0774 4280  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:03:34.0802 4280  AudioSrv - ok
15:03:34.0811 4280  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:03:34.0841 4280  AxInstSV - ok
15:03:34.0864 4280  [ 1FED668A08CD871ED317A0388CDD4537 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:03:34.0876 4280  b06bdrv - ok
15:03:34.0889 4280  [ CFE42B9C72CD047E478C3B7F4B1FAFFD ] b06diag         C:\Windows\system32\drivers\bxdiaga.sys
15:03:34.0897 4280  b06diag - ok
15:03:34.0917 4280  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:34.0937 4280  b57nd60a - ok
15:03:34.0943 4280  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:03:34.0960 4280  BDESVC - ok
15:03:34.0976 4280  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:03:35.0015 4280  Beep - ok
15:03:35.0033 4280  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:03:35.0071 4280  BFE - ok
15:03:35.0087 4280  [ 33B114FC0394358DB521828B6F6ACC54 ] BFN7x64         C:\Windows\system32\drivers\Xeno7x64.sys
15:03:35.0095 4280  BFN7x64 - ok
15:03:35.0120 4280  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:03:35.0173 4280  BITS - ok
15:03:35.0190 4280  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:35.0212 4280  blbdrive - ok
15:03:35.0222 4280  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:03:35.0253 4280  bowser - ok
15:03:35.0260 4280  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:03:35.0278 4280  BrFiltLo - ok
15:03:35.0284 4280  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:03:35.0294 4280  BrFiltUp - ok
15:03:35.0303 4280  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:03:35.0314 4280  Browser - ok
15:03:35.0324 4280  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:03:35.0346 4280  Brserid - ok
15:03:35.0357 4280  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:35.0374 4280  BrSerWdm - ok
15:03:35.0382 4280  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:35.0427 4280  BrUsbMdm - ok
15:03:35.0438 4280  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:35.0451 4280  BrUsbSer - ok
15:03:35.0462 4280  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:03:35.0477 4280  BTHMODEM - ok
15:03:35.0487 4280  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:03:35.0518 4280  bthserv - ok
15:03:35.0535 4280  [ 96858ECF6D017E33A5A1A87E7A1E3206 ] bxfcoe          C:\Windows\system32\drivers\bxfcoe.sys
15:03:35.0543 4280  bxfcoe - ok
15:03:35.0558 4280  [ 33B60616D5DE1D7FE8B5939D437BC74F ] bxois           C:\Windows\system32\drivers\bxois.sys
15:03:35.0570 4280  bxois - ok
15:03:35.0581 4280  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:03:35.0609 4280  cdfs - ok
15:03:35.0626 4280  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:03:35.0641 4280  cdrom - ok
15:03:35.0653 4280  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:03:35.0685 4280  CertPropSvc - ok
15:03:35.0699 4280  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:03:35.0720 4280  circlass - ok
15:03:35.0744 4280  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:03:35.0757 4280  CLFS - ok
15:03:35.0787 4280  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:35.0795 4280  clr_optimization_v2.0.50727_32 - ok
15:03:35.0812 4280  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:35.0820 4280  clr_optimization_v2.0.50727_64 - ok
15:03:35.0864 4280  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:35.0895 4280  clr_optimization_v4.0.30319_32 - ok
15:03:35.0904 4280  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:35.0919 4280  clr_optimization_v4.0.30319_64 - ok
15:03:35.0934 4280  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:03:35.0959 4280  CmBatt - ok
15:03:36.0202 4280  [ C7C3794C92578A5C2F7555AC75864EB2 ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
15:03:36.0280 4280  cmdAgent - ok
15:03:36.0298 4280  [ 47E7C07A0EC8D4E82701EA425EB9E275 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
15:03:36.0306 4280  cmderd - ok
15:03:36.0332 4280  [ 2BFD057D32A41AB9A1E5F5C674C59339 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
15:03:36.0347 4280  cmdGuard - ok
15:03:36.0364 4280  [ E5161A4E5C64B9D1AE024D657E0148B1 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
15:03:36.0373 4280  cmdHlp - ok
15:03:36.0379 4280  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:03:36.0387 4280  cmdide - ok
15:03:36.0396 4280  [ 43EBC5556143BD468A44BC0E51555D0E ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
15:03:36.0406 4280  cmdvirth - ok
15:03:36.0420 4280  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:03:36.0438 4280  CNG - ok
15:03:36.0441 4280  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:03:36.0450 4280  Compbatt - ok
15:03:36.0462 4280  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:03:36.0477 4280  CompositeBus - ok
15:03:36.0487 4280  COMSysApp - ok
15:03:36.0502 4280  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:03:36.0511 4280  crcdisk - ok
15:03:36.0545 4280  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:03:36.0582 4280  CryptSvc - ok
15:03:36.0597 4280  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
15:03:36.0709 4280  CSC - ok
15:03:36.0784 4280  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:03:36.0836 4280  CscService - ok
15:03:36.0868 4280  [ BA25D4B9B067248F7CAC416E855D706B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
15:03:36.0882 4280  dc3d - ok
15:03:36.0900 4280  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:03:36.0943 4280  DcomLaunch - ok
15:03:36.0959 4280  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:03:36.0987 4280  defragsvc - ok
15:03:36.0995 4280  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:03:37.0025 4280  DfsC - ok
15:03:37.0031 4280  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:03:37.0058 4280  Dhcp - ok
15:03:37.0065 4280  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:03:37.0099 4280  discache - ok
15:03:37.0124 4280  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:03:37.0133 4280  Disk - ok
15:03:37.0155 4280  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:03:37.0175 4280  dmvsc - ok
15:03:37.0189 4280  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:03:37.0209 4280  Dnscache - ok
15:03:37.0224 4280  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:03:37.0253 4280  dot3svc - ok
15:03:37.0264 4280  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:03:37.0296 4280  DPS - ok
15:03:37.0326 4280  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:03:37.0364 4280  drmkaud - ok
15:03:37.0396 4280  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:03:37.0410 4280  dtsoftbus01 - ok
15:03:37.0435 4280  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:03:37.0461 4280  DXGKrnl - ok
15:03:37.0495 4280  [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
15:03:37.0510 4280  eamonm - ok
15:03:37.0514 4280  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:03:37.0549 4280  EapHost - ok
15:03:37.0625 4280  [ 8947C98CC212AEEE1FABEC4582F652EE ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:03:37.0675 4280  ebdrv - ok
15:03:37.0692 4280  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:03:37.0705 4280  EFS - ok
15:03:37.0740 4280  [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
15:03:37.0749 4280  ehdrv - ok
15:03:37.0776 4280  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:03:37.0817 4280  ehRecvr - ok
15:03:37.0822 4280  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:03:37.0842 4280  ehSched - ok
15:03:37.0909 4280  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
15:03:37.0979 4280  ekrn - ok
15:03:37.0998 4280  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:03:38.0011 4280  elxstor - ok
15:03:38.0022 4280  [ B4E8DC817963B256537B1EC09AF0647E ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
15:03:38.0030 4280  epfwwfpr - ok
15:03:38.0040 4280  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:03:38.0058 4280  ErrDev - ok
15:03:38.0078 4280  [ 3DBC10CBC436288801FAEE66DE91AE47 ] EtronHub3       C:\Windows\System32\Drivers\EtronHub3.sys
15:03:38.0094 4280  EtronHub3 - ok
15:03:38.0108 4280  [ 1EDF0CF390B84266FD7FFED38AB7DCAC ] EtronSTOR       C:\Windows\System32\Drivers\EtronSTOR.sys
15:03:38.0120 4280  EtronSTOR - ok
15:03:38.0131 4280  [ DE261095A2220D400D9603E1E42D4185 ] EtronXHCI       C:\Windows\System32\Drivers\EtronXHCI.sys
15:03:38.0139 4280  EtronXHCI - ok
15:03:38.0158 4280  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:03:38.0185 4280  EventSystem - ok
15:03:38.0200 4280  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:03:38.0225 4280  exfat - ok
15:03:38.0244 4280  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:03:38.0280 4280  fastfat - ok
15:03:38.0313 4280  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:03:38.0369 4280  Fax - ok
15:03:38.0378 4280  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:03:38.0398 4280  fdc - ok
15:03:38.0408 4280  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:03:38.0440 4280  fdPHost - ok
15:03:38.0443 4280  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:03:38.0480 4280  FDResPub - ok
15:03:38.0499 4280  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:03:38.0507 4280  FileInfo - ok
15:03:38.0521 4280  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:03:38.0552 4280  Filetrace - ok
15:03:38.0579 4280  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:03:38.0588 4280  flpydisk - ok
15:03:38.0616 4280  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:03:38.0627 4280  FltMgr - ok
15:03:38.0657 4280  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:03:38.0687 4280  FontCache - ok
15:03:38.0767 4280  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:38.0796 4280  FontCache3.0.0.0 - ok
15:03:38.0819 4280  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:03:38.0831 4280  FsDepends - ok
15:03:38.0845 4280  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:03:38.0857 4280  Fs_Rec - ok
15:03:38.0920 4280  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:03:38.0955 4280  fvevol - ok
15:03:38.0996 4280  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:03:39.0009 4280  gagp30kx - ok
15:03:39.0077 4280  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:03:39.0182 4280  gpsvc - ok
15:03:39.0230 4280  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:39.0251 4280  gupdate - ok
15:03:39.0293 4280  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:39.0303 4280  gupdatem - ok
15:03:39.0337 4280  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:03:39.0351 4280  gusvc - ok
15:03:39.0363 4280  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:03:39.0386 4280  hcw85cir - ok
15:03:39.0399 4280  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:03:39.0424 4280  HdAudAddService - ok
15:03:39.0445 4280  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:03:39.0460 4280  HDAudBus - ok
15:03:39.0471 4280  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:03:39.0491 4280  HidBatt - ok
15:03:39.0499 4280  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:03:39.0515 4280  HidBth - ok
15:03:39.0525 4280  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:03:39.0535 4280  HidIr - ok
15:03:39.0545 4280  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:03:39.0578 4280  hidserv - ok
15:03:39.0594 4280  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:03:39.0603 4280  HidUsb - ok
15:03:39.0607 4280  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:03:39.0643 4280  hkmsvc - ok
15:03:39.0661 4280  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:03:39.0672 4280  HomeGroupListener - ok
15:03:39.0682 4280  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:03:39.0698 4280  HomeGroupProvider - ok
15:03:39.0714 4280  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:03:39.0722 4280  HpSAMD - ok
15:03:39.0747 4280  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:03:39.0785 4280  HTTP - ok
15:03:39.0793 4280  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:03:39.0801 4280  hwpolicy - ok
15:03:39.0809 4280  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:03:39.0818 4280  i8042prt - ok
15:03:39.0836 4280  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:03:39.0848 4280  iaStorV - ok
15:03:39.0902 4280  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:39.0945 4280  idsvc - ok
15:03:39.0955 4280  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:03:39.0967 4280  iirsp - ok
15:03:39.0990 4280  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:03:40.0036 4280  IKEEXT - ok
15:03:40.0052 4280  [ 50305DDD75C45BE853488390038F6EA0 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
15:03:40.0061 4280  inspect - ok
15:03:40.0171 4280  [ CCEDD47ABD068C58C8513DEB785093BB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:03:40.0225 4280  IntcAzAudAddService - ok
15:03:40.0249 4280  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:03:40.0258 4280  intelide - ok
15:03:40.0275 4280  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:03:40.0290 4280  intelppm - ok
15:03:40.0305 4280  [ E45575812630B049CE0F679D87561A4D ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
15:03:40.0312 4280  ioatdma1 - ok
15:03:40.0339 4280  [ 2C23820DD9E81199E60F553EB50BC449 ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
15:03:40.0346 4280  ioatdma2 - ok
15:03:40.0350 4280  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:03:40.0439 4280  IPBusEnum - ok
15:03:40.0458 4280  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:40.0482 4280  IpFilterDriver - ok
15:03:40.0489 4280  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:03:40.0517 4280  iphlpsvc - ok
15:03:40.0531 4280  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:03:40.0544 4280  IPMIDRV - ok
15:03:40.0552 4280  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:03:40.0587 4280  IPNAT - ok
15:03:40.0604 4280  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:03:40.0624 4280  IRENUM - ok
15:03:40.0635 4280  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:03:40.0643 4280  isapnp - ok
15:03:40.0662 4280  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:03:40.0673 4280  iScsiPrt - ok
15:03:40.0692 4280  [ 2D15CEDF619796002E8640F73A4BF920 ] iusb3hub        C:\Windows\system32\drivers\iusb3hub.sys
15:03:40.0703 4280  iusb3hub - ok
15:03:40.0724 4280  [ F1E93FE111924D0BC853155AADF8048B ] iusb3xhc        C:\Windows\system32\drivers\iusb3xhc.sys
15:03:40.0739 4280  iusb3xhc - ok
15:03:40.0753 4280  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:03:40.0762 4280  kbdclass - ok
15:03:40.0773 4280  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:03:40.0791 4280  kbdhid - ok
15:03:40.0800 4280  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:03:40.0809 4280  KeyIso - ok
15:03:40.0821 4280  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:03:40.0830 4280  KSecDD - ok
15:03:40.0836 4280  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:03:40.0846 4280  KSecPkg - ok
15:03:40.0852 4280  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:03:40.0886 4280  ksthunk - ok
15:03:40.0904 4280  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:03:40.0939 4280  KtmRm - ok
15:03:40.0969 4280  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:03:41.0002 4280  LanmanServer - ok
15:03:41.0013 4280  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:03:41.0046 4280  LanmanWorkstation - ok
15:03:41.0062 4280  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:03:41.0094 4280  lltdio - ok
15:03:41.0111 4280  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:03:41.0155 4280  lltdsvc - ok
15:03:41.0158 4280  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:03:41.0183 4280  lmhosts - ok
15:03:41.0201 4280  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:03:41.0211 4280  LSI_FC - ok
15:03:41.0220 4280  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:03:41.0230 4280  LSI_SAS - ok
15:03:41.0233 4280  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:03:41.0242 4280  LSI_SAS2 - ok
15:03:41.0246 4280  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:03:41.0256 4280  LSI_SCSI - ok
15:03:41.0270 4280  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:03:41.0307 4280  luafv - ok
15:03:41.0320 4280  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:03:41.0338 4280  Mcx2Svc - ok
15:03:41.0341 4280  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:03:41.0349 4280  megasas - ok
15:03:41.0355 4280  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:03:41.0366 4280  MegaSR - ok
15:03:41.0378 4280  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:03:41.0412 4280  MMCSS - ok
15:03:41.0423 4280  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:03:41.0451 4280  Modem - ok
15:03:41.0461 4280  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:03:41.0481 4280  monitor - ok
15:03:41.0487 4280  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:03:41.0495 4280  mouclass - ok
15:03:41.0515 4280  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:03:41.0552 4280  mouhid - ok
15:03:41.0559 4280  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:03:41.0573 4280  mountmgr - ok
15:03:41.0587 4280  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:03:41.0601 4280  mpio - ok
15:03:41.0615 4280  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:03:41.0649 4280  mpsdrv - ok
15:03:41.0666 4280  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:03:41.0718 4280  MpsSvc - ok
15:03:41.0732 4280  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:03:41.0759 4280  MRxDAV - ok
15:03:41.0764 4280  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:41.0787 4280  mrxsmb - ok
15:03:41.0795 4280  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:41.0805 4280  mrxsmb10 - ok
15:03:41.0809 4280  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:41.0818 4280  mrxsmb20 - ok
15:03:41.0831 4280  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:03:41.0839 4280  msahci - ok
15:03:41.0851 4280  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:03:41.0861 4280  msdsm - ok
15:03:41.0873 4280  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:03:41.0885 4280  MSDTC - ok
15:03:41.0891 4280  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:03:41.0915 4280  Msfs - ok
15:03:41.0927 4280  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:03:41.0958 4280  mshidkmdf - ok
15:03:41.0961 4280  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:03:41.0970 4280  msisadrv - ok
15:03:41.0987 4280  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:03:42.0013 4280  MSiSCSI - ok
15:03:42.0016 4280  msiserver - ok
15:03:42.0032 4280  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:03:42.0060 4280  MSKSSRV - ok
15:03:42.0073 4280  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:42.0107 4280  MSPCLOCK - ok
15:03:42.0119 4280  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:03:42.0151 4280  MSPQM - ok
15:03:42.0167 4280  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:03:42.0178 4280  MsRPC - ok
15:03:42.0190 4280  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:03:42.0198 4280  mssmbios - ok
15:03:42.0206 4280  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:03:42.0240 4280  MSTEE - ok
15:03:42.0249 4280  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:03:42.0263 4280  MTConfig - ok
15:03:42.0266 4280  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:03:42.0275 4280  Mup - ok
15:03:42.0292 4280  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:03:42.0328 4280  napagent - ok
15:03:42.0343 4280  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:03:42.0362 4280  NativeWifiP - ok
15:03:42.0387 4280  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:03:42.0405 4280  NDIS - ok
15:03:42.0422 4280  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:42.0446 4280  NdisCap - ok
15:03:42.0457 4280  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:42.0481 4280  NdisTapi - ok
15:03:42.0492 4280  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:42.0515 4280  Ndisuio - ok
15:03:42.0520 4280  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:42.0551 4280  NdisWan - ok
15:03:42.0565 4280  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:03:42.0596 4280  NDProxy - ok
15:03:42.0605 4280  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:03:42.0640 4280  NetBIOS - ok
15:03:42.0654 4280  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:03:42.0679 4280  NetBT - ok
15:03:42.0692 4280  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:03:42.0701 4280  Netlogon - ok
15:03:42.0723 4280  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:03:42.0756 4280  Netman - ok
15:03:42.0780 4280  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0793 4280  NetMsmqActivator - ok
15:03:42.0805 4280  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0816 4280  NetPipeActivator - ok
15:03:42.0833 4280  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:03:42.0871 4280  netprofm - ok
15:03:42.0879 4280  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0890 4280  NetTcpActivator - ok
15:03:42.0894 4280  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:42.0904 4280  NetTcpPortSharing - ok
15:03:42.0914 4280  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:03:42.0923 4280  nfrd960 - ok
15:03:42.0929 4280  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:03:42.0951 4280  NlaSvc - ok
15:03:42.0954 4280  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:03:42.0978 4280  Npfs - ok
15:03:42.0981 4280  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:03:43.0014 4280  nsi - ok
15:03:43.0017 4280  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:03:43.0049 4280  nsiproxy - ok
15:03:43.0083 4280  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:03:43.0108 4280  Ntfs - ok
15:03:43.0148 4280  [ 77EB11DA191D12D12E28D7BD8905C42C ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
15:03:43.0190 4280  NuidFltr - ok
15:03:43.0210 4280  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:03:43.0254 4280  Null - ok
15:03:43.0276 4280  [ B227E75AD10A142DD326B4CC8D73A6D9 ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
15:03:43.0284 4280  nusb3hub - ok
15:03:43.0293 4280  [ 55959DB860E4E484681586824D09E52C ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
15:03:43.0302 4280  nusb3xhc - ok
15:03:43.0332 4280  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:03:43.0342 4280  NVHDA - ok
15:03:43.0542 4280  [ 1C16AEA28FA168FEB8FCB3D4FFED883E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:03:43.0665 4280  nvlddmkm - ok
15:03:43.0694 4280  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:03:43.0704 4280  nvraid - ok
15:03:43.0716 4280  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:03:43.0726 4280  nvstor - ok
15:03:43.0749 4280  [ D742C0EBCF9255EF9C6C6110C4FC278E ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:03:43.0766 4280  nvsvc - ok
15:03:43.0806 4280  [ 78F176DBFA41330633B6C2CBBF23DE24 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:03:43.0855 4280  nvUpdatusService - ok
15:03:43.0869 4280  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:03:43.0879 4280  nv_agp - ok
15:03:43.0888 4280  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:03:43.0898 4280  ohci1394 - ok
15:03:43.0988 4280  [ 257E17923B9521FEAF65900499049AA9 ] OODefragAgent   C:\Program Files\OO Software\Defrag\oodag.exe
15:03:44.0029 4280  OODefragAgent - ok
15:03:44.0047 4280  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:03:44.0069 4280  p2pimsvc - ok
15:03:44.0095 4280  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:03:44.0112 4280  p2psvc - ok
15:03:44.0121 4280  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:03:44.0130 4280  Parport - ok
15:03:44.0137 4280  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:03:44.0145 4280  partmgr - ok
15:03:44.0150 4280  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:03:44.0176 4280  PcaSvc - ok
15:03:44.0181 4280  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:03:44.0191 4280  pci - ok
15:03:44.0194 4280  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:03:44.0202 4280  pciide - ok
15:03:44.0219 4280  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:03:44.0229 4280  pcmcia - ok
15:03:44.0232 4280  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:03:44.0241 4280  pcw - ok
15:03:44.0256 4280  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:03:44.0292 4280  PEAUTH - ok
15:03:44.0318 4280  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:03:44.0360 4280  PeerDistSvc - ok
15:03:44.0409 4280  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:03:44.0443 4280  PerfHost - ok
15:03:44.0472 4280  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:03:44.0522 4280  pla - ok
15:03:44.0547 4280  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:03:44.0571 4280  PlugPlay - ok
15:03:44.0574 4280  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:03:44.0592 4280  PNRPAutoReg - ok
15:03:44.0605 4280  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:03:44.0617 4280  PNRPsvc - ok
15:03:44.0636 4280  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:03:44.0670 4280  PolicyAgent - ok
15:03:44.0676 4280  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:03:44.0710 4280  Power - ok
15:03:44.0736 4280  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:03:44.0770 4280  PptpMiniport - ok
15:03:44.0782 4280  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:03:44.0798 4280  Processor - ok
15:03:44.0811 4280  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:03:44.0823 4280  ProfSvc - ok
15:03:44.0834 4280  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:03:44.0843 4280  ProtectedStorage - ok
15:03:44.0855 4280  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:03:44.0880 4280  Psched - ok
15:03:44.0917 4280  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:03:44.0941 4280  ql2300 - ok
15:03:44.0945 4280  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:03:44.0954 4280  ql40xx - ok
15:03:44.0960 4280  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:03:44.0975 4280  QWAVE - ok
15:03:44.0979 4280  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:03:44.0992 4280  QWAVEdrv - ok
15:03:45.0000 4280  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:03:45.0035 4280  RasAcd - ok
15:03:45.0055 4280  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:45.0079 4280  RasAgileVpn - ok
15:03:45.0083 4280  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:03:45.0111 4280  RasAuto - ok
15:03:45.0123 4280  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:45.0150 4280  Rasl2tp - ok
15:03:45.0160 4280  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:03:45.0189 4280  RasMan - ok
15:03:45.0193 4280  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:45.0229 4280  RasPppoe - ok
15:03:45.0232 4280  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:03:45.0260 4280  RasSstp - ok
15:03:45.0276 4280  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:03:45.0308 4280  rdbss - ok
15:03:45.0322 4280  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:45.0338 4280  rdpbus - ok
15:03:45.0345 4280  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:45.0370 4280  RDPCDD - ok
15:03:45.0386 4280  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:03:45.0396 4280  RDPDR - ok
15:03:45.0409 4280  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:03:45.0440 4280  RDPENCDD - ok
15:03:45.0444 4280  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:03:45.0469 4280  RDPREFMP - ok
15:03:45.0485 4280  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:03:45.0501 4280  RdpVideoMiniport - ok
15:03:45.0510 4280  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:03:45.0528 4280  RDPWD - ok
15:03:45.0541 4280  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:03:45.0552 4280  rdyboost - ok
15:03:45.0560 4280  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:03:45.0586 4280  RemoteAccess - ok
15:03:45.0597 4280  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:03:45.0630 4280  RemoteRegistry - ok
15:03:45.0646 4280  [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
15:03:45.0654 4280  Revoflt - ok
15:03:45.0666 4280  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:03:45.0692 4280  RpcEptMapper - ok
15:03:45.0700 4280  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:03:45.0715 4280  RpcLocator - ok
15:03:45.0733 4280  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:03:45.0761 4280  RpcSs - ok
15:03:45.0779 4280  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:03:45.0804 4280  rspndr - ok
15:03:45.0840 4280  [ 3713DACCA1025B05A6343104112708D9 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:03:45.0854 4280  RTL8167 - ok
15:03:45.0862 4280  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:03:45.0880 4280  s3cap - ok
15:03:45.0892 4280  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:03:45.0901 4280  SamSs - ok
15:03:45.0910 4280  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:03:45.0919 4280  sbp2port - ok
15:03:45.0923 4280  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:03:45.0951 4280  SCardSvr - ok
15:03:45.0954 4280  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:03:45.0985 4280  scfilter - ok
15:03:46.0003 4280  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:03:46.0053 4280  Schedule - ok
15:03:46.0074 4280  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:03:46.0097 4280  SCPolicySvc - ok
15:03:46.0102 4280  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:03:46.0121 4280  SDRSVC - ok
15:03:46.0132 4280  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:03:46.0163 4280  secdrv - ok
15:03:46.0166 4280  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:03:46.0191 4280  seclogon - ok
15:03:46.0195 4280  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:03:46.0224 4280  SENS - ok
15:03:46.0228 4280  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:03:46.0248 4280  SensrSvc - ok
15:03:46.0258 4280  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:03:46.0276 4280  Serenum - ok
15:03:46.0288 4280  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:03:46.0311 4280  Serial - ok
15:03:46.0335 4280  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:03:46.0350 4280  sermouse - ok
15:03:46.0362 4280  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:03:46.0398 4280  SessionEnv - ok
15:03:46.0412 4280  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:03:46.0426 4280  sffdisk - ok
15:03:46.0433 4280  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:03:46.0452 4280  sffp_mmc - ok
15:03:46.0464 4280  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:03:46.0484 4280  sffp_sd - ok
15:03:46.0492 4280  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:03:46.0502 4280  sfloppy - ok
15:03:46.0516 4280  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:03:46.0552 4280  SharedAccess - ok
15:03:46.0559 4280  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:03:46.0588 4280  ShellHWDetection - ok
15:03:46.0605 4280  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:03:46.0615 4280  SiSRaid2 - ok
15:03:46.0675 4280  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:03:46.0711 4280  SiSRaid4 - ok
15:03:46.0806 4280  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:03:46.0883 4280  Smb - ok
15:03:46.0905 4280  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:03:46.0923 4280  SNMPTRAP - ok
15:03:46.0960 4280  [ 0FFE35F0B0CD5A324BBE22F02569AE3B ] speedfan        C:\Windows\syswow64\speedfan.sys
15:03:46.0991 4280  speedfan - ok
15:03:47.0000 4280  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:03:47.0012 4280  spldr - ok
15:03:47.0036 4280  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:03:47.0052 4280  Spooler - ok
15:03:47.0101 4280  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:03:47.0190 4280  sppsvc - ok
15:03:47.0195 4280  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:03:47.0221 4280  sppuinotify - ok
15:03:47.0228 4280  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:03:47.0244 4280  srv - ok
15:03:47.0260 4280  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:03:47.0275 4280  srv2 - ok
15:03:47.0289 4280  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:03:47.0298 4280  srvnet - ok
15:03:47.0305 4280  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:03:47.0331 4280  SSDPSRV - ok
15:03:47.0344 4280  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:03:47.0370 4280  SstpSvc - ok
15:03:47.0394 4280  Steam Client Service - ok
15:03:47.0407 4280  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:03:47.0438 4280  stexstor - ok
15:03:47.0466 4280  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:03:47.0514 4280  stisvc - ok
15:03:47.0518 4280  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:03:47.0529 4280  storflt - ok
15:03:47.0537 4280  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:03:47.0545 4280  storvsc - ok
15:03:47.0554 4280  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:03:47.0562 4280  swenum - ok
15:03:47.0572 4280  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:03:47.0608 4280  swprv - ok
15:03:47.0621 4280  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
15:03:47.0631 4280  Synth3dVsc - ok
15:03:47.0663 4280  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:03:47.0708 4280  SysMain - ok
15:03:47.0712 4280  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:03:47.0729 4280  TabletInputService - ok
15:03:47.0735 4280  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:03:47.0765 4280  TapiSrv - ok
15:03:47.0810 4280  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:03:47.0876 4280  TBS - ok
15:03:47.0906 4280  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:03:47.0934 4280  Tcpip - ok
15:03:47.0964 4280  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:03:47.0991 4280  TCPIP6 - ok
15:03:48.0002 4280  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:03:48.0011 4280  tcpipreg - ok
15:03:48.0026 4280  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:03:48.0039 4280  TDPIPE - ok
15:03:48.0045 4280  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:03:48.0057 4280  TDTCP - ok
15:03:48.0072 4280  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:03:48.0096 4280  tdx - ok
15:03:48.0106 4280  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:03:48.0115 4280  TermDD - ok
15:03:48.0126 4280  [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt        C:\Windows\system32\drivers\terminpt.sys
15:03:48.0143 4280  terminpt - ok
15:03:48.0163 4280  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:03:48.0192 4280  TermService - ok
15:03:48.0195 4280  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:03:48.0210 4280  Themes - ok
15:03:48.0228 4280  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:03:48.0253 4280  THREADORDER - ok
15:03:48.0257 4280  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:03:48.0289 4280  TrkWks - ok
15:03:48.0316 4280  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:03:48.0340 4280  TrustedInstaller - ok
15:03:48.0346 4280  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:48.0380 4280  tssecsrv - ok
15:03:48.0389 4280  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:03:48.0405 4280  TsUsbFlt - ok
15:03:48.0419 4280  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:03:48.0427 4280  TsUsbGD - ok
15:03:48.0431 4280  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
15:03:48.0440 4280  tsusbhub - ok
15:03:48.0457 4280  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:03:48.0485 4280  tunnel - ok
15:03:48.0495 4280  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:03:48.0504 4280  uagp35 - ok
15:03:48.0515 4280  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:03:48.0551 4280  udfs - ok
15:03:48.0558 4280  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:03:48.0569 4280  UI0Detect - ok
15:03:48.0579 4280  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:03:48.0588 4280  uliagpkx - ok
15:03:48.0598 4280  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:03:48.0616 4280  umbus - ok
15:03:48.0633 4280  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:03:48.0648 4280  UmPass - ok
15:03:48.0660 4280  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:03:48.0682 4280  UmRdpService - ok
15:03:48.0697 4280  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:03:48.0738 4280  upnphost - ok
15:03:48.0752 4280  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:48.0762 4280  usbccgp - ok
15:03:48.0782 4280  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:03:48.0793 4280  usbcir - ok
15:03:48.0803 4280  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:03:48.0821 4280  usbehci - ok
15:03:48.0835 4280  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:03:48.0855 4280  usbhub - ok
15:03:48.0860 4280  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:03:48.0877 4280  usbohci - ok
15:03:48.0897 4280  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:03:48.0936 4280  usbprint - ok
15:03:48.0963 4280  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:03:48.0988 4280  usbscan - ok
15:03:49.0000 4280  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:49.0017 4280  USBSTOR - ok
15:03:49.0030 4280  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:03:49.0049 4280  usbuhci - ok
15:03:49.0070 4280  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:03:49.0114 4280  UxSms - ok
15:03:49.0125 4280  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:03:49.0134 4280  VaultSvc - ok
15:03:49.0139 4280  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:03:49.0148 4280  vdrvroot - ok
15:03:49.0165 4280  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:03:49.0214 4280  vds - ok
15:03:49.0233 4280  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:49.0244 4280  vga - ok
15:03:49.0252 4280  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:03:49.0281 4280  VgaSave - ok
15:03:49.0297 4280  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:03:49.0307 4280  vhdmp - ok
15:03:49.0319 4280  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:03:49.0328 4280  viaide - ok
15:03:49.0332 4280  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:03:49.0342 4280  vmbus - ok
15:03:49.0352 4280  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:03:49.0371 4280  VMBusHID - ok
15:03:49.0374 4280  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:03:49.0383 4280  volmgr - ok
15:03:49.0389 4280  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:03:49.0400 4280  volmgrx - ok
15:03:49.0412 4280  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:03:49.0423 4280  volsnap - ok
15:03:49.0450 4280  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
15:03:49.0460 4280  vpcbus - ok
15:03:49.0482 4280  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:03:49.0495 4280  vpcnfltr - ok
15:03:49.0509 4280  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
15:03:49.0528 4280  vpcusb - ok
15:03:49.0556 4280  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
15:03:49.0568 4280  vpcvmm - ok
15:03:49.0584 4280  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:03:49.0594 4280  vsmraid - ok
15:03:49.0647 4280  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:03:49.0718 4280  VSS - ok
15:03:49.0722 4280  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:03:49.0737 4280  vwifibus - ok
15:03:49.0743 4280  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:03:49.0773 4280  W32Time - ok
15:03:49.0787 4280  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:03:49.0806 4280  WacomPen - ok
15:03:49.0823 4280  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:03:49.0858 4280  WANARP - ok
15:03:49.0870 4280  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:03:49.0894 4280  Wanarpv6 - ok
15:03:49.0924 4280  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:03:49.0975 4280  wbengine - ok
15:03:49.0980 4280  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:03:49.0995 4280  WbioSrvc - ok
15:03:50.0001 4280  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:03:50.0024 4280  wcncsvc - ok
15:03:50.0027 4280  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:03:50.0048 4280  WcsPlugInService - ok
15:03:50.0059 4280  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:03:50.0067 4280  Wd - ok
15:03:50.0087 4280  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:03:50.0105 4280  Wdf01000 - ok
15:03:50.0110 4280  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:03:50.0134 4280  WdiServiceHost - ok
15:03:50.0137 4280  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:03:50.0150 4280  WdiSystemHost - ok
15:03:50.0159 4280  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:03:50.0184 4280  WebClient - ok
15:03:50.0195 4280  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:03:50.0239 4280  Wecsvc - ok
15:03:50.0243 4280  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:03:50.0269 4280  wercplsupport - ok
15:03:50.0334 4280  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:03:50.0452 4280  WerSvc - ok
15:03:50.0462 4280  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:50.0487 4280  WfpLwf - ok
15:03:50.0497 4280  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:03:50.0505 4280  WIMMount - ok
15:03:50.0524 4280  WinDefend - ok
15:03:50.0529 4280  WinHttpAutoProxySvc - ok
15:03:50.0566 4280  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:03:50.0592 4280  Winmgmt - ok
15:03:50.0630 4280  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:03:50.0676 4280  WinRM - ok
15:03:50.0701 4280  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:03:50.0731 4280  Wlansvc - ok
15:03:50.0811 4280  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:50.0884 4280  wlidsvc - ok
15:03:50.0906 4280  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:03:50.0944 4280  WmiAcpi - ok
15:03:50.0954 4280  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:03:50.0977 4280  wmiApSrv - ok
15:03:50.0988 4280  WMPNetworkSvc - ok
15:03:50.0997 4280  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:03:51.0007 4280  WPCSvc - ok
15:03:51.0011 4280  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:03:51.0022 4280  WPDBusEnum - ok
15:03:51.0025 4280  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:03:51.0049 4280  ws2ifsl - ok
15:03:51.0053 4280  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:03:51.0071 4280  wscsvc - ok
15:03:51.0074 4280  WSearch - ok
15:03:51.0125 4280  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:03:51.0158 4280  wuauserv - ok
15:03:51.0163 4280  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:03:51.0181 4280  WudfPf - ok
15:03:51.0199 4280  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:51.0210 4280  WUDFRd - ok
15:03:51.0227 4280  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:03:51.0245 4280  wudfsvc - ok
15:03:51.0250 4280  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:03:51.0265 4280  WwanSvc - ok
15:03:51.0307 4280  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
15:03:51.0347 4280  xnacc - ok
15:03:51.0386 4280  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
15:03:51.0408 4280  xusb21 - ok
15:03:51.0416 4280  ================ Scan global ===============================
15:03:51.0431 4280  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:03:51.0447 4280  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:03:51.0463 4280  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:03:51.0486 4280  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:03:51.0511 4280  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:03:51.0518 4280  [Global] - ok
15:03:51.0518 4280  ================ Scan MBR ==================================
15:03:51.0524 4280  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:03:51.0878 4280  \Device\Harddisk0\DR0 - ok
15:03:51.0878 4280  ================ Scan VBR ==================================
15:03:51.0884 4280  [ 8B01FBDC36ED49E191929C0AAC04AA6D ] \Device\Harddisk0\DR0\Partition1
15:03:51.0887 4280  \Device\Harddisk0\DR0\Partition1 - ok
15:03:51.0915 4280  [ 6BC3077448699216B900D856293C1104 ] \Device\Harddisk0\DR0\Partition2
15:03:51.0918 4280  \Device\Harddisk0\DR0\Partition2 - ok
15:03:51.0934 4280  [ 8033D99DF9B7417362D190E1A5322550 ] \Device\Harddisk0\DR0\Partition3
15:03:51.0937 4280  \Device\Harddisk0\DR0\Partition3 - ok
15:03:51.0938 4280  ============================================================
15:03:51.0938 4280  Scan finished
15:03:51.0938 4280  ============================================================
15:03:51.0963 1708  Detected object count: 0
15:03:51.0963 1708  Actual detected object count: 0
15:04:21.0679 1148  Deinitialize success
         

Alt 06.05.2013, 10:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner oder Stealer - Standard

Trojaner oder Stealer



Unauffällig


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner oder Stealer
adblock, antivirus, autorun, desktop, downloader, emsisoft, error, eset nod32, firefox, flash player, focus, format, helper, homepage, iexplore.exe, install.exe, installation, logfile, msvcrt, programm, realtek, registry, rundll, scan, software, super, svchost.exe, trojaner, udp, updates, windows, windows xp, youtube downloader



Ähnliche Themen: Trojaner oder Stealer


  1. FileZilla Stealer?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (14)
  2. Vermutlicher Trojaner/Rat/Stealer "RtVOsd.exe" oder ein anderes Programm (klicken im Hintergrund und cmd überträgt dateien ohne Auforderung)
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (12)
  3. GVU Trojaner und FTP Stealer
    Log-Analyse und Auswertung - 07.12.2012 (21)
  4. Passwörter werden ohne Kenntnis geändert/Verdacht auf RAT oder Stealer
    Log-Analyse und Auswertung - 21.05.2012 (5)
  5. Winlogon.exe stealer.exe was ist das alles
    Log-Analyse und Auswertung - 13.12.2011 (50)
  6. Stealer.exe - System jetzt in Ordnung?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (32)
  7. gecrypteten Stealer eingefangen - Passwörter nun kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 22.07.2011 (1)
  8. Trojaner... Dropper, Agent, Password-Stealer etc!
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (1)
  9. Trjoaner/Stealer Verdacht
    Log-Analyse und Auswertung - 16.12.2009 (5)
  10. Hackhound Stealer?
    Plagegeister aller Art und deren Bekämpfung - 14.10.2009 (9)
  11. C:\Stealer.exe
    Plagegeister aller Art und deren Bekämpfung - 25.08.2009 (15)
  12. Ich teste Dateien auf Stealer/Trojaner und entferne Logs im Falle einer Infizierung
    Plagegeister aller Art und deren Bekämpfung - 10.12.2008 (7)
  13. Password Stealer ??
    Mülltonne - 23.11.2008 (0)
  14. Verdacht auf Stealer (Bitte Log auswerten)
    Log-Analyse und Auswertung - 27.06.2008 (0)
  15. Stealer analysieren
    Plagegeister aller Art und deren Bekämpfung - 24.05.2008 (1)
  16. Pw stealer
    Mülltonne - 04.05.2008 (1)
  17. Riesen Problem mit nem Passwort stealer
    Plagegeister aller Art und deren Bekämpfung - 23.01.2007 (14)

Zum Thema Trojaner oder Stealer - Hallo, hab von jemanden ein Programm zugeschickt bekommen Beim installieren ist mir aufgefallen, dass mehrere *.exe Dateien und *.jar Dateien erstellt wurden Unter Anderem im temp Ordner und im Java - Trojaner oder Stealer...
Archiv
Du betrachtest: Trojaner oder Stealer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.