Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Onlinebanking TESTÜBERWEISUNG

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.05.2013, 17:16   #1
uzge77
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



hallo habe beim öffnen meines onlinebanking leider feststellen müssen da da was faul ist

es kommt immer eine Überprüfung der Sicherheitseinstellungen und dann kommt was mit einer TESTÜBERWEISUNG nun habe ich nachgeschaut und denke ich habe mir das was übles eingefangen ,leider möchte ich meinen pc nur sehr ungern platt machen und wäre über jede hilfe sehr dankbar.

ich habe mal den AdwCleaner[R1] rüber gelaufen lassen der zeigt folgendes an

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 27/05/2013 um 17:55:53 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Master - MASTER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Master\Desktop\Virus\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\Program Files (x86)\facemoods.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gefunden : C:\Users\Master\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Master\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\Master\AppData\Roaming\DealPly
Ordner Gefunden : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\jc0nodlh.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\facemoods.com
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\Software\facemoods.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gefunden : HKU\S-1-5-21-4196069603-3239827548-4245751158-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKU\S-1-5-21-4196069603-3239827548-4245751158-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

-\\ Mozilla Firefox v11.0 (de)

Datei : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\jc0nodlh.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [13052 octets] - [27/05/2013 17:55:53]

########## EOF - C:\AdwCleaner[R1].txt - [13113 octets] ##########
         

Alt 27.05.2013, 17:18   #2
markusg
/// Malware-holic
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



hi


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 27.05.2013, 17:37   #3
uzge77
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



danke markusg für die schnelle hilfe habe es mal so gemacht wie du schreibst

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.05.2013 18:21:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Master\Desktop\Virus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 67,27% Memory free
7,86 Gb Paging File | 6,44 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,65 Gb Total Space | 350,51 Gb Free Space | 77,44% Space Free | Partition Type: NTFS
 
Computer Name: MASTER-PC | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.27 18:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Master\Desktop\Virus\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () -- C:\Users\Master\AppData\LocalLow\WOT\IE\WOTUpdater.exe
PRC - [2011.08.23 07:52:13 | 000,229,888 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Master\AppData\Roaming\Amufwi\fady.exe
PRC - [2010.06.10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.17 17:10:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 17:10:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.17 17:09:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.17 03:08:14 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013.05.17 03:07:59 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013.05.17 03:07:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013.05.17 03:07:52 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013.05.17 03:07:47 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013.02.13 22:19:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.19 23:25:58 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.10 15:34:13 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
MOD - [2013.01.10 15:31:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 15:31:08 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 15:30:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 15:30:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 15:30:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.10 15:17:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.10 15:17:10 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.10 15:17:03 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.15 00:50:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.04.14 21:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010.04.14 21:56:13 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2013.05.15 16:45:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Master\AppData\LocalLow\WOT\IE\WOTUpdater.exe -- (WOTUpdater)
SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.10.23 23:21:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.23 10:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.14 21:56:13 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010.04.14 21:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [1998.07.07 01:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.02 08:11:36 | 001,593,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.01 03:52:04 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.09.02 05:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.07.11 07:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e727&r=27361010r305l0454z195r46n2r262
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {FBD8ED14-CC46-4362-8684-FCBEE6C14A29}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{EAE89F50-1E78-44A8-93AC-5105DC0E3034}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5C7E72A6-2E50-45B8-9AFE-B8C1CD1C6871&apn_sauid=502F0A6D-8AB9-4810-BED0-DC5C8DD53B0A&
IE - HKCU\..\SearchScopes\{FBD8ED14-CC46-4362-8684-FCBEE6C14A29}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.1
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Master\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_5.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_5.0 [2011.11.20 16:35:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 13:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.12.24 17:00:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.20 16:35:25 | 000,000,000 | ---D | M]
 
[2010.12.12 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Extensions
[2010.12.12 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.05.27 17:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Firefox\Profiles\jc0nodlh.default\extensions
[2012.06.15 18:37:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Master\AppData\Roaming\mozilla\Firefox\Profiles\jc0nodlh.default\extensions\wotstats@mywot.com
[2010.12.12 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Sunbird\Profiles\ny8qpuyh.default\extensions
[2012.11.28 22:00:18 | 000,499,324 | ---- | M] () (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\firefox\profiles\jc0nodlh.default\extensions\toolbar@gmx.net.xpi
[2013.03.10 17:45:02 | 000,002,273 | ---- | M] () -- C:\Users\Master\AppData\Roaming\mozilla\firefox\profiles\jc0nodlh.default\searchplugins\bingp.xml
[2012.10.27 12:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.03 09:03:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.18 08:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 12:45:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Master\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WOT = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\
CHR - Extension: Google Mail = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.03.21 19:29:55 | 000,001,153 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\Master\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.94\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\MSOcache\svchost.exe (Twain Working Group)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Dyoxb] C:\Users\Master\AppData\Roaming\Amufwi\fady.exe (Sysinternals - www.sysinternals.com)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\MSOcache\svchost.exe (Twain Working Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\MSOcache\svchost.exe (Twain Working Group)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CBBCE18-0DDD-41F0-A36C-F3272E307A94}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E09B060B-5E86-4BC3-9FCF-010CD911CC1A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.94\npchrome_frame.dll (Google Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{68e9909b-ded7-11df-ad9e-88ae1d120418}\Shell - "" = AutoRun
O33 - MountPoints2\{68e9909b-ded7-11df-ad9e-88ae1d120418}\Shell\AutoRun\command - "" = F:\DBstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.27 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Virus
[2013.05.23 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Markenname
[2013.05.17 03:01:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.17 03:01:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.17 03:01:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.17 03:01:30 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.17 03:01:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.17 03:01:30 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.17 03:01:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.17 03:01:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.17 03:01:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.17 03:01:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.17 03:01:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.17 03:01:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.17 03:01:26 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.17 03:01:26 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.17 03:01:26 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Suoqno
[2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Nitic
[2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Amufwi
[2013.05.16 18:27:48 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 18:27:48 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 18:27:38 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 18:27:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 18:27:37 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 18:27:37 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 18:27:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.09 16:38:34 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Neuer Ordner
[2013.05.06 19:17:35 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Links-alt
[2013.05.01 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Xuseux
[2013.05.01 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Noyc
[2013.05.01 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Imvi
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.05.27 18:21:09 | 000,000,848 | ---- | M] () -- C:\Users\Master\Desktop\Onlinebanking-Testüberweisung Badische Beamtenbank - Trojaner-Board.website
[2013.05.27 18:07:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.27 18:07:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.27 17:59:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.27 17:59:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.27 17:59:19 | 3166,150,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.27 17:49:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.27 17:27:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.27 16:45:35 | 000,002,005 | ---- | M] () -- C:\Users\Master\Desktop\Avira DE-Cleaner.lnk
[2013.05.26 17:53:41 | 000,000,493 | ---- | M] () -- C:\Users\Master\Desktop\Garnelenforum.website
[2013.05.26 08:30:27 | 000,263,676 | ---- | M] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013
[2013.05.26 08:30:21 | 000,263,548 | ---- | M] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013_Backup
[2013.05.21 19:34:26 | 000,000,855 | ---- | M] () -- C:\Users\Master\Desktop\10x OSRAM Glühlampe 12V 60-55W H4 10 Stück GLÜHBIRNE BIRNE LAMPE KFZ Auto 64193  eBay.website
[2013.05.21 19:33:20 | 000,000,545 | ---- | M] () -- C:\Users\Master\Desktop\H4 Stecker Anschluss Fassung Sockel Lampensockel P43t Auto Kabel KFZ plug  eBay.website
[2013.05.21 16:06:33 | 001,657,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.21 16:06:33 | 000,715,448 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.21 16:06:33 | 000,666,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.21 16:06:33 | 000,155,464 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.21 16:06:33 | 000,125,676 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.17 17:03:37 | 004,982,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 16:45:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 16:45:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.15 13:31:48 | 000,000,861 | ---- | M] () -- C:\Users\Master\Desktop\Navi CD für Mercedes Comand APS 2.0 2.5 DX Deutschland E W210 ML W163 2012 2013  eBay.website
[2013.05.14 09:28:02 | 000,149,551 | ---- | M] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012
[2013.05.12 17:13:49 | 000,148,047 | ---- | M] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012_Backup
[2013.05.10 22:24:39 | 000,016,858 | ---- | M] () -- C:\Users\Master\Documents\easyct.ini
[2013.05.09 21:14:32 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
[2013.05.06 17:22:42 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Fotosizer.lnk
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.05.27 17:55:14 | 000,000,848 | ---- | C] () -- C:\Users\Master\Desktop\Onlinebanking-Testüberweisung Badische Beamtenbank - Trojaner-Board.website
[2013.05.27 16:45:35 | 000,002,005 | ---- | C] () -- C:\Users\Master\Desktop\Avira DE-Cleaner.lnk
[2013.05.26 10:08:12 | 000,000,493 | ---- | C] () -- C:\Users\Master\Desktop\Garnelenforum.website
[2013.05.21 19:34:26 | 000,000,855 | ---- | C] () -- C:\Users\Master\Desktop\10x OSRAM Glühlampe 12V 60-55W H4 10 Stück GLÜHBIRNE BIRNE LAMPE KFZ Auto 64193  eBay.website
[2013.05.21 19:33:20 | 000,000,545 | ---- | C] () -- C:\Users\Master\Desktop\H4 Stecker Anschluss Fassung Sockel Lampensockel P43t Auto Kabel KFZ plug  eBay.website
[2013.05.20 08:45:32 | 000,263,676 | ---- | C] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013
[2013.05.20 08:45:32 | 000,263,548 | ---- | C] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013_Backup
[2013.05.15 13:31:48 | 000,000,861 | ---- | C] () -- C:\Users\Master\Desktop\Navi CD für Mercedes Comand APS 2.0 2.5 DX Deutschland E W210 ML W163 2012 2013  eBay.website
[2013.05.09 22:48:06 | 000,149,551 | ---- | C] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012
[2013.05.09 22:48:06 | 000,148,047 | ---- | C] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012_Backup
[2013.05.06 17:22:42 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Fotosizer.lnk
[2013.03.23 17:50:32 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.03.23 17:50:32 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.04.09 18:26:29 | 000,002,797 | ---- | C] () -- C:\Users\Master\.recently-used.xbel
[2012.04.02 10:21:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.04.02 10:21:31 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.01.21 20:20:18 | 000,000,052 | ---- | C] () -- C:\Windows\seumain.INI
[2012.01.21 20:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\KHKSManC.INI
[2011.11.01 17:27:46 | 000,000,030 | ---- | C] () -- C:\Windows\AMSrv.ini
[2011.10.31 23:50:56 | 000,001,349 | ---- | C] () -- C:\Windows\WinPlace.INI
[2011.10.30 13:31:58 | 000,000,031 | ---- | C] () -- C:\Windows\DeskCalc.INI
[2011.08.30 09:41:45 | 000,038,425 | ---- | C] () -- C:\Users\Master\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2011.08.29 21:48:06 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.29 21:47:24 | 003,166,208 | -H-- | C] () -- C:\Users\Master\AppData\Roaming\SystemDriver.exe
[2011.08.12 23:28:50 | 000,015,602 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI
[2011.08.10 08:17:08 | 001,868,944 | ---- | C] () -- C:\Windows\SysWow64\RSA32_16.DLL
[2011.07.26 18:46:48 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011.07.26 18:46:48 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011.07.26 18:46:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011.07.26 18:46:47 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011.07.26 18:46:47 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011.07.26 18:46:47 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011.07.26 18:46:47 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011.07.26 18:46:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011.07.26 18:46:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011.07.26 18:46:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011.07.26 18:46:46 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011.07.26 18:46:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2011.07.26 18:46:45 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011.07.26 18:46:45 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011.07.26 18:46:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011.07.26 18:46:44 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011.07.26 18:46:44 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2011.07.26 18:46:43 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011.07.26 18:46:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011.07.26 18:46:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011.07.26 18:46:41 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011.07.26 18:44:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2011.07.26 18:44:05 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2011.06.23 08:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.02 14:29:13 | 000,066,670 | ---- | C] () -- C:\Users\Master\AppData\Roaming\mdbu.bin
[2010.11.11 23:31:36 | 000,014,848 | ---- | C] () -- C:\Users\Master\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{4cb4f03e-d584-e2a1-06b2-bb992d0cf7dd}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4cb4f03e-d584-e2a1-06b2-bb992d0cf7dd}\L
[2013.02.16 15:32:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4cb4f03e-d584-e2a1-06b2-bb992d0cf7dd}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---




[/CODE]
__________________

Geändert von uzge77 (27.05.2013 um 17:41 Uhr) Grund: habe einen fehler gemacht mache nochmal einen scann sorry

Alt 27.05.2013, 18:00   #4
markusg
/// Malware-holic
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Dyoxb] C:\Users\Master\AppData\Roaming\Amufwi\fady.exe (Sysinternals - www.sysinternals.com)
[2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Suoqno
[2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Nitic
:files
C:\Users\Master\AppData\Roaming\Amufwi
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 18:17   #5
uzge77
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



Zitat:
Zitat von markusg Beitrag anzeigen
Hi,

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
ja hat problemlos geklappt ist drauf


Alt 27.05.2013, 18:20   #6
markusg
/// Malware-holic
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



THX
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Onlinebanking TESTÜBERWEISUNG

Alt 27.05.2013, 18:28   #7
uzge77
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



also hier mal das Ergebnis vom TDSSKiller

Code:
ATTFilter
19:24:57.0515 4624  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:24:57.0796 4624  ============================================================
19:24:57.0796 4624  Current date / time: 2013/05/27 19:24:57.0796
19:24:57.0796 4624  SystemInfo:
19:24:57.0796 4624  
19:24:57.0796 4624  OS Version: 6.1.7601 ServicePack: 1.0
19:24:57.0796 4624  Product type: Workstation
19:24:57.0796 4624  ComputerName: MASTER-PC
19:24:57.0796 4624  UserName: Master
19:24:57.0796 4624  Windows directory: C:\Windows
19:24:57.0796 4624  System windows directory: C:\Windows
19:24:57.0796 4624  Running under WOW64
19:24:57.0796 4624  Processor architecture: Intel x64
19:24:57.0796 4624  Number of processors: 2
19:24:57.0796 4624  Page size: 0x1000
19:24:57.0796 4624  Boot type: Normal boot
19:24:57.0796 4624  ============================================================
19:24:58.0700 4624  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:58.0763 4624  ============================================================
19:24:58.0763 4624  \Device\Harddisk0\DR0:
19:24:58.0763 4624  MBR partitions:
19:24:58.0763 4624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A03C22, BlocksNum 0x32FCD
19:24:58.0763 4624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A36BEF, BlocksNum 0x3894EC41
19:24:58.0763 4624  ============================================================
19:24:58.0841 4624  C: <-> \Device\Harddisk0\DR0\Partition2
19:24:58.0841 4624  ============================================================
19:24:58.0841 4624  Initialize success
19:24:58.0841 4624  ============================================================
19:25:36.0503 3840  ============================================================
19:25:36.0503 3840  Scan started
19:25:36.0503 3840  Mode: Manual; SigCheck; TDLFS; 
19:25:36.0503 3840  ============================================================
19:25:36.0784 3840  ================ Scan system memory ========================
19:25:36.0784 3840  System memory - ok
19:25:36.0784 3840  ================ Scan services =============================
19:25:36.0986 3840  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:25:37.0064 3840  1394ohci - ok
19:25:37.0205 3840  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
19:25:37.0220 3840  AAV UpdateService - ok
19:25:37.0283 3840  [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
19:25:38.0546 3840  acedrv11 - ok
19:25:38.0609 3840  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:25:38.0640 3840  ACPI - ok
19:25:38.0718 3840  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:25:38.0765 3840  AcpiPmi - ok
19:25:38.0905 3840  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:25:38.0921 3840  AdobeARMservice - ok
19:25:39.0046 3840  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:25:39.0061 3840  AdobeFlashPlayerUpdateSvc - ok
19:25:39.0124 3840  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:25:39.0139 3840  adp94xx - ok
19:25:39.0170 3840  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:25:39.0202 3840  adpahci - ok
19:25:39.0217 3840  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:25:39.0233 3840  adpu320 - ok
19:25:39.0280 3840  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:25:39.0326 3840  AeLookupSvc - ok
19:25:39.0389 3840  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:25:39.0451 3840  AFD - ok
19:25:39.0498 3840  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:25:39.0514 3840  agp440 - ok
19:25:39.0560 3840  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:25:39.0592 3840  ALG - ok
19:25:39.0654 3840  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:25:39.0670 3840  aliide - ok
19:25:39.0732 3840  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:25:39.0748 3840  amdide - ok
19:25:39.0779 3840  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:25:39.0810 3840  AmdK8 - ok
19:25:39.0826 3840  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:25:39.0888 3840  AmdPPM - ok
19:25:39.0950 3840  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:25:39.0982 3840  amdsata - ok
19:25:40.0013 3840  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:25:40.0044 3840  amdsbs - ok
19:25:40.0060 3840  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:25:40.0075 3840  amdxata - ok
19:25:40.0138 3840  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:25:40.0216 3840  AppID - ok
19:25:40.0247 3840  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:25:40.0325 3840  AppIDSvc - ok
19:25:40.0372 3840  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
19:25:40.0450 3840  Appinfo - ok
19:25:40.0481 3840  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:25:40.0512 3840  arc - ok
19:25:40.0543 3840  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:25:40.0574 3840  arcsas - ok
19:25:40.0606 3840  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:25:40.0684 3840  AsyncMac - ok
19:25:40.0746 3840  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:25:40.0762 3840  atapi - ok
19:25:40.0824 3840  [ 5074CCA8927D5ED5D102EC48BB771E3F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:25:40.0855 3840  athr - ok
19:25:40.0902 3840  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:25:40.0980 3840  AudioEndpointBuilder - ok
19:25:40.0996 3840  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:25:41.0042 3840  AudioSrv - ok
19:25:41.0089 3840  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:25:41.0167 3840  AxInstSV - ok
19:25:41.0245 3840  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:25:41.0308 3840  b06bdrv - ok
19:25:41.0354 3840  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:25:41.0417 3840  b57nd60a - ok
19:25:41.0510 3840  [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
19:25:41.0604 3840  BCM43XX - ok
19:25:41.0635 3840  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:25:41.0651 3840  BDESVC - ok
19:25:41.0698 3840  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:25:41.0744 3840  Beep - ok
19:25:41.0807 3840  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:25:41.0900 3840  BFE - ok
19:25:41.0947 3840  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:25:42.0056 3840  BITS - ok
19:25:42.0088 3840  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:25:42.0119 3840  blbdrive - ok
19:25:42.0150 3840  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:25:42.0166 3840  bowser - ok
19:25:42.0197 3840  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:25:42.0259 3840  BrFiltLo - ok
19:25:42.0290 3840  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:25:42.0306 3840  BrFiltUp - ok
19:25:42.0337 3840  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:25:42.0368 3840  Browser - ok
19:25:42.0400 3840  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:25:42.0446 3840  Brserid - ok
19:25:42.0462 3840  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:25:42.0493 3840  BrSerWdm - ok
19:25:42.0524 3840  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:25:42.0556 3840  BrUsbMdm - ok
19:25:42.0587 3840  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:25:42.0618 3840  BrUsbSer - ok
19:25:42.0727 3840  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
19:25:42.0743 3840  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
19:25:42.0743 3840  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
19:25:42.0758 3840  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:25:42.0805 3840  BTHMODEM - ok
19:25:42.0852 3840  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:25:42.0914 3840  bthserv - ok
19:25:42.0961 3840  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:25:43.0008 3840  cdfs - ok
19:25:43.0070 3840  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:25:43.0086 3840  cdrom - ok
19:25:43.0133 3840  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:25:43.0180 3840  CertPropSvc - ok
19:25:43.0226 3840  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:25:43.0258 3840  circlass - ok
19:25:43.0289 3840  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:25:43.0320 3840  CLFS - ok
19:25:43.0382 3840  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:43.0414 3840  clr_optimization_v2.0.50727_32 - ok
19:25:43.0460 3840  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:25:43.0476 3840  clr_optimization_v2.0.50727_64 - ok
19:25:43.0554 3840  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:25:43.0585 3840  clr_optimization_v4.0.30319_32 - ok
19:25:43.0616 3840  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:25:43.0632 3840  clr_optimization_v4.0.30319_64 - ok
19:25:43.0663 3840  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:25:43.0694 3840  CmBatt - ok
19:25:43.0710 3840  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:25:43.0726 3840  cmdide - ok
19:25:43.0772 3840  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:25:43.0788 3840  CNG - ok
19:25:43.0819 3840  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:25:43.0835 3840  Compbatt - ok
19:25:43.0866 3840  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:25:43.0913 3840  CompositeBus - ok
19:25:43.0928 3840  COMSysApp - ok
19:25:43.0944 3840  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:25:43.0960 3840  crcdisk - ok
19:25:44.0022 3840  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:25:44.0053 3840  CryptSvc - ok
19:25:44.0100 3840  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:25:44.0147 3840  DcomLaunch - ok
19:25:44.0178 3840  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:25:44.0225 3840  defragsvc - ok
19:25:44.0256 3840  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:25:44.0334 3840  DfsC - ok
19:25:44.0365 3840  dgderdrv - ok
19:25:44.0428 3840  [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:25:44.0443 3840  dg_ssudbus - ok
19:25:44.0506 3840  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:25:44.0552 3840  Dhcp - ok
19:25:44.0584 3840  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:25:44.0630 3840  discache - ok
19:25:44.0677 3840  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:25:44.0693 3840  Disk - ok
19:25:44.0740 3840  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:25:44.0771 3840  Dnscache - ok
19:25:44.0833 3840  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:25:44.0896 3840  dot3svc - ok
19:25:44.0911 3840  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:25:44.0958 3840  DPS - ok
19:25:45.0005 3840  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:25:45.0036 3840  drmkaud - ok
19:25:45.0083 3840  [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:25:45.0114 3840  DsiWMIService - ok
19:25:45.0161 3840  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:25:45.0176 3840  DXGKrnl - ok
19:25:45.0208 3840  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:25:45.0270 3840  EapHost - ok
19:25:45.0348 3840  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:25:45.0473 3840  ebdrv - ok
19:25:45.0520 3840  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:25:45.0535 3840  EFS - ok
19:25:45.0598 3840  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:25:45.0660 3840  ehRecvr - ok
19:25:45.0691 3840  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:25:45.0707 3840  ehSched - ok
19:25:45.0754 3840  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
19:25:45.0769 3840  ElbyCDIO - ok
19:25:45.0816 3840  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:25:45.0832 3840  elxstor - ok
19:25:45.0956 3840  [ 09DDC2D4724A4FF844F738B60E63D872 ] ePowerSvc       C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
19:25:45.0988 3840  ePowerSvc - ok
19:25:46.0019 3840  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:25:46.0050 3840  ErrDev - ok
19:25:46.0097 3840  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:25:46.0159 3840  EventSystem - ok
19:25:46.0190 3840  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:25:46.0222 3840  exfat - ok
19:25:46.0253 3840  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:25:46.0315 3840  fastfat - ok
19:25:46.0362 3840  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:25:46.0424 3840  Fax - ok
19:25:46.0440 3840  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:25:46.0456 3840  fdc - ok
19:25:46.0487 3840  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:25:46.0534 3840  fdPHost - ok
19:25:46.0549 3840  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:25:46.0596 3840  FDResPub - ok
19:25:46.0627 3840  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:25:46.0643 3840  FileInfo - ok
19:25:46.0658 3840  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:25:46.0721 3840  Filetrace - ok
19:25:46.0916 3840  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:25:46.0942 3840  FLEXnet Licensing Service - ok
19:25:46.0995 3840  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:25:47.0027 3840  flpydisk - ok
19:25:47.0063 3840  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:25:47.0080 3840  FltMgr - ok
19:25:47.0145 3840  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:25:47.0182 3840  FontCache - ok
19:25:47.0229 3840  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:25:47.0240 3840  FontCache3.0.0.0 - ok
19:25:47.0271 3840  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:25:47.0284 3840  FsDepends - ok
19:25:47.0378 3840  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\SysWOW64\FsUsbExDisk.SYS
19:25:47.0395 3840  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:25:47.0395 3840  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:25:47.0431 3840  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:25:47.0444 3840  Fs_Rec - ok
19:25:47.0487 3840  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:25:47.0507 3840  fvevol - ok
19:25:47.0542 3840  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:25:47.0556 3840  gagp30kx - ok
19:25:47.0606 3840  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:25:47.0671 3840  gpsvc - ok
19:25:47.0784 3840  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
19:25:47.0800 3840  GREGService - ok
19:25:47.0913 3840  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:47.0934 3840  gupdate - ok
19:25:48.0013 3840  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:48.0032 3840  gupdatem - ok
19:25:48.0108 3840  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:25:48.0134 3840  gusvc - ok
19:25:48.0153 3840  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:25:48.0182 3840  hcw85cir - ok
19:25:48.0253 3840  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:25:48.0276 3840  HdAudAddService - ok
19:25:48.0310 3840  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:25:48.0329 3840  HDAudBus - ok
19:25:48.0348 3840  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:25:48.0378 3840  HidBatt - ok
19:25:48.0418 3840  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:25:48.0453 3840  HidBth - ok
19:25:48.0477 3840  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:25:48.0500 3840  HidIr - ok
19:25:48.0523 3840  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:25:48.0583 3840  hidserv - ok
19:25:48.0655 3840  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:25:48.0675 3840  HidUsb - ok
19:25:48.0738 3840  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:25:48.0803 3840  hkmsvc - ok
19:25:48.0843 3840  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:25:48.0884 3840  HomeGroupListener - ok
19:25:48.0919 3840  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:25:48.0949 3840  HomeGroupProvider - ok
19:25:48.0999 3840  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:25:49.0014 3840  HpSAMD - ok
19:25:49.0060 3840  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:25:49.0115 3840  HTTP - ok
19:25:49.0148 3840  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:25:49.0160 3840  hwpolicy - ok
19:25:49.0222 3840  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:25:49.0248 3840  i8042prt - ok
19:25:49.0293 3840  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:25:49.0317 3840  iaStor - ok
19:25:49.0366 3840  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:25:49.0390 3840  IAStorDataMgrSvc - ok
19:25:49.0431 3840  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:25:49.0453 3840  iaStorV - ok
19:25:49.0554 3840  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:25:49.0578 3840  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:25:49.0578 3840  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:25:49.0625 3840  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:25:49.0653 3840  idsvc - ok
19:25:49.0840 3840  [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:25:50.0055 3840  igfx - ok
19:25:50.0112 3840  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:25:50.0136 3840  iirsp - ok
19:25:50.0189 3840  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:25:50.0250 3840  IKEEXT - ok
19:25:50.0325 3840  [ 1768CCC0CCDA73A5B3D7A17A3C52E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:25:50.0368 3840  IntcAzAudAddService - ok
19:25:50.0400 3840  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:25:50.0413 3840  intelide - ok
19:25:50.0453 3840  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:25:50.0491 3840  intelppm - ok
19:25:50.0522 3840  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:25:50.0586 3840  IPBusEnum - ok
19:25:50.0619 3840  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:25:50.0665 3840  IpFilterDriver - ok
19:25:50.0705 3840  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
19:25:50.0745 3840  IpHlpSvc - ok
19:25:50.0781 3840  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:25:50.0798 3840  IPMIDRV - ok
19:25:50.0845 3840  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:25:50.0899 3840  IPNAT - ok
19:25:50.0919 3840  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:25:50.0952 3840  IRENUM - ok
19:25:50.0985 3840  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:25:51.0000 3840  isapnp - ok
19:25:51.0034 3840  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:25:51.0052 3840  iScsiPrt - ok
19:25:51.0077 3840  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:25:51.0091 3840  kbdclass - ok
19:25:51.0130 3840  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:25:51.0146 3840  kbdhid - ok
19:25:51.0177 3840  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:25:51.0193 3840  KeyIso - ok
19:25:51.0224 3840  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:25:51.0240 3840  KSecDD - ok
19:25:51.0255 3840  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:25:51.0271 3840  KSecPkg - ok
19:25:51.0302 3840  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:25:51.0349 3840  ksthunk - ok
19:25:51.0396 3840  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:25:51.0442 3840  KtmRm - ok
19:25:51.0474 3840  [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:25:51.0505 3840  L1C - ok
19:25:51.0552 3840  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:25:51.0614 3840  LanmanServer - ok
19:25:51.0645 3840  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:25:51.0723 3840  LanmanWorkstation - ok
19:25:51.0770 3840  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:25:51.0801 3840  lltdio - ok
19:25:51.0848 3840  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:25:51.0910 3840  lltdsvc - ok
19:25:51.0926 3840  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:25:51.0957 3840  lmhosts - ok
19:25:52.0004 3840  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:25:52.0020 3840  LSI_FC - ok
19:25:52.0035 3840  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:25:52.0051 3840  LSI_SAS - ok
19:25:52.0066 3840  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:25:52.0082 3840  LSI_SAS2 - ok
19:25:52.0129 3840  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:25:52.0144 3840  LSI_SCSI - ok
19:25:52.0191 3840  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:25:52.0254 3840  luafv - ok
19:25:52.0347 3840  [ F6963E48385A5637FC4E51DC0F8234A0 ] lxebCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
19:25:52.0378 3840  lxebCATSCustConnectService - ok
19:25:52.0441 3840  lxeb_device - ok
19:25:52.0519 3840  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
19:25:52.0550 3840  McComponentHostService - ok
19:25:52.0581 3840  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:25:52.0612 3840  Mcx2Svc - ok
19:25:52.0628 3840  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:25:52.0644 3840  megasas - ok
19:25:52.0675 3840  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:25:52.0690 3840  MegaSR - ok
19:25:52.0784 3840  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:25:52.0800 3840  Microsoft Office Groove Audit Service - ok
19:25:52.0846 3840  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:25:52.0909 3840  MMCSS - ok
19:25:52.0940 3840  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:25:52.0987 3840  Modem - ok
19:25:53.0018 3840  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:25:53.0034 3840  monitor - ok
19:25:53.0065 3840  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:25:53.0080 3840  mouclass - ok
19:25:53.0112 3840  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:25:53.0127 3840  mouhid - ok
19:25:53.0158 3840  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:25:53.0174 3840  mountmgr - ok
19:25:53.0221 3840  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:25:53.0252 3840  MpFilter - ok
19:25:53.0283 3840  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:25:53.0299 3840  mpio - ok
19:25:53.0330 3840  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:25:53.0377 3840  mpsdrv - ok
19:25:53.0408 3840  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:25:53.0486 3840  MpsSvc - ok
19:25:53.0517 3840  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:25:53.0548 3840  MRxDAV - ok
19:25:53.0580 3840  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:25:53.0611 3840  mrxsmb - ok
19:25:53.0658 3840  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:25:53.0689 3840  mrxsmb10 - ok
19:25:53.0720 3840  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:25:53.0751 3840  mrxsmb20 - ok
19:25:53.0814 3840  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:25:53.0829 3840  msahci - ok
19:25:53.0876 3840  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:25:53.0892 3840  msdsm - ok
19:25:53.0907 3840  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:25:53.0938 3840  MSDTC - ok
19:25:53.0970 3840  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:25:54.0016 3840  Msfs - ok
19:25:54.0032 3840  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:25:54.0079 3840  mshidkmdf - ok
19:25:54.0110 3840  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:25:54.0126 3840  msisadrv - ok
19:25:54.0157 3840  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:25:54.0204 3840  MSiSCSI - ok
19:25:54.0204 3840  msiserver - ok
19:25:54.0250 3840  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:25:54.0282 3840  MSKSSRV - ok
19:25:54.0406 3840  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:25:54.0438 3840  MsMpSvc - ok
19:25:54.0469 3840  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:25:54.0516 3840  MSPCLOCK - ok
19:25:54.0531 3840  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:25:54.0578 3840  MSPQM - ok
19:25:54.0625 3840  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:25:54.0640 3840  MsRPC - ok
19:25:54.0687 3840  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:25:54.0703 3840  mssmbios - ok
19:25:54.0796 3840  MSSQL$SQLEXPRESS - ok
19:25:54.0843 3840  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:25:54.0859 3840  MSSQLServerADHelper - ok
19:25:54.0906 3840  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:25:54.0952 3840  MSTEE - ok
19:25:54.0968 3840  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:25:54.0984 3840  MTConfig - ok
19:25:54.0999 3840  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:25:55.0015 3840  Mup - ok
19:25:55.0062 3840  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:25:55.0124 3840  napagent - ok
19:25:55.0171 3840  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:25:55.0202 3840  NativeWifiP - ok
19:25:55.0264 3840  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:25:55.0327 3840  NDIS - ok
19:25:55.0358 3840  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:25:55.0405 3840  NdisCap - ok
19:25:55.0436 3840  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:25:55.0483 3840  NdisTapi - ok
19:25:55.0530 3840  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:25:55.0576 3840  Ndisuio - ok
19:25:55.0623 3840  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:25:55.0670 3840  NdisWan - ok
19:25:55.0701 3840  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:25:55.0764 3840  NDProxy - ok
19:25:55.0795 3840  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:25:55.0842 3840  NetBIOS - ok
19:25:55.0888 3840  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:25:55.0920 3840  NetBT - ok
19:25:55.0935 3840  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:25:55.0951 3840  Netlogon - ok
19:25:55.0998 3840  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:25:56.0060 3840  Netman - ok
19:25:56.0091 3840  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:25:56.0138 3840  netprofm - ok
19:25:56.0169 3840  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:25:56.0185 3840  NetTcpPortSharing - ok
19:25:56.0232 3840  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:25:56.0247 3840  nfrd960 - ok
19:25:56.0294 3840  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:25:56.0325 3840  NisDrv - ok
19:25:56.0388 3840  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:25:56.0434 3840  NisSrv - ok
19:25:56.0466 3840  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:25:56.0497 3840  NlaSvc - ok
19:25:56.0528 3840  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
19:25:56.0575 3840  nmwcd - ok
19:25:56.0590 3840  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
19:25:56.0637 3840  nmwcdc - ok
19:25:56.0653 3840  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:25:56.0684 3840  Npfs - ok
19:25:56.0715 3840  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:25:56.0778 3840  nsi - ok
19:25:56.0809 3840  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:25:56.0856 3840  nsiproxy - ok
19:25:56.0918 3840  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:25:56.0996 3840  Ntfs - ok
19:25:57.0043 3840  [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:25:57.0058 3840  NTIBackupSvc - ok
19:25:57.0074 3840  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
19:25:57.0074 3840  NTIDrvr - ok
19:25:57.0105 3840  [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:25:57.0152 3840  NTISchedulerSvc - ok
19:25:57.0183 3840  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:25:57.0230 3840  Null - ok
19:25:57.0277 3840  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:25:57.0292 3840  nvraid - ok
19:25:57.0308 3840  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:25:57.0324 3840  nvstor - ok
19:25:57.0370 3840  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:25:57.0386 3840  nv_agp - ok
19:25:57.0448 3840  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:25:57.0495 3840  odserv - ok
19:25:57.0526 3840  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:25:57.0558 3840  ohci1394 - ok
19:25:57.0620 3840  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:57.0636 3840  ose - ok
19:25:57.0667 3840  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:25:57.0698 3840  p2pimsvc - ok
19:25:57.0729 3840  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:25:57.0745 3840  p2psvc - ok
19:25:57.0776 3840  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:25:57.0792 3840  Parport - ok
19:25:57.0823 3840  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:25:57.0838 3840  partmgr - ok
19:25:57.0854 3840  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:25:57.0885 3840  PcaSvc - ok
19:25:57.0932 3840  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:25:57.0948 3840  pccsmcfd - ok
19:25:57.0979 3840  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:25:58.0010 3840  pci - ok
19:25:58.0010 3840  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:25:58.0026 3840  pciide - ok
19:25:58.0057 3840  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:25:58.0072 3840  pcmcia - ok
19:25:58.0088 3840  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:25:58.0104 3840  pcw - ok
19:25:58.0119 3840  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:25:58.0182 3840  PEAUTH - ok
19:25:58.0275 3840  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:25:58.0306 3840  PerfHost - ok
19:25:58.0384 3840  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:25:58.0509 3840  pla - ok
19:25:58.0572 3840  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:25:58.0618 3840  PlugPlay - ok
19:25:58.0634 3840  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:25:58.0665 3840  PNRPAutoReg - ok
19:25:58.0696 3840  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:25:58.0712 3840  PNRPsvc - ok
19:25:58.0759 3840  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:25:58.0806 3840  PolicyAgent - ok
19:25:58.0837 3840  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:25:58.0899 3840  Power - ok
19:25:58.0946 3840  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:25:59.0008 3840  PptpMiniport - ok
19:25:59.0071 3840  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:25:59.0086 3840  Processor - ok
19:25:59.0133 3840  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:25:59.0149 3840  ProfSvc - ok
19:25:59.0164 3840  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:25:59.0180 3840  ProtectedStorage - ok
19:25:59.0227 3840  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:25:59.0289 3840  Psched - ok
19:25:59.0336 3840  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:25:59.0414 3840  ql2300 - ok
19:25:59.0445 3840  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:25:59.0461 3840  ql40xx - ok
19:25:59.0492 3840  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:25:59.0508 3840  QWAVE - ok
19:25:59.0523 3840  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:25:59.0554 3840  QWAVEdrv - ok
19:25:59.0570 3840  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:25:59.0632 3840  RasAcd - ok
19:25:59.0664 3840  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:25:59.0710 3840  RasAgileVpn - ok
19:25:59.0726 3840  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:25:59.0773 3840  RasAuto - ok
19:25:59.0804 3840  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:25:59.0866 3840  Rasl2tp - ok
19:25:59.0913 3840  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:25:59.0976 3840  RasMan - ok
19:26:00.0007 3840  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:00.0054 3840  RasPppoe - ok
19:26:00.0085 3840  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:26:00.0132 3840  RasSstp - ok
19:26:00.0178 3840  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:26:00.0225 3840  rdbss - ok
19:26:00.0256 3840  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:26:00.0288 3840  rdpbus - ok
19:26:00.0303 3840  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:00.0350 3840  RDPCDD - ok
19:26:00.0381 3840  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:26:00.0428 3840  RDPENCDD - ok
19:26:00.0459 3840  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:26:00.0490 3840  RDPREFMP - ok
19:26:00.0568 3840  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:26:00.0584 3840  RdpVideoMiniport - ok
19:26:00.0631 3840  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:26:00.0662 3840  RDPWD - ok
19:26:00.0693 3840  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:26:00.0709 3840  rdyboost - ok
19:26:00.0740 3840  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:26:00.0787 3840  RemoteAccess - ok
19:26:00.0818 3840  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:26:00.0880 3840  RemoteRegistry - ok
19:26:00.0896 3840  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:26:00.0927 3840  RpcEptMapper - ok
19:26:00.0958 3840  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:26:00.0990 3840  RpcLocator - ok
19:26:01.0021 3840  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:26:01.0068 3840  RpcSs - ok
19:26:01.0114 3840  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:26:01.0161 3840  rspndr - ok
19:26:01.0192 3840  [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
19:26:01.0208 3840  RSUSBSTOR - ok
19:26:01.0224 3840  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:26:01.0239 3840  SamSs - ok
19:26:01.0286 3840  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:26:01.0286 3840  sbp2port - ok
19:26:01.0317 3840  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:26:01.0364 3840  SCardSvr - ok
19:26:01.0395 3840  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:26:01.0442 3840  scfilter - ok
19:26:01.0489 3840  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:26:01.0582 3840  Schedule - ok
19:26:01.0614 3840  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:26:01.0645 3840  SCPolicySvc - ok
19:26:01.0692 3840  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:26:01.0723 3840  SDRSVC - ok
19:26:01.0738 3840  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:26:01.0801 3840  secdrv - ok
19:26:01.0832 3840  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:26:01.0879 3840  seclogon - ok
19:26:01.0910 3840  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:26:01.0972 3840  SENS - ok
19:26:01.0988 3840  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:26:02.0004 3840  SensrSvc - ok
19:26:02.0050 3840  [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64      C:\Windows\System32\Drivers\Sentinel64.sys
19:26:02.0674 3840  Sentinel64 - ok
19:26:02.0768 3840  [ A9EEB7B09B898A53EC8B7063B923AC32 ] SentinelKeysServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
19:26:02.0862 3840  SentinelKeysServer - ok
19:26:02.0940 3840  [ FD8723219C907C7AB753C93334FA4610 ] SentinelProtectionServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
19:26:04.0344 3840  SentinelProtectionServer - ok
19:26:04.0390 3840  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:26:04.0390 3840  Serenum - ok
19:26:04.0422 3840  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:26:04.0453 3840  Serial - ok
19:26:04.0500 3840  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:26:04.0515 3840  sermouse - ok
19:26:04.0593 3840  [ 668043F192AB9659761A349A4703600D ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:26:04.0640 3840  ServiceLayer - ok
19:26:04.0687 3840  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:26:04.0734 3840  SessionEnv - ok
19:26:04.0765 3840  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:26:04.0812 3840  sffdisk - ok
19:26:04.0827 3840  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:26:04.0858 3840  sffp_mmc - ok
19:26:04.0874 3840  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:26:04.0905 3840  sffp_sd - ok
19:26:04.0936 3840  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:26:04.0952 3840  sfloppy - ok
19:26:04.0983 3840  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:26:05.0030 3840  SharedAccess - ok
19:26:05.0077 3840  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:26:05.0124 3840  ShellHWDetection - ok
19:26:05.0155 3840  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:26:05.0170 3840  SiSRaid2 - ok
19:26:05.0202 3840  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:26:05.0217 3840  SiSRaid4 - ok
19:26:05.0233 3840  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:26:05.0326 3840  Smb - ok
19:26:05.0373 3840  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:26:05.0404 3840  SNMPTRAP - ok
19:26:05.0436 3840  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:26:05.0451 3840  spldr - ok
19:26:05.0498 3840  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:26:05.0545 3840  Spooler - ok
19:26:05.0638 3840  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:26:05.0810 3840  sppsvc - ok
19:26:05.0841 3840  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:26:05.0904 3840  sppuinotify - ok
19:26:05.0982 3840  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:26:06.0013 3840  SQLBrowser - ok
19:26:06.0060 3840  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:26:06.0091 3840  SQLWriter - ok
19:26:06.0122 3840  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:26:06.0169 3840  srv - ok
19:26:06.0216 3840  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:26:06.0262 3840  srv2 - ok
19:26:06.0309 3840  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:26:06.0325 3840  srvnet - ok
19:26:06.0356 3840  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:26:06.0418 3840  SSDPSRV - ok
19:26:06.0434 3840  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:26:06.0481 3840  SstpSvc - ok
19:26:06.0543 3840  [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:26:06.0559 3840  ssudmdm - ok
19:26:06.0574 3840  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:26:06.0590 3840  stexstor - ok
19:26:06.0652 3840  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:26:06.0699 3840  stisvc - ok
19:26:06.0746 3840  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:26:06.0762 3840  swenum - ok
19:26:06.0824 3840  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:26:06.0871 3840  swprv - ok
19:26:06.0918 3840  [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:26:06.0933 3840  SynTP - ok
19:26:07.0011 3840  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:26:07.0074 3840  SysMain - ok
19:26:07.0120 3840  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:26:07.0136 3840  TabletInputService - ok
19:26:07.0183 3840  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:26:07.0230 3840  TapiSrv - ok
19:26:07.0261 3840  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:26:07.0292 3840  TBS - ok
19:26:07.0354 3840  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:26:07.0448 3840  Tcpip - ok
19:26:07.0495 3840  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:26:07.0526 3840  TCPIP6 - ok
19:26:07.0573 3840  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:26:07.0604 3840  tcpipreg - ok
19:26:07.0635 3840  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:26:07.0651 3840  TDPIPE - ok
19:26:07.0682 3840  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:26:07.0713 3840  TDTCP - ok
19:26:07.0760 3840  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:26:07.0807 3840  tdx - ok
19:26:07.0838 3840  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:26:07.0854 3840  TermDD - ok
19:26:07.0900 3840  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:26:07.0947 3840  TermService - ok
19:26:07.0978 3840  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:26:08.0010 3840  Themes - ok
19:26:08.0041 3840  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:26:08.0088 3840  THREADORDER - ok
19:26:08.0088 3840  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:26:08.0150 3840  TrkWks - ok
19:26:08.0228 3840  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:26:08.0322 3840  TrustedInstaller - ok
19:26:08.0368 3840  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:08.0446 3840  tssecsrv - ok
19:26:08.0478 3840  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:26:08.0509 3840  TsUsbFlt - ok
19:26:08.0556 3840  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:26:08.0618 3840  tunnel - ok
19:26:08.0649 3840  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:26:08.0665 3840  uagp35 - ok
19:26:08.0696 3840  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
19:26:08.0696 3840  UBHelper - ok
19:26:08.0758 3840  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:26:08.0821 3840  udfs - ok
19:26:08.0852 3840  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:26:08.0868 3840  UI0Detect - ok
19:26:08.0883 3840  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:26:08.0899 3840  uliagpkx - ok
19:26:08.0930 3840  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
19:26:08.0961 3840  umbus - ok
19:26:08.0977 3840  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:26:09.0008 3840  UmPass - ok
19:26:09.0039 3840  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
19:26:09.0055 3840  Updater Service - ok
19:26:09.0086 3840  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:26:09.0148 3840  upnphost - ok
19:26:09.0180 3840  [ 4E93C8496359E97830C75AC36393654D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:26:09.0226 3840  upperdev - ok
19:26:09.0258 3840  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:09.0289 3840  usbccgp - ok
19:26:09.0336 3840  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:26:09.0351 3840  usbcir - ok
19:26:09.0382 3840  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:26:09.0398 3840  usbehci - ok
19:26:09.0445 3840  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:26:09.0492 3840  usbhub - ok
19:26:09.0507 3840  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:26:09.0523 3840  usbohci - ok
19:26:09.0523 3840  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:26:09.0554 3840  usbprint - ok
19:26:09.0601 3840  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:26:09.0616 3840  usbscan - ok
19:26:09.0663 3840  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
19:26:09.0694 3840  usbser - ok
19:26:09.0726 3840  [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:26:09.0772 3840  UsbserFilt - ok
19:26:09.0804 3840  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:09.0835 3840  USBSTOR - ok
19:26:09.0866 3840  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:26:09.0882 3840  usbuhci - ok
19:26:09.0928 3840  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:26:09.0960 3840  usbvideo - ok
19:26:09.0991 3840  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:26:10.0038 3840  UxSms - ok
19:26:10.0053 3840  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:26:10.0069 3840  VaultSvc - ok
19:26:10.0100 3840  [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
19:26:10.0131 3840  VClone - ok
19:26:10.0194 3840  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:26:10.0209 3840  vdrvroot - ok
19:26:10.0256 3840  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:26:10.0303 3840  vds - ok
19:26:10.0334 3840  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:10.0350 3840  vga - ok
19:26:10.0365 3840  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:26:10.0428 3840  VgaSave - ok
19:26:10.0459 3840  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:26:10.0474 3840  vhdmp - ok
19:26:10.0521 3840  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:26:10.0537 3840  viaide - ok
19:26:10.0630 3840  [ 152E0AFF3D03257BE432B54D5E04C4CE ] Visual Studio Analyzer RPC bridge C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
19:26:10.0693 3840  Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - warning
19:26:10.0693 3840  Visual Studio Analyzer RPC bridge - detected UnsignedFile.Multi.Generic (1)
19:26:10.0708 3840  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:26:10.0724 3840  volmgr - ok
19:26:10.0755 3840  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:26:10.0771 3840  volmgrx - ok
19:26:10.0802 3840  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:26:10.0818 3840  volsnap - ok
19:26:10.0864 3840  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:26:10.0880 3840  vsmraid - ok
19:26:10.0942 3840  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:26:11.0052 3840  VSS - ok
19:26:11.0083 3840  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:26:11.0114 3840  vwifibus - ok
19:26:11.0130 3840  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:26:11.0161 3840  vwififlt - ok
19:26:11.0176 3840  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:26:11.0192 3840  vwifimp - ok
19:26:11.0223 3840  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:26:11.0286 3840  W32Time - ok
19:26:11.0317 3840  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:26:11.0348 3840  WacomPen - ok
19:26:11.0379 3840  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:26:11.0442 3840  WANARP - ok
19:26:11.0457 3840  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:26:11.0488 3840  Wanarpv6 - ok
19:26:11.0582 3840  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:26:11.0660 3840  WatAdminSvc - ok
19:26:11.0738 3840  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:26:11.0816 3840  wbengine - ok
19:26:11.0847 3840  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:26:11.0878 3840  WbioSrvc - ok
19:26:11.0925 3840  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:26:11.0972 3840  wcncsvc - ok
19:26:11.0988 3840  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:26:12.0003 3840  WcsPlugInService - ok
19:26:12.0034 3840  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:26:12.0050 3840  Wd - ok
19:26:12.0097 3840  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:26:12.0128 3840  Wdf01000 - ok
19:26:12.0159 3840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:26:12.0190 3840  WdiServiceHost - ok
19:26:12.0206 3840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:26:12.0222 3840  WdiSystemHost - ok
19:26:12.0253 3840  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:26:12.0300 3840  WebClient - ok
19:26:12.0331 3840  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:26:12.0393 3840  Wecsvc - ok
19:26:12.0424 3840  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:26:12.0487 3840  wercplsupport - ok
19:26:12.0534 3840  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:26:12.0565 3840  WerSvc - ok
19:26:12.0612 3840  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:26:12.0643 3840  WfpLwf - ok
19:26:12.0674 3840  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:26:12.0674 3840  WIMMount - ok
19:26:12.0705 3840  WinDefend - ok
19:26:12.0721 3840  WinHttpAutoProxySvc - ok
19:26:12.0783 3840  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:26:12.0830 3840  Winmgmt - ok
19:26:12.0892 3840  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:26:13.0033 3840  WinRM - ok
19:26:13.0111 3840  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:26:13.0142 3840  WinUsb - ok
19:26:13.0173 3840  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:26:13.0236 3840  Wlansvc - ok
19:26:13.0267 3840  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:26:13.0282 3840  WmiAcpi - ok
19:26:13.0329 3840  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:26:13.0345 3840  wmiApSrv - ok
19:26:13.0376 3840  WMPNetworkSvc - ok
19:26:13.0470 3840  [ 495284CF894336E9512ED7C9ACB3548E ] WOTUpdater      C:\Users\Master\AppData\LocalLow\WOT\IE\WOTUpdater.exe
19:26:13.0532 3840  WOTUpdater ( UnsignedFile.Multi.Generic ) - warning
19:26:13.0532 3840  WOTUpdater - detected UnsignedFile.Multi.Generic (1)
19:26:13.0548 3840  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:26:13.0563 3840  WPCSvc - ok
19:26:13.0610 3840  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:26:13.0626 3840  WPDBusEnum - ok
19:26:13.0657 3840  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:26:13.0719 3840  ws2ifsl - ok
19:26:13.0750 3840  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:26:13.0782 3840  wscsvc - ok
19:26:13.0782 3840  WSearch - ok
19:26:13.0875 3840  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:26:13.0969 3840  wuauserv - ok
19:26:14.0000 3840  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:26:14.0016 3840  WudfPf - ok
19:26:14.0062 3840  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:14.0078 3840  WUDFRd - ok
19:26:14.0125 3840  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:26:14.0156 3840  wudfsvc - ok
19:26:14.0187 3840  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:26:14.0250 3840  WwanSvc - ok
19:26:14.0281 3840  ================ Scan global ===============================
19:26:14.0312 3840  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:26:14.0343 3840  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:26:14.0359 3840  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:26:14.0390 3840  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:26:14.0421 3840  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:26:14.0421 3840  [Global] - ok
19:26:14.0421 3840  ================ Scan MBR ==================================
19:26:14.0437 3840  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:26:14.0811 3840  \Device\Harddisk0\DR0 - ok
19:26:14.0811 3840  ================ Scan VBR ==================================
19:26:14.0811 3840  [ 5389F658FC8B4A8E3FF0C8E8B3C875F1 ] \Device\Harddisk0\DR0\Partition1
19:26:14.0811 3840  \Device\Harddisk0\DR0\Partition1 - ok
19:26:14.0842 3840  [ 657FDD8678DE3E5AC8D8F11DE75FAEC4 ] \Device\Harddisk0\DR0\Partition2
19:26:14.0858 3840  \Device\Harddisk0\DR0\Partition2 - ok
19:26:14.0858 3840  ============================================================
19:26:14.0858 3840  Scan finished
19:26:14.0858 3840  ============================================================
19:26:14.0874 0760  Detected object count: 5
19:26:14.0874 0760  Actual detected object count: 5
19:26:57.0473 0760  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:26:57.0473 0760  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:26:57.0473 0760  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:26:57.0473 0760  Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760  Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:26:57.0473 0760  WOTUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760  WOTUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 27.05.2013, 19:08   #8
markusg
/// Malware-holic
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



Hi, du hast den Trojan.Zbot.

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für onlinebanking, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Wenn es mein PC währe, würde ich ihn einmal neu aufsetzen und absichern, du bekommst dazu natürlich von uns hilfe, auch wenn du weiter reinigen möchtest, teile mir mit, wie's weiter gehen soll :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 19:39   #9
uzge77
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



Zitat:
Zitat von markusg Beitrag anzeigen
Hi, du hast den Trojan.Zbot.

Wenn es mein PC währe, würde ich ihn einmal neu aufsetzen und absichern
also danke dir markusg, werde meinen pc dann neu aufsetzen danke für die klasse hielfe

Alt 28.05.2013, 10:23   #10
markusg
/// Malware-holic
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



Ich geb dir schon mal die Anleitung zum absichern, falls keine fragen zum neu aufsetzen sind.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.05.2013, 20:13   #11
uzge77
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



hallo markusg , soweit so gut habe mal einen teil geschafft , als broser möchte ich aber den ie10 nehmen oder den Firefox ,als antivirus habe ich im Moment noch Norton 30tage testversion

hast du mir dazu noch ein paar tips wegen der von mir genannten broser ?

Alt 29.05.2013, 20:23   #12
markusg
/// Malware-holic
 
Onlinebanking TESTÜBERWEISUNG - Standard

Onlinebanking TESTÜBERWEISUNG



Hi
ich würd wie gesagt emsisoft nemen, schon mal Chrome angesehen, bietet mehr Sicherheitsfeatures und sollte schneller seinb
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Onlinebanking TESTÜBERWEISUNG
appdata, browser, code, datei, dateien, desktop, ebanking, explorer, firefox, folge, google, helper, home, internet, internet browser, internet explorer, microsoft, mozilla, onlinebanking, ordner, registrierungsdatenbank, roaming, software, start, suche, virus, windows



Ähnliche Themen: Onlinebanking TESTÜBERWEISUNG


  1. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  2. Onlinebanking/Testüberweisung Badische Beamtenbank
    Log-Analyse und Auswertung - 12.04.2013 (9)
  3. Sparkassen Trojaner Testüberweisung
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (13)
  4. Sparkassen Trojaner Testüberweisung und Mitteilung von Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (9)
  5. Sicheres Onlinebanking?
    Diskussionsforum - 05.09.2012 (22)
  6. hermes_v01 - Onlinebanking
    Log-Analyse und Auswertung - 30.08.2012 (12)
  7. Sparkasse Testüberweisung Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.08.2012 (13)
  8. Trojaner OnlineBanking
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  9. Onlinebanking/Testüberweisung Trojaner
    Log-Analyse und Auswertung - 05.03.2012 (9)
  10. Onlinebanking auf Favoriten
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (3)
  11. 100 Tan Onlinebanking anfrage
    Log-Analyse und Auswertung - 23.06.2011 (5)
  12. Trojaner Onlinebanking, 20 TAN
    Plagegeister aller Art und deren Bekämpfung - 02.04.2011 (3)
  13. Onlinebanking im Ausland
    Antiviren-, Firewall- und andere Schutzprogramme - 17.11.2010 (1)
  14. 30 TAN bei Postban-Onlinebanking
    Plagegeister aller Art und deren Bekämpfung - 25.10.2010 (31)
  15. Sperrung Onlinebanking
    Log-Analyse und Auswertung - 20.09.2010 (17)
  16. OnlineBanking-Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (11)
  17. Fit für Onlinebanking?
    Log-Analyse und Auswertung - 30.05.2010 (4)

Zum Thema Onlinebanking TESTÜBERWEISUNG - hallo habe beim öffnen meines onlinebanking leider feststellen müssen da da was faul ist es kommt immer eine Überprüfung der Sicherheitseinstellungen und dann kommt was mit einer TESTÜBERWEISUNG nun habe - Onlinebanking TESTÜBERWEISUNG...
Archiv
Du betrachtest: Onlinebanking TESTÜBERWEISUNG auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.