| |
| |||||||
Log-Analyse und Auswertung: Onlinebanking TESTÜBERWEISUNGWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.05.2013, 17:16
| #1 |
| |  Onlinebanking TESTÜBERWEISUNG hallo habe beim öffnen meines onlinebanking leider feststellen müssen da da was faul ist es kommt immer eine Überprüfung der Sicherheitseinstellungen und dann kommt was mit einer TESTÜBERWEISUNG nun habe ich nachgeschaut und denke ich habe mir das was übles eingefangen ,leider möchte ich meinen pc nur sehr ungern platt machen und wäre über jede hilfe sehr dankbar. ich habe mal den AdwCleaner[R1] rüber gelaufen lassen der zeigt folgendes an Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 27/05/2013 um 17:55:53 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Master - MASTER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Master\Desktop\Virus\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\Program Files (x86)\facemoods.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gefunden : C:\Users\Master\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Master\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\Master\AppData\Roaming\DealPly
Ordner Gefunden : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\jc0nodlh.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\facemoods.com
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\Software\facemoods.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gefunden : HKU\S-1-5-21-4196069603-3239827548-4245751158-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKU\S-1-5-21-4196069603-3239827548-4245751158-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
-\\ Mozilla Firefox v11.0 (de)
Datei : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\jc0nodlh.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [13052 octets] - [27/05/2013 17:55:53]
########## EOF - C:\AdwCleaner[R1].txt - [13113 octets] ##########
|
|
27.05.2013, 17:18
| #2 |
| /// Malware-holic   | Onlinebanking TESTÜBERWEISUNG hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
27.05.2013, 17:37
| #3 |
| | Onlinebanking TESTÜBERWEISUNG danke markusg für die schnelle hilfe habe es mal so gemacht wie du schreibst
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2013 18:21:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Master\Desktop\Virus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 67,27% Memory free 7,86 Gb Paging File | 6,44 Gb Available in Paging File | 81,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,65 Gb Total Space | 350,51 Gb Free Space | 77,44% Space Free | Partition Type: NTFS Computer Name: MASTER-PC | User Name: Master | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.27 18:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Master\Desktop\Virus\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () -- C:\Users\Master\AppData\LocalLow\WOT\IE\WOTUpdater.exe PRC - [2011.08.23 07:52:13 | 000,229,888 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Master\AppData\Roaming\Amufwi\fady.exe PRC - [2010.06.10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 17:10:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 17:10:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 17:09:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.17 03:08:14 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.17 03:07:59 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.17 03:07:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.05.17 03:07:52 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.17 03:07:47 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.02.13 22:19:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.19 23:25:58 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.10 15:34:13 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll MOD - [2013.01.10 15:31:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 15:31:08 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 15:30:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 15:30:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 15:30:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.10 15:17:15 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.10 15:17:10 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.10 15:17:03 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.15 00:50:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.04.14 21:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device) SRV:64bit: - [2010.04.14 21:56:13 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2013.05.15 16:45:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.01.12 12:23:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Master\AppData\LocalLow\WOT\IE\WOTUpdater.exe -- (WOTUpdater) SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.10.23 23:21:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.04.23 10:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.04.14 21:56:13 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2010.04.14 21:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.07.11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2008.07.11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [1998.07.07 01:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.08.17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.08.17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.08.17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.02 08:11:36 | 001,593,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.01 03:52:04 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.09.02 05:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.07.11 07:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e727&r=27361010r305l0454z195r46n2r262 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {FBD8ED14-CC46-4362-8684-FCBEE6C14A29} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{EAE89F50-1E78-44A8-93AC-5105DC0E3034}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5C7E72A6-2E50-45B8-9AFE-B8C1CD1C6871&apn_sauid=502F0A6D-8AB9-4810-BED0-DC5C8DD53B0A& IE - HKCU\..\SearchScopes\{FBD8ED14-CC46-4362-8684-FCBEE6C14A29}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.1 FF - prefs.js..browser.search.defaultenginename: "Bing " FF - prefs.js..browser.search.selectedEngine: "Bing " FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q=" FF - prefs.js..browser.startup.homepage: "hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Master\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_5.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_5.0 [2011.11.20 16:35:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 13:52:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.12.24 17:00:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.20 16:35:25 | 000,000,000 | ---D | M] [2010.12.12 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Extensions [2010.12.12 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2013.05.27 17:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Firefox\Profiles\jc0nodlh.default\extensions [2012.06.15 18:37:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Master\AppData\Roaming\mozilla\Firefox\Profiles\jc0nodlh.default\extensions\wotstats@mywot.com [2010.12.12 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\Sunbird\Profiles\ny8qpuyh.default\extensions [2012.11.28 22:00:18 | 000,499,324 | ---- | M] () (No name found) -- C:\Users\Master\AppData\Roaming\mozilla\firefox\profiles\jc0nodlh.default\extensions\toolbar@gmx.net.xpi [2013.03.10 17:45:02 | 000,002,273 | ---- | M] () -- C:\Users\Master\AppData\Roaming\mozilla\firefox\profiles\jc0nodlh.default\searchplugins\bingp.xml [2012.10.27 12:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.07.03 09:03:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.18 08:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.27 12:45:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Master\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Error reading preferences file CHR - Extension: YouTube = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: WOT = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\ CHR - Extension: Google Mail = C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.03.21 19:29:55 | 000,001,153 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\Master\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.94\npchrome_frame.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\MSOcache\svchost.exe (Twain Working Group) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Dyoxb] C:\Users\Master\AppData\Roaming\Amufwi\fady.exe (Sysinternals - www.sysinternals.com) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\MSOcache\svchost.exe (Twain Working Group) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\MSOcache\svchost.exe (Twain Working Group) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8:64bit: - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8:64bit: - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8:64bit: - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CBBCE18-0DDD-41F0-A36C-F3272E307A94}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E09B060B-5E86-4BC3-9FCF-010CD911CC1A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\gcf - No CLSID value found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.94\npchrome_frame.dll (Google Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{68e9909b-ded7-11df-ad9e-88ae1d120418}\Shell - "" = AutoRun O33 - MountPoints2\{68e9909b-ded7-11df-ad9e-88ae1d120418}\Shell\AutoRun\command - "" = F:\DBstart.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Virus [2013.05.23 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Markenname [2013.05.17 03:01:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.17 03:01:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.17 03:01:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.17 03:01:30 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.17 03:01:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.17 03:01:30 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.17 03:01:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.17 03:01:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.17 03:01:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.17 03:01:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.17 03:01:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.17 03:01:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.17 03:01:26 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.17 03:01:26 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.17 03:01:26 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Suoqno [2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Nitic [2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Amufwi [2013.05.16 18:27:48 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.16 18:27:48 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.16 18:27:38 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.16 18:27:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.16 18:27:37 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.16 18:27:37 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.16 18:27:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.09 16:38:34 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Neuer Ordner [2013.05.06 19:17:35 | 000,000,000 | ---D | C] -- C:\Users\Master\Desktop\Links-alt [2013.05.01 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Xuseux [2013.05.01 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Noyc [2013.05.01 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Imvi [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2013.05.27 18:21:09 | 000,000,848 | ---- | M] () -- C:\Users\Master\Desktop\Onlinebanking-Testüberweisung Badische Beamtenbank - Trojaner-Board.website [2013.05.27 18:07:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 18:07:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 17:59:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.27 17:59:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.27 17:59:19 | 3166,150,656 | -HS- | M] () -- C:\hiberfil.sys [2013.05.27 17:49:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.27 17:27:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.27 16:45:35 | 000,002,005 | ---- | M] () -- C:\Users\Master\Desktop\Avira DE-Cleaner.lnk [2013.05.26 17:53:41 | 000,000,493 | ---- | M] () -- C:\Users\Master\Desktop\Garnelenforum.website [2013.05.26 08:30:27 | 000,263,676 | ---- | M] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013 [2013.05.26 08:30:21 | 000,263,548 | ---- | M] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013_Backup [2013.05.21 19:34:26 | 000,000,855 | ---- | M] () -- C:\Users\Master\Desktop\10x OSRAM Glühlampe 12V 60-55W H4 10 Stück GLÜHBIRNE BIRNE LAMPE KFZ Auto 64193 eBay.website [2013.05.21 19:33:20 | 000,000,545 | ---- | M] () -- C:\Users\Master\Desktop\H4 Stecker Anschluss Fassung Sockel Lampensockel P43t Auto Kabel KFZ plug eBay.website [2013.05.21 16:06:33 | 001,657,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.21 16:06:33 | 000,715,448 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.21 16:06:33 | 000,666,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.21 16:06:33 | 000,155,464 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.21 16:06:33 | 000,125,676 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.17 17:03:37 | 004,982,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 16:45:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 16:45:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 13:31:48 | 000,000,861 | ---- | M] () -- C:\Users\Master\Desktop\Navi CD für Mercedes Comand APS 2.0 2.5 DX Deutschland E W210 ML W163 2012 2013 eBay.website [2013.05.14 09:28:02 | 000,149,551 | ---- | M] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012 [2013.05.12 17:13:49 | 000,148,047 | ---- | M] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012_Backup [2013.05.10 22:24:39 | 000,016,858 | ---- | M] () -- C:\Users\Master\Documents\easyct.ini [2013.05.09 21:14:32 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk [2013.05.06 17:22:42 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Fotosizer.lnk [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2013.05.27 17:55:14 | 000,000,848 | ---- | C] () -- C:\Users\Master\Desktop\Onlinebanking-Testüberweisung Badische Beamtenbank - Trojaner-Board.website [2013.05.27 16:45:35 | 000,002,005 | ---- | C] () -- C:\Users\Master\Desktop\Avira DE-Cleaner.lnk [2013.05.26 10:08:12 | 000,000,493 | ---- | C] () -- C:\Users\Master\Desktop\Garnelenforum.website [2013.05.21 19:34:26 | 000,000,855 | ---- | C] () -- C:\Users\Master\Desktop\10x OSRAM Glühlampe 12V 60-55W H4 10 Stück GLÜHBIRNE BIRNE LAMPE KFZ Auto 64193 eBay.website [2013.05.21 19:33:20 | 000,000,545 | ---- | C] () -- C:\Users\Master\Desktop\H4 Stecker Anschluss Fassung Sockel Lampensockel P43t Auto Kabel KFZ plug eBay.website [2013.05.20 08:45:32 | 000,263,676 | ---- | C] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013 [2013.05.20 08:45:32 | 000,263,548 | ---- | C] () -- C:\Users\Master\Desktop\20.5-eur-2013-us.GewErfass2013_Backup [2013.05.15 13:31:48 | 000,000,861 | ---- | C] () -- C:\Users\Master\Desktop\Navi CD für Mercedes Comand APS 2.0 2.5 DX Deutschland E W210 ML W163 2012 2013 eBay.website [2013.05.09 22:48:06 | 000,149,551 | ---- | C] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012 [2013.05.09 22:48:06 | 000,148,047 | ---- | C] () -- C:\Users\Master\Desktop\gewerbe-us-2013.Gew2012_Backup [2013.05.06 17:22:42 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Fotosizer.lnk [2013.03.23 17:50:32 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.03.23 17:50:32 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.04.09 18:26:29 | 000,002,797 | ---- | C] () -- C:\Users\Master\.recently-used.xbel [2012.04.02 10:21:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.04.02 10:21:31 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.01.21 20:20:18 | 000,000,052 | ---- | C] () -- C:\Windows\seumain.INI [2012.01.21 20:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\KHKSManC.INI [2011.11.01 17:27:46 | 000,000,030 | ---- | C] () -- C:\Windows\AMSrv.ini [2011.10.31 23:50:56 | 000,001,349 | ---- | C] () -- C:\Windows\WinPlace.INI [2011.10.30 13:31:58 | 000,000,031 | ---- | C] () -- C:\Windows\DeskCalc.INI [2011.08.30 09:41:45 | 000,038,425 | ---- | C] () -- C:\Users\Master\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR [2011.08.29 21:48:06 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.29 21:47:24 | 003,166,208 | -H-- | C] () -- C:\Users\Master\AppData\Roaming\SystemDriver.exe [2011.08.12 23:28:50 | 000,015,602 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI [2011.08.10 08:17:08 | 001,868,944 | ---- | C] () -- C:\Windows\SysWow64\RSA32_16.DLL [2011.07.26 18:46:48 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll [2011.07.26 18:46:48 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll [2011.07.26 18:46:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll [2011.07.26 18:46:47 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll [2011.07.26 18:46:47 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll [2011.07.26 18:46:47 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll [2011.07.26 18:46:47 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll [2011.07.26 18:46:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll [2011.07.26 18:46:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll [2011.07.26 18:46:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll [2011.07.26 18:46:46 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll [2011.07.26 18:46:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll [2011.07.26 18:46:45 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll [2011.07.26 18:46:45 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll [2011.07.26 18:46:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll [2011.07.26 18:46:44 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll [2011.07.26 18:46:44 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe [2011.07.26 18:46:43 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe [2011.07.26 18:46:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll [2011.07.26 18:46:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll [2011.07.26 18:46:41 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe [2011.07.26 18:44:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll [2011.07.26 18:44:05 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll [2011.06.23 08:44:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.02 14:29:13 | 000,066,670 | ---- | C] () -- C:\Users\Master\AppData\Roaming\mdbu.bin [2010.11.11 23:31:36 | 000,014,848 | ---- | C] () -- C:\Users\Master\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{4cb4f03e-d584-e2a1-06b2-bb992d0cf7dd}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4cb4f03e-d584-e2a1-06b2-bb992d0cf7dd}\L [2013.02.16 15:32:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4cb4f03e-d584-e2a1-06b2-bb992d0cf7dd}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/CODE] Geändert von uzge77 (27.05.2013 um 17:41 Uhr) Grund: habe einen fehler gemacht mache nochmal einen scann sorry |
|
27.05.2013, 18:00
| #4 |
| /// Malware-holic | Onlinebanking TESTÜBERWEISUNG Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Dyoxb] C:\Users\Master\AppData\Roaming\Amufwi\fady.exe (Sysinternals - www.sysinternals.com)
[2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Suoqno
[2013.05.16 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Master\AppData\Roaming\Nitic
:files
C:\Users\Master\AppData\Roaming\Amufwi
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 18:17
| #5 | |
| | Onlinebanking TESTÜBERWEISUNGZitat:
 |
|
27.05.2013, 18:20
| #6 |
| /// Malware-holic | Onlinebanking TESTÜBERWEISUNG THX Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Onlinebanking TESTÜBERWEISUNG |
|
27.05.2013, 18:28
| #7 |
| | Onlinebanking TESTÜBERWEISUNG also hier mal das Ergebnis vom TDSSKiller Code:
ATTFilter
19:24:57.0515 4624 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:24:57.0796 4624 ============================================================
19:24:57.0796 4624 Current date / time: 2013/05/27 19:24:57.0796
19:24:57.0796 4624 SystemInfo:
19:24:57.0796 4624
19:24:57.0796 4624 OS Version: 6.1.7601 ServicePack: 1.0
19:24:57.0796 4624 Product type: Workstation
19:24:57.0796 4624 ComputerName: MASTER-PC
19:24:57.0796 4624 UserName: Master
19:24:57.0796 4624 Windows directory: C:\Windows
19:24:57.0796 4624 System windows directory: C:\Windows
19:24:57.0796 4624 Running under WOW64
19:24:57.0796 4624 Processor architecture: Intel x64
19:24:57.0796 4624 Number of processors: 2
19:24:57.0796 4624 Page size: 0x1000
19:24:57.0796 4624 Boot type: Normal boot
19:24:57.0796 4624 ============================================================
19:24:58.0700 4624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:58.0763 4624 ============================================================
19:24:58.0763 4624 \Device\Harddisk0\DR0:
19:24:58.0763 4624 MBR partitions:
19:24:58.0763 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A03C22, BlocksNum 0x32FCD
19:24:58.0763 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A36BEF, BlocksNum 0x3894EC41
19:24:58.0763 4624 ============================================================
19:24:58.0841 4624 C: <-> \Device\Harddisk0\DR0\Partition2
19:24:58.0841 4624 ============================================================
19:24:58.0841 4624 Initialize success
19:24:58.0841 4624 ============================================================
19:25:36.0503 3840 ============================================================
19:25:36.0503 3840 Scan started
19:25:36.0503 3840 Mode: Manual; SigCheck; TDLFS;
19:25:36.0503 3840 ============================================================
19:25:36.0784 3840 ================ Scan system memory ========================
19:25:36.0784 3840 System memory - ok
19:25:36.0784 3840 ================ Scan services =============================
19:25:36.0986 3840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:25:37.0064 3840 1394ohci - ok
19:25:37.0205 3840 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
19:25:37.0220 3840 AAV UpdateService - ok
19:25:37.0283 3840 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
19:25:38.0546 3840 acedrv11 - ok
19:25:38.0609 3840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:25:38.0640 3840 ACPI - ok
19:25:38.0718 3840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:25:38.0765 3840 AcpiPmi - ok
19:25:38.0905 3840 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:25:38.0921 3840 AdobeARMservice - ok
19:25:39.0046 3840 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:25:39.0061 3840 AdobeFlashPlayerUpdateSvc - ok
19:25:39.0124 3840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:25:39.0139 3840 adp94xx - ok
19:25:39.0170 3840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:25:39.0202 3840 adpahci - ok
19:25:39.0217 3840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:25:39.0233 3840 adpu320 - ok
19:25:39.0280 3840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:25:39.0326 3840 AeLookupSvc - ok
19:25:39.0389 3840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:25:39.0451 3840 AFD - ok
19:25:39.0498 3840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:25:39.0514 3840 agp440 - ok
19:25:39.0560 3840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:25:39.0592 3840 ALG - ok
19:25:39.0654 3840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:25:39.0670 3840 aliide - ok
19:25:39.0732 3840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:25:39.0748 3840 amdide - ok
19:25:39.0779 3840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:25:39.0810 3840 AmdK8 - ok
19:25:39.0826 3840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:25:39.0888 3840 AmdPPM - ok
19:25:39.0950 3840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:25:39.0982 3840 amdsata - ok
19:25:40.0013 3840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:25:40.0044 3840 amdsbs - ok
19:25:40.0060 3840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:25:40.0075 3840 amdxata - ok
19:25:40.0138 3840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:25:40.0216 3840 AppID - ok
19:25:40.0247 3840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:25:40.0325 3840 AppIDSvc - ok
19:25:40.0372 3840 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:25:40.0450 3840 Appinfo - ok
19:25:40.0481 3840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:25:40.0512 3840 arc - ok
19:25:40.0543 3840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:25:40.0574 3840 arcsas - ok
19:25:40.0606 3840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:25:40.0684 3840 AsyncMac - ok
19:25:40.0746 3840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:25:40.0762 3840 atapi - ok
19:25:40.0824 3840 [ 5074CCA8927D5ED5D102EC48BB771E3F ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:25:40.0855 3840 athr - ok
19:25:40.0902 3840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:25:40.0980 3840 AudioEndpointBuilder - ok
19:25:40.0996 3840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:25:41.0042 3840 AudioSrv - ok
19:25:41.0089 3840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:25:41.0167 3840 AxInstSV - ok
19:25:41.0245 3840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:25:41.0308 3840 b06bdrv - ok
19:25:41.0354 3840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:25:41.0417 3840 b57nd60a - ok
19:25:41.0510 3840 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:25:41.0604 3840 BCM43XX - ok
19:25:41.0635 3840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:25:41.0651 3840 BDESVC - ok
19:25:41.0698 3840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:25:41.0744 3840 Beep - ok
19:25:41.0807 3840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:25:41.0900 3840 BFE - ok
19:25:41.0947 3840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:25:42.0056 3840 BITS - ok
19:25:42.0088 3840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:25:42.0119 3840 blbdrive - ok
19:25:42.0150 3840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:25:42.0166 3840 bowser - ok
19:25:42.0197 3840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:25:42.0259 3840 BrFiltLo - ok
19:25:42.0290 3840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:25:42.0306 3840 BrFiltUp - ok
19:25:42.0337 3840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:25:42.0368 3840 Browser - ok
19:25:42.0400 3840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:25:42.0446 3840 Brserid - ok
19:25:42.0462 3840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:25:42.0493 3840 BrSerWdm - ok
19:25:42.0524 3840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:25:42.0556 3840 BrUsbMdm - ok
19:25:42.0587 3840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:25:42.0618 3840 BrUsbSer - ok
19:25:42.0727 3840 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
19:25:42.0743 3840 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
19:25:42.0743 3840 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
19:25:42.0758 3840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:25:42.0805 3840 BTHMODEM - ok
19:25:42.0852 3840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:25:42.0914 3840 bthserv - ok
19:25:42.0961 3840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:25:43.0008 3840 cdfs - ok
19:25:43.0070 3840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:25:43.0086 3840 cdrom - ok
19:25:43.0133 3840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:25:43.0180 3840 CertPropSvc - ok
19:25:43.0226 3840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:25:43.0258 3840 circlass - ok
19:25:43.0289 3840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:25:43.0320 3840 CLFS - ok
19:25:43.0382 3840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:43.0414 3840 clr_optimization_v2.0.50727_32 - ok
19:25:43.0460 3840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:25:43.0476 3840 clr_optimization_v2.0.50727_64 - ok
19:25:43.0554 3840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:25:43.0585 3840 clr_optimization_v4.0.30319_32 - ok
19:25:43.0616 3840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:25:43.0632 3840 clr_optimization_v4.0.30319_64 - ok
19:25:43.0663 3840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:25:43.0694 3840 CmBatt - ok
19:25:43.0710 3840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:25:43.0726 3840 cmdide - ok
19:25:43.0772 3840 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:25:43.0788 3840 CNG - ok
19:25:43.0819 3840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:25:43.0835 3840 Compbatt - ok
19:25:43.0866 3840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:25:43.0913 3840 CompositeBus - ok
19:25:43.0928 3840 COMSysApp - ok
19:25:43.0944 3840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:25:43.0960 3840 crcdisk - ok
19:25:44.0022 3840 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:25:44.0053 3840 CryptSvc - ok
19:25:44.0100 3840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:25:44.0147 3840 DcomLaunch - ok
19:25:44.0178 3840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:25:44.0225 3840 defragsvc - ok
19:25:44.0256 3840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:25:44.0334 3840 DfsC - ok
19:25:44.0365 3840 dgderdrv - ok
19:25:44.0428 3840 [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:25:44.0443 3840 dg_ssudbus - ok
19:25:44.0506 3840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:25:44.0552 3840 Dhcp - ok
19:25:44.0584 3840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:25:44.0630 3840 discache - ok
19:25:44.0677 3840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:25:44.0693 3840 Disk - ok
19:25:44.0740 3840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:25:44.0771 3840 Dnscache - ok
19:25:44.0833 3840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:25:44.0896 3840 dot3svc - ok
19:25:44.0911 3840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:25:44.0958 3840 DPS - ok
19:25:45.0005 3840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:25:45.0036 3840 drmkaud - ok
19:25:45.0083 3840 [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:25:45.0114 3840 DsiWMIService - ok
19:25:45.0161 3840 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:25:45.0176 3840 DXGKrnl - ok
19:25:45.0208 3840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:25:45.0270 3840 EapHost - ok
19:25:45.0348 3840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:25:45.0473 3840 ebdrv - ok
19:25:45.0520 3840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:25:45.0535 3840 EFS - ok
19:25:45.0598 3840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:25:45.0660 3840 ehRecvr - ok
19:25:45.0691 3840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:25:45.0707 3840 ehSched - ok
19:25:45.0754 3840 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:25:45.0769 3840 ElbyCDIO - ok
19:25:45.0816 3840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:25:45.0832 3840 elxstor - ok
19:25:45.0956 3840 [ 09DDC2D4724A4FF844F738B60E63D872 ] ePowerSvc C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
19:25:45.0988 3840 ePowerSvc - ok
19:25:46.0019 3840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:25:46.0050 3840 ErrDev - ok
19:25:46.0097 3840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:25:46.0159 3840 EventSystem - ok
19:25:46.0190 3840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:25:46.0222 3840 exfat - ok
19:25:46.0253 3840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:25:46.0315 3840 fastfat - ok
19:25:46.0362 3840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:25:46.0424 3840 Fax - ok
19:25:46.0440 3840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:25:46.0456 3840 fdc - ok
19:25:46.0487 3840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:25:46.0534 3840 fdPHost - ok
19:25:46.0549 3840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:25:46.0596 3840 FDResPub - ok
19:25:46.0627 3840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:25:46.0643 3840 FileInfo - ok
19:25:46.0658 3840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:25:46.0721 3840 Filetrace - ok
19:25:46.0916 3840 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:25:46.0942 3840 FLEXnet Licensing Service - ok
19:25:46.0995 3840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:25:47.0027 3840 flpydisk - ok
19:25:47.0063 3840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:25:47.0080 3840 FltMgr - ok
19:25:47.0145 3840 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:25:47.0182 3840 FontCache - ok
19:25:47.0229 3840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:25:47.0240 3840 FontCache3.0.0.0 - ok
19:25:47.0271 3840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:25:47.0284 3840 FsDepends - ok
19:25:47.0378 3840 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
19:25:47.0395 3840 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:25:47.0395 3840 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:25:47.0431 3840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:25:47.0444 3840 Fs_Rec - ok
19:25:47.0487 3840 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:25:47.0507 3840 fvevol - ok
19:25:47.0542 3840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:25:47.0556 3840 gagp30kx - ok
19:25:47.0606 3840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:25:47.0671 3840 gpsvc - ok
19:25:47.0784 3840 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
19:25:47.0800 3840 GREGService - ok
19:25:47.0913 3840 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:47.0934 3840 gupdate - ok
19:25:48.0013 3840 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:25:48.0032 3840 gupdatem - ok
19:25:48.0108 3840 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:25:48.0134 3840 gusvc - ok
19:25:48.0153 3840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:25:48.0182 3840 hcw85cir - ok
19:25:48.0253 3840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:25:48.0276 3840 HdAudAddService - ok
19:25:48.0310 3840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:25:48.0329 3840 HDAudBus - ok
19:25:48.0348 3840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:25:48.0378 3840 HidBatt - ok
19:25:48.0418 3840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:25:48.0453 3840 HidBth - ok
19:25:48.0477 3840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:25:48.0500 3840 HidIr - ok
19:25:48.0523 3840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:25:48.0583 3840 hidserv - ok
19:25:48.0655 3840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:25:48.0675 3840 HidUsb - ok
19:25:48.0738 3840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:25:48.0803 3840 hkmsvc - ok
19:25:48.0843 3840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:25:48.0884 3840 HomeGroupListener - ok
19:25:48.0919 3840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:25:48.0949 3840 HomeGroupProvider - ok
19:25:48.0999 3840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:25:49.0014 3840 HpSAMD - ok
19:25:49.0060 3840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:25:49.0115 3840 HTTP - ok
19:25:49.0148 3840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:25:49.0160 3840 hwpolicy - ok
19:25:49.0222 3840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:25:49.0248 3840 i8042prt - ok
19:25:49.0293 3840 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:25:49.0317 3840 iaStor - ok
19:25:49.0366 3840 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:25:49.0390 3840 IAStorDataMgrSvc - ok
19:25:49.0431 3840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:25:49.0453 3840 iaStorV - ok
19:25:49.0554 3840 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:25:49.0578 3840 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:25:49.0578 3840 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:25:49.0625 3840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:25:49.0653 3840 idsvc - ok
19:25:49.0840 3840 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:25:50.0055 3840 igfx - ok
19:25:50.0112 3840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:25:50.0136 3840 iirsp - ok
19:25:50.0189 3840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:25:50.0250 3840 IKEEXT - ok
19:25:50.0325 3840 [ 1768CCC0CCDA73A5B3D7A17A3C52E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:25:50.0368 3840 IntcAzAudAddService - ok
19:25:50.0400 3840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:25:50.0413 3840 intelide - ok
19:25:50.0453 3840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:25:50.0491 3840 intelppm - ok
19:25:50.0522 3840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:25:50.0586 3840 IPBusEnum - ok
19:25:50.0619 3840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:25:50.0665 3840 IpFilterDriver - ok
19:25:50.0705 3840 [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
19:25:50.0745 3840 IpHlpSvc - ok
19:25:50.0781 3840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:25:50.0798 3840 IPMIDRV - ok
19:25:50.0845 3840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:25:50.0899 3840 IPNAT - ok
19:25:50.0919 3840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:25:50.0952 3840 IRENUM - ok
19:25:50.0985 3840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:25:51.0000 3840 isapnp - ok
19:25:51.0034 3840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:25:51.0052 3840 iScsiPrt - ok
19:25:51.0077 3840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:25:51.0091 3840 kbdclass - ok
19:25:51.0130 3840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:25:51.0146 3840 kbdhid - ok
19:25:51.0177 3840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:25:51.0193 3840 KeyIso - ok
19:25:51.0224 3840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:25:51.0240 3840 KSecDD - ok
19:25:51.0255 3840 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:25:51.0271 3840 KSecPkg - ok
19:25:51.0302 3840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:25:51.0349 3840 ksthunk - ok
19:25:51.0396 3840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:25:51.0442 3840 KtmRm - ok
19:25:51.0474 3840 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:25:51.0505 3840 L1C - ok
19:25:51.0552 3840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:25:51.0614 3840 LanmanServer - ok
19:25:51.0645 3840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:25:51.0723 3840 LanmanWorkstation - ok
19:25:51.0770 3840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:25:51.0801 3840 lltdio - ok
19:25:51.0848 3840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:25:51.0910 3840 lltdsvc - ok
19:25:51.0926 3840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:25:51.0957 3840 lmhosts - ok
19:25:52.0004 3840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:25:52.0020 3840 LSI_FC - ok
19:25:52.0035 3840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:25:52.0051 3840 LSI_SAS - ok
19:25:52.0066 3840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:25:52.0082 3840 LSI_SAS2 - ok
19:25:52.0129 3840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:25:52.0144 3840 LSI_SCSI - ok
19:25:52.0191 3840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:25:52.0254 3840 luafv - ok
19:25:52.0347 3840 [ F6963E48385A5637FC4E51DC0F8234A0 ] lxebCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
19:25:52.0378 3840 lxebCATSCustConnectService - ok
19:25:52.0441 3840 lxeb_device - ok
19:25:52.0519 3840 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
19:25:52.0550 3840 McComponentHostService - ok
19:25:52.0581 3840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:25:52.0612 3840 Mcx2Svc - ok
19:25:52.0628 3840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:25:52.0644 3840 megasas - ok
19:25:52.0675 3840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:25:52.0690 3840 MegaSR - ok
19:25:52.0784 3840 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:25:52.0800 3840 Microsoft Office Groove Audit Service - ok
19:25:52.0846 3840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:25:52.0909 3840 MMCSS - ok
19:25:52.0940 3840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:25:52.0987 3840 Modem - ok
19:25:53.0018 3840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:25:53.0034 3840 monitor - ok
19:25:53.0065 3840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:25:53.0080 3840 mouclass - ok
19:25:53.0112 3840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:25:53.0127 3840 mouhid - ok
19:25:53.0158 3840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:25:53.0174 3840 mountmgr - ok
19:25:53.0221 3840 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:25:53.0252 3840 MpFilter - ok
19:25:53.0283 3840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:25:53.0299 3840 mpio - ok
19:25:53.0330 3840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:25:53.0377 3840 mpsdrv - ok
19:25:53.0408 3840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:25:53.0486 3840 MpsSvc - ok
19:25:53.0517 3840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:25:53.0548 3840 MRxDAV - ok
19:25:53.0580 3840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:25:53.0611 3840 mrxsmb - ok
19:25:53.0658 3840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:25:53.0689 3840 mrxsmb10 - ok
19:25:53.0720 3840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:25:53.0751 3840 mrxsmb20 - ok
19:25:53.0814 3840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:25:53.0829 3840 msahci - ok
19:25:53.0876 3840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:25:53.0892 3840 msdsm - ok
19:25:53.0907 3840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:25:53.0938 3840 MSDTC - ok
19:25:53.0970 3840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:25:54.0016 3840 Msfs - ok
19:25:54.0032 3840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:25:54.0079 3840 mshidkmdf - ok
19:25:54.0110 3840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:25:54.0126 3840 msisadrv - ok
19:25:54.0157 3840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:25:54.0204 3840 MSiSCSI - ok
19:25:54.0204 3840 msiserver - ok
19:25:54.0250 3840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:25:54.0282 3840 MSKSSRV - ok
19:25:54.0406 3840 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:25:54.0438 3840 MsMpSvc - ok
19:25:54.0469 3840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:25:54.0516 3840 MSPCLOCK - ok
19:25:54.0531 3840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:25:54.0578 3840 MSPQM - ok
19:25:54.0625 3840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:25:54.0640 3840 MsRPC - ok
19:25:54.0687 3840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:25:54.0703 3840 mssmbios - ok
19:25:54.0796 3840 MSSQL$SQLEXPRESS - ok
19:25:54.0843 3840 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:25:54.0859 3840 MSSQLServerADHelper - ok
19:25:54.0906 3840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:25:54.0952 3840 MSTEE - ok
19:25:54.0968 3840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:25:54.0984 3840 MTConfig - ok
19:25:54.0999 3840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:25:55.0015 3840 Mup - ok
19:25:55.0062 3840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:25:55.0124 3840 napagent - ok
19:25:55.0171 3840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:25:55.0202 3840 NativeWifiP - ok
19:25:55.0264 3840 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:25:55.0327 3840 NDIS - ok
19:25:55.0358 3840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:25:55.0405 3840 NdisCap - ok
19:25:55.0436 3840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:25:55.0483 3840 NdisTapi - ok
19:25:55.0530 3840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:25:55.0576 3840 Ndisuio - ok
19:25:55.0623 3840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:25:55.0670 3840 NdisWan - ok
19:25:55.0701 3840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:25:55.0764 3840 NDProxy - ok
19:25:55.0795 3840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:25:55.0842 3840 NetBIOS - ok
19:25:55.0888 3840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:25:55.0920 3840 NetBT - ok
19:25:55.0935 3840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:25:55.0951 3840 Netlogon - ok
19:25:55.0998 3840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:25:56.0060 3840 Netman - ok
19:25:56.0091 3840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:25:56.0138 3840 netprofm - ok
19:25:56.0169 3840 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:25:56.0185 3840 NetTcpPortSharing - ok
19:25:56.0232 3840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:25:56.0247 3840 nfrd960 - ok
19:25:56.0294 3840 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:25:56.0325 3840 NisDrv - ok
19:25:56.0388 3840 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:25:56.0434 3840 NisSrv - ok
19:25:56.0466 3840 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:25:56.0497 3840 NlaSvc - ok
19:25:56.0528 3840 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
19:25:56.0575 3840 nmwcd - ok
19:25:56.0590 3840 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
19:25:56.0637 3840 nmwcdc - ok
19:25:56.0653 3840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:25:56.0684 3840 Npfs - ok
19:25:56.0715 3840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:25:56.0778 3840 nsi - ok
19:25:56.0809 3840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:25:56.0856 3840 nsiproxy - ok
19:25:56.0918 3840 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:25:56.0996 3840 Ntfs - ok
19:25:57.0043 3840 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:25:57.0058 3840 NTIBackupSvc - ok
19:25:57.0074 3840 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
19:25:57.0074 3840 NTIDrvr - ok
19:25:57.0105 3840 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:25:57.0152 3840 NTISchedulerSvc - ok
19:25:57.0183 3840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:25:57.0230 3840 Null - ok
19:25:57.0277 3840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:25:57.0292 3840 nvraid - ok
19:25:57.0308 3840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:25:57.0324 3840 nvstor - ok
19:25:57.0370 3840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:25:57.0386 3840 nv_agp - ok
19:25:57.0448 3840 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:25:57.0495 3840 odserv - ok
19:25:57.0526 3840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:25:57.0558 3840 ohci1394 - ok
19:25:57.0620 3840 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:57.0636 3840 ose - ok
19:25:57.0667 3840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:25:57.0698 3840 p2pimsvc - ok
19:25:57.0729 3840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:25:57.0745 3840 p2psvc - ok
19:25:57.0776 3840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:25:57.0792 3840 Parport - ok
19:25:57.0823 3840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:25:57.0838 3840 partmgr - ok
19:25:57.0854 3840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:25:57.0885 3840 PcaSvc - ok
19:25:57.0932 3840 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:25:57.0948 3840 pccsmcfd - ok
19:25:57.0979 3840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:25:58.0010 3840 pci - ok
19:25:58.0010 3840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:25:58.0026 3840 pciide - ok
19:25:58.0057 3840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:25:58.0072 3840 pcmcia - ok
19:25:58.0088 3840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:25:58.0104 3840 pcw - ok
19:25:58.0119 3840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:25:58.0182 3840 PEAUTH - ok
19:25:58.0275 3840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:25:58.0306 3840 PerfHost - ok
19:25:58.0384 3840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:25:58.0509 3840 pla - ok
19:25:58.0572 3840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:25:58.0618 3840 PlugPlay - ok
19:25:58.0634 3840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:25:58.0665 3840 PNRPAutoReg - ok
19:25:58.0696 3840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:25:58.0712 3840 PNRPsvc - ok
19:25:58.0759 3840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:25:58.0806 3840 PolicyAgent - ok
19:25:58.0837 3840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:25:58.0899 3840 Power - ok
19:25:58.0946 3840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:25:59.0008 3840 PptpMiniport - ok
19:25:59.0071 3840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:25:59.0086 3840 Processor - ok
19:25:59.0133 3840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:25:59.0149 3840 ProfSvc - ok
19:25:59.0164 3840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:25:59.0180 3840 ProtectedStorage - ok
19:25:59.0227 3840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:25:59.0289 3840 Psched - ok
19:25:59.0336 3840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:25:59.0414 3840 ql2300 - ok
19:25:59.0445 3840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:25:59.0461 3840 ql40xx - ok
19:25:59.0492 3840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:25:59.0508 3840 QWAVE - ok
19:25:59.0523 3840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:25:59.0554 3840 QWAVEdrv - ok
19:25:59.0570 3840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:25:59.0632 3840 RasAcd - ok
19:25:59.0664 3840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:25:59.0710 3840 RasAgileVpn - ok
19:25:59.0726 3840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:25:59.0773 3840 RasAuto - ok
19:25:59.0804 3840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:25:59.0866 3840 Rasl2tp - ok
19:25:59.0913 3840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:25:59.0976 3840 RasMan - ok
19:26:00.0007 3840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:00.0054 3840 RasPppoe - ok
19:26:00.0085 3840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:26:00.0132 3840 RasSstp - ok
19:26:00.0178 3840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:26:00.0225 3840 rdbss - ok
19:26:00.0256 3840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:26:00.0288 3840 rdpbus - ok
19:26:00.0303 3840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:00.0350 3840 RDPCDD - ok
19:26:00.0381 3840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:26:00.0428 3840 RDPENCDD - ok
19:26:00.0459 3840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:26:00.0490 3840 RDPREFMP - ok
19:26:00.0568 3840 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:26:00.0584 3840 RdpVideoMiniport - ok
19:26:00.0631 3840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:26:00.0662 3840 RDPWD - ok
19:26:00.0693 3840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:26:00.0709 3840 rdyboost - ok
19:26:00.0740 3840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:26:00.0787 3840 RemoteAccess - ok
19:26:00.0818 3840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:26:00.0880 3840 RemoteRegistry - ok
19:26:00.0896 3840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:26:00.0927 3840 RpcEptMapper - ok
19:26:00.0958 3840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:26:00.0990 3840 RpcLocator - ok
19:26:01.0021 3840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:26:01.0068 3840 RpcSs - ok
19:26:01.0114 3840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:26:01.0161 3840 rspndr - ok
19:26:01.0192 3840 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:26:01.0208 3840 RSUSBSTOR - ok
19:26:01.0224 3840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:26:01.0239 3840 SamSs - ok
19:26:01.0286 3840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:26:01.0286 3840 sbp2port - ok
19:26:01.0317 3840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:26:01.0364 3840 SCardSvr - ok
19:26:01.0395 3840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:26:01.0442 3840 scfilter - ok
19:26:01.0489 3840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:26:01.0582 3840 Schedule - ok
19:26:01.0614 3840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:26:01.0645 3840 SCPolicySvc - ok
19:26:01.0692 3840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:26:01.0723 3840 SDRSVC - ok
19:26:01.0738 3840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:26:01.0801 3840 secdrv - ok
19:26:01.0832 3840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:26:01.0879 3840 seclogon - ok
19:26:01.0910 3840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:26:01.0972 3840 SENS - ok
19:26:01.0988 3840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:26:02.0004 3840 SensrSvc - ok
19:26:02.0050 3840 [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
19:26:02.0674 3840 Sentinel64 - ok
19:26:02.0768 3840 [ A9EEB7B09B898A53EC8B7063B923AC32 ] SentinelKeysServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
19:26:02.0862 3840 SentinelKeysServer - ok
19:26:02.0940 3840 [ FD8723219C907C7AB753C93334FA4610 ] SentinelProtectionServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
19:26:04.0344 3840 SentinelProtectionServer - ok
19:26:04.0390 3840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:26:04.0390 3840 Serenum - ok
19:26:04.0422 3840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:26:04.0453 3840 Serial - ok
19:26:04.0500 3840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:26:04.0515 3840 sermouse - ok
19:26:04.0593 3840 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:26:04.0640 3840 ServiceLayer - ok
19:26:04.0687 3840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:26:04.0734 3840 SessionEnv - ok
19:26:04.0765 3840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:26:04.0812 3840 sffdisk - ok
19:26:04.0827 3840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:26:04.0858 3840 sffp_mmc - ok
19:26:04.0874 3840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:26:04.0905 3840 sffp_sd - ok
19:26:04.0936 3840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:26:04.0952 3840 sfloppy - ok
19:26:04.0983 3840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:26:05.0030 3840 SharedAccess - ok
19:26:05.0077 3840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:26:05.0124 3840 ShellHWDetection - ok
19:26:05.0155 3840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:26:05.0170 3840 SiSRaid2 - ok
19:26:05.0202 3840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:26:05.0217 3840 SiSRaid4 - ok
19:26:05.0233 3840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:26:05.0326 3840 Smb - ok
19:26:05.0373 3840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:26:05.0404 3840 SNMPTRAP - ok
19:26:05.0436 3840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:26:05.0451 3840 spldr - ok
19:26:05.0498 3840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:26:05.0545 3840 Spooler - ok
19:26:05.0638 3840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:26:05.0810 3840 sppsvc - ok
19:26:05.0841 3840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:26:05.0904 3840 sppuinotify - ok
19:26:05.0982 3840 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:26:06.0013 3840 SQLBrowser - ok
19:26:06.0060 3840 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:26:06.0091 3840 SQLWriter - ok
19:26:06.0122 3840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:26:06.0169 3840 srv - ok
19:26:06.0216 3840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:26:06.0262 3840 srv2 - ok
19:26:06.0309 3840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:26:06.0325 3840 srvnet - ok
19:26:06.0356 3840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:26:06.0418 3840 SSDPSRV - ok
19:26:06.0434 3840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:26:06.0481 3840 SstpSvc - ok
19:26:06.0543 3840 [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:26:06.0559 3840 ssudmdm - ok
19:26:06.0574 3840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:26:06.0590 3840 stexstor - ok
19:26:06.0652 3840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:26:06.0699 3840 stisvc - ok
19:26:06.0746 3840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:26:06.0762 3840 swenum - ok
19:26:06.0824 3840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:26:06.0871 3840 swprv - ok
19:26:06.0918 3840 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:26:06.0933 3840 SynTP - ok
19:26:07.0011 3840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:26:07.0074 3840 SysMain - ok
19:26:07.0120 3840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:26:07.0136 3840 TabletInputService - ok
19:26:07.0183 3840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:26:07.0230 3840 TapiSrv - ok
19:26:07.0261 3840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:26:07.0292 3840 TBS - ok
19:26:07.0354 3840 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:26:07.0448 3840 Tcpip - ok
19:26:07.0495 3840 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:26:07.0526 3840 TCPIP6 - ok
19:26:07.0573 3840 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:26:07.0604 3840 tcpipreg - ok
19:26:07.0635 3840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:26:07.0651 3840 TDPIPE - ok
19:26:07.0682 3840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:26:07.0713 3840 TDTCP - ok
19:26:07.0760 3840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:26:07.0807 3840 tdx - ok
19:26:07.0838 3840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:26:07.0854 3840 TermDD - ok
19:26:07.0900 3840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:26:07.0947 3840 TermService - ok
19:26:07.0978 3840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:26:08.0010 3840 Themes - ok
19:26:08.0041 3840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:26:08.0088 3840 THREADORDER - ok
19:26:08.0088 3840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:26:08.0150 3840 TrkWks - ok
19:26:08.0228 3840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:26:08.0322 3840 TrustedInstaller - ok
19:26:08.0368 3840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:08.0446 3840 tssecsrv - ok
19:26:08.0478 3840 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:26:08.0509 3840 TsUsbFlt - ok
19:26:08.0556 3840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:26:08.0618 3840 tunnel - ok
19:26:08.0649 3840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:26:08.0665 3840 uagp35 - ok
19:26:08.0696 3840 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:26:08.0696 3840 UBHelper - ok
19:26:08.0758 3840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:26:08.0821 3840 udfs - ok
19:26:08.0852 3840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:26:08.0868 3840 UI0Detect - ok
19:26:08.0883 3840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:26:08.0899 3840 uliagpkx - ok
19:26:08.0930 3840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:26:08.0961 3840 umbus - ok
19:26:08.0977 3840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:26:09.0008 3840 UmPass - ok
19:26:09.0039 3840 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
19:26:09.0055 3840 Updater Service - ok
19:26:09.0086 3840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:26:09.0148 3840 upnphost - ok
19:26:09.0180 3840 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:26:09.0226 3840 upperdev - ok
19:26:09.0258 3840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:09.0289 3840 usbccgp - ok
19:26:09.0336 3840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:26:09.0351 3840 usbcir - ok
19:26:09.0382 3840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:26:09.0398 3840 usbehci - ok
19:26:09.0445 3840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:26:09.0492 3840 usbhub - ok
19:26:09.0507 3840 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:26:09.0523 3840 usbohci - ok
19:26:09.0523 3840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:26:09.0554 3840 usbprint - ok
19:26:09.0601 3840 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:26:09.0616 3840 usbscan - ok
19:26:09.0663 3840 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
19:26:09.0694 3840 usbser - ok
19:26:09.0726 3840 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:26:09.0772 3840 UsbserFilt - ok
19:26:09.0804 3840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:09.0835 3840 USBSTOR - ok
19:26:09.0866 3840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:26:09.0882 3840 usbuhci - ok
19:26:09.0928 3840 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:26:09.0960 3840 usbvideo - ok
19:26:09.0991 3840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:26:10.0038 3840 UxSms - ok
19:26:10.0053 3840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:26:10.0069 3840 VaultSvc - ok
19:26:10.0100 3840 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:26:10.0131 3840 VClone - ok
19:26:10.0194 3840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:26:10.0209 3840 vdrvroot - ok
19:26:10.0256 3840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:26:10.0303 3840 vds - ok
19:26:10.0334 3840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:10.0350 3840 vga - ok
19:26:10.0365 3840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:26:10.0428 3840 VgaSave - ok
19:26:10.0459 3840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:26:10.0474 3840 vhdmp - ok
19:26:10.0521 3840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:26:10.0537 3840 viaide - ok
19:26:10.0630 3840 [ 152E0AFF3D03257BE432B54D5E04C4CE ] Visual Studio Analyzer RPC bridge C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
19:26:10.0693 3840 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - warning
19:26:10.0693 3840 Visual Studio Analyzer RPC bridge - detected UnsignedFile.Multi.Generic (1)
19:26:10.0708 3840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:26:10.0724 3840 volmgr - ok
19:26:10.0755 3840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:26:10.0771 3840 volmgrx - ok
19:26:10.0802 3840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:26:10.0818 3840 volsnap - ok
19:26:10.0864 3840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:26:10.0880 3840 vsmraid - ok
19:26:10.0942 3840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:26:11.0052 3840 VSS - ok
19:26:11.0083 3840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:26:11.0114 3840 vwifibus - ok
19:26:11.0130 3840 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:26:11.0161 3840 vwififlt - ok
19:26:11.0176 3840 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:26:11.0192 3840 vwifimp - ok
19:26:11.0223 3840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:26:11.0286 3840 W32Time - ok
19:26:11.0317 3840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:26:11.0348 3840 WacomPen - ok
19:26:11.0379 3840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:26:11.0442 3840 WANARP - ok
19:26:11.0457 3840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:26:11.0488 3840 Wanarpv6 - ok
19:26:11.0582 3840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:26:11.0660 3840 WatAdminSvc - ok
19:26:11.0738 3840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:26:11.0816 3840 wbengine - ok
19:26:11.0847 3840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:26:11.0878 3840 WbioSrvc - ok
19:26:11.0925 3840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:26:11.0972 3840 wcncsvc - ok
19:26:11.0988 3840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:26:12.0003 3840 WcsPlugInService - ok
19:26:12.0034 3840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:26:12.0050 3840 Wd - ok
19:26:12.0097 3840 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:26:12.0128 3840 Wdf01000 - ok
19:26:12.0159 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:26:12.0190 3840 WdiServiceHost - ok
19:26:12.0206 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:26:12.0222 3840 WdiSystemHost - ok
19:26:12.0253 3840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:26:12.0300 3840 WebClient - ok
19:26:12.0331 3840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:26:12.0393 3840 Wecsvc - ok
19:26:12.0424 3840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:26:12.0487 3840 wercplsupport - ok
19:26:12.0534 3840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:26:12.0565 3840 WerSvc - ok
19:26:12.0612 3840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:26:12.0643 3840 WfpLwf - ok
19:26:12.0674 3840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:26:12.0674 3840 WIMMount - ok
19:26:12.0705 3840 WinDefend - ok
19:26:12.0721 3840 WinHttpAutoProxySvc - ok
19:26:12.0783 3840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:26:12.0830 3840 Winmgmt - ok
19:26:12.0892 3840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:26:13.0033 3840 WinRM - ok
19:26:13.0111 3840 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:26:13.0142 3840 WinUsb - ok
19:26:13.0173 3840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:26:13.0236 3840 Wlansvc - ok
19:26:13.0267 3840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:26:13.0282 3840 WmiAcpi - ok
19:26:13.0329 3840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:26:13.0345 3840 wmiApSrv - ok
19:26:13.0376 3840 WMPNetworkSvc - ok
19:26:13.0470 3840 [ 495284CF894336E9512ED7C9ACB3548E ] WOTUpdater C:\Users\Master\AppData\LocalLow\WOT\IE\WOTUpdater.exe
19:26:13.0532 3840 WOTUpdater ( UnsignedFile.Multi.Generic ) - warning
19:26:13.0532 3840 WOTUpdater - detected UnsignedFile.Multi.Generic (1)
19:26:13.0548 3840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:26:13.0563 3840 WPCSvc - ok
19:26:13.0610 3840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:26:13.0626 3840 WPDBusEnum - ok
19:26:13.0657 3840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:26:13.0719 3840 ws2ifsl - ok
19:26:13.0750 3840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:26:13.0782 3840 wscsvc - ok
19:26:13.0782 3840 WSearch - ok
19:26:13.0875 3840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:26:13.0969 3840 wuauserv - ok
19:26:14.0000 3840 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:26:14.0016 3840 WudfPf - ok
19:26:14.0062 3840 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:14.0078 3840 WUDFRd - ok
19:26:14.0125 3840 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:26:14.0156 3840 wudfsvc - ok
19:26:14.0187 3840 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:26:14.0250 3840 WwanSvc - ok
19:26:14.0281 3840 ================ Scan global ===============================
19:26:14.0312 3840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:26:14.0343 3840 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:26:14.0359 3840 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:26:14.0390 3840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:26:14.0421 3840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:26:14.0421 3840 [Global] - ok
19:26:14.0421 3840 ================ Scan MBR ==================================
19:26:14.0437 3840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:26:14.0811 3840 \Device\Harddisk0\DR0 - ok
19:26:14.0811 3840 ================ Scan VBR ==================================
19:26:14.0811 3840 [ 5389F658FC8B4A8E3FF0C8E8B3C875F1 ] \Device\Harddisk0\DR0\Partition1
19:26:14.0811 3840 \Device\Harddisk0\DR0\Partition1 - ok
19:26:14.0842 3840 [ 657FDD8678DE3E5AC8D8F11DE75FAEC4 ] \Device\Harddisk0\DR0\Partition2
19:26:14.0858 3840 \Device\Harddisk0\DR0\Partition2 - ok
19:26:14.0858 3840 ============================================================
19:26:14.0858 3840 Scan finished
19:26:14.0858 3840 ============================================================
19:26:14.0874 0760 Detected object count: 5
19:26:14.0874 0760 Actual detected object count: 5
19:26:57.0473 0760 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:26:57.0473 0760 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:26:57.0473 0760 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:26:57.0473 0760 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:26:57.0473 0760 WOTUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:57.0473 0760 WOTUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.05.2013, 19:08
| #8 |
| /// Malware-holic | Onlinebanking TESTÜBERWEISUNG Hi, du hast den Trojan.Zbot. Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC für onlinebanking, verwendest Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Wenn es mein PC währe, würde ich ihn einmal neu aufsetzen und absichern, du bekommst dazu natürlich von uns hilfe, auch wenn du weiter reinigen möchtest, teile mir mit, wie's weiter gehen soll :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 19:39
| #9 | |
| | Onlinebanking TESTÜBERWEISUNGZitat:
 |
|
28.05.2013, 10:23
| #10 |
| /// Malware-holic | Onlinebanking TESTÜBERWEISUNG Ich geb dir schon mal die Anleitung zum absichern, falls keine fragen zum neu aufsetzen sind. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen. als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: http://support.google.com/chrome/bin...&answer=118663 anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.05.2013, 20:13
| #11 |
| | Onlinebanking TESTÜBERWEISUNG hallo markusg , soweit so gut habe mal einen teil geschafft , als broser möchte ich aber den ie10 nehmen oder den Firefox ,als antivirus habe ich im Moment noch Norton 30tage testversion hast du mir dazu noch ein paar tips wegen der von mir genannten broser ? |
|
29.05.2013, 20:23
| #12 |
| /// Malware-holic | Onlinebanking TESTÜBERWEISUNG Hi ich würd wie gesagt emsisoft nemen, schon mal Chrome angesehen, bietet mehr Sicherheitsfeatures und sollte schneller seinb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Onlinebanking TESTÜBERWEISUNG |
| appdata, browser, code, datei, dateien, desktop, ebanking, explorer, firefox, folge, google, helper, home, internet, internet browser, internet explorer, microsoft, mozilla, onlinebanking, ordner, registrierungsdatenbank, roaming, software, start, suche, virus, windows |
Linear-Darstellung
