Trojaner-Board - einfache Log-Analyse

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - einfache Log-Analyse (https://www.trojaner-board.de/114003-einfache-log-analyse.html)

einfache Log-Analyse

Hallo,

Ich habe keine Fehlermeldungen oder sonstige Errors.

Seit ein paar Tagen öffnen sich die Seiten und Programme sehr langsam.
Die Minianwendung "CPU-Nutzung" ist seitdem immer im roten bereich. (RAM, rechte, kleinere Anzeige )
Ich weiß nicht ob dieses Widget wirklich vertauenswürdig ist aber es war bis jetzt immer zwischen 5-30%. Kann die Hardware überhitzen o.ä. ?

Da hier im Forum immer super geholfen wird wollte ich mal meine Logs prüfen lassen und hoffe das ich mir nicht eingefangen hab.

Defogg-Log: ( konnte ich nicht anhängen )

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:50 on 23/04/2012 (BiGBo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

gruß
Brubbl

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Cosinus,

sorry für die späte Antwort aber bin leider nicht früher dazu gekommen

Hier meine beiden Logs :

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.26.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

BiGBo :: BOSS [Administrator]
 

26.04.2012 21:00:10

mbam-log-2012-04-26 (21-00-10).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 383429

Laufzeit: 1 Stunde(n), 16 Minute(n), 34 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=57115e1f0798d44b8d9b51dc3da386db

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-29 07:44:40

# local_time=2012-04-29 09:44:40 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 6742451 6742451 0 0

# compatibility_mode=5893 16776573 100 94 162765 87355155 0 0

# compatibility_mode=8192 67108863 100 0 441 441 0 0

# scanned=163323

# found=0

# cleaned=0

# scan_time=3374

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=57115e1f0798d44b8d9b51dc3da386db

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-29 10:35:34

# local_time=2012-04-30 12:35:34 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 6746217 6746217 0 0

# compatibility_mode=5893 16776573 100 94 166531 87358921 0 0

# compatibility_mode=8192 67108863 100 0 4207 4207 0 0

# scanned=160245

# found=0

# cleaned=0

# scan_time=9860

mfg

Brubbl

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Cosinus,

hier mein OTL Log:

Code:

OTL logfile created on: 06.05.2012 22:47:34 - Run 2

OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\BiGBo\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,87 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 70,33% Memory free

7,73 Gb Paging File | 6,08 Gb Available in Paging File | 78,59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285,99 Gb Total Space | 160,91 Gb Free Space | 56,26% Space Free | Partition Type: NTFS

 

Computer Name: BOSS | User Name: BiGBo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.06 22:13:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\BiGBo\Desktop\OTL.exe

PRC - [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012.03.04 21:57:25 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012.02.03 10:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2010.05.25 20:31:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2009.10.13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.10.13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2009.09.30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2009.09.30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009.09.17 15:50:14 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.28 04:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

MOD - [2012.04.28 04:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll

MOD - [2012.04.28 04:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avutil-51.dll

MOD - [2012.04.28 04:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avformat-53.dll

MOD - [2012.04.28 04:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll

MOD - [2012.04.16 19:41:24 | 000,115,137 | ---- | M] () -- C:\Users\BiGBo\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll

MOD - [2012.04.13 12:50:15 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll

MOD - [2012.04.13 12:49:58 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll

MOD - [2012.04.13 12:49:56 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll

MOD - [2012.04.13 12:49:45 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll

MOD - [2012.04.13 12:49:44 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll

MOD - [2012.03.07 20:48:32 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll

MOD - [2012.03.07 20:47:09 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll

MOD - [2012.03.07 20:47:02 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll

MOD - [2012.03.06 23:53:40 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll

MOD - [2012.03.06 23:53:40 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll

MOD - [2012.03.06 23:53:36 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll

MOD - [2012.03.06 23:53:30 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll

MOD - [2012.03.06 23:53:25 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll

MOD - [2012.03.04 21:57:25 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.09.30 13:30:10 | 003,140,424 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)

SRV:64bit: - [2009.11.24 16:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009.10.29 12:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2010.05.25 20:31:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009.12.29 04:29:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009.10.13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

SRV - [2009.09.30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2009.09.30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2009.07.28 22:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.15 23:37:37 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)

DRV:64bit: - [2011.12.08 06:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.04 22:47:05 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)

DRV:64bit: - [2011.03.04 22:46:42 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)

DRV:64bit: - [2011.03.04 22:46:42 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.05.25 19:49:49 | 000,828,912 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010.05.01 08:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)

DRV:64bit: - [2010.05.01 08:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)

DRV:64bit: - [2009.11.24 16:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.11.06 06:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009.10.23 07:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009.10.12 13:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009.10.05 09:49:34 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)

DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009.08.05 22:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2010.05.01 08:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

DRV - [2009.09.02 03:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0324z195f49k2y254

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0324z195f49k2y254

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE365

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\BiGBo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.01 22:51:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 19:23:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.03 13:32:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\BiGBo\AppData\Roaming\Mozilla\Firefox\Profiles/7jk70tgz.default\extensions\ffox@bandoo.com

 

[2011.06.13 13:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BiGBo\AppData\Roaming\mozilla\Extensions

[2010.02.07 16:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BiGBo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.01.06 10:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BiGBo\AppData\Roaming\mozilla\Firefox\Profiles\7jk70tgz.default\extensions

[2012.04.17 21:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.17 21:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011.10.30 22:14:00 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\BIGBO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JK70TGZ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

[2012.02.01 22:51:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.17 21:34:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.05 18:31:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.05 18:31:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.05 18:31:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.05 18:31:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.05 18:31:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.05 18:31:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BiGBo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\BiGBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\BiGBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\

CHR - Extension: YouTube = C:\Users\BiGBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\BiGBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\BiGBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\

CHR - Extension: Google Mail = C:\Users\BiGBo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2011.06.15 19:35:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll File not found

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)

O4 - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe File not found

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found

O16:64bit: - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{489CB415-61D4-40E4-BA97-05820D00CA7E}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmappen

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.06 22:13:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\BiGBo\Desktop\OTL.exe

[2012.04.29 20:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.04.18 21:41:59 | 000,000,000 | ---D | C] -- C:\Users\BiGBo\Documents\Modellbau

[2012.04.17 21:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.04.17 21:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.06 22:29:36 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.06 22:17:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.06 22:17:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.06 22:13:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\BiGBo\Desktop\OTL.exe

[2012.05.06 22:09:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.06 22:09:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.06 22:09:02 | 3113,304,064 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.06 22:09:01 | 000,465,740 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor

[2012.05.05 14:56:33 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.05.05 14:56:33 | 000,669,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.05.05 14:56:33 | 000,629,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.05.05 14:56:33 | 000,137,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.05.05 14:56:33 | 000,112,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.05.02 22:15:45 | 003,261,939 | ---- | M] () -- C:\Users\BiGBo\Desktop\343_TUNINGWORLDBodensee2012.jpg

[2012.05.02 22:15:17 | 002,930,337 | ---- | M] () -- C:\Users\BiGBo\Desktop\344_TUNINGWORLDBodensee2012.jpg

[2012.05.02 22:09:31 | 003,035,847 | ---- | M] () -- C:\Users\BiGBo\Desktop\120_TUNINGWORLDBodensee2012.jpg

[2012.04.12 20:51:47 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.05.02 22:15:47 | 003,261,939 | ---- | C] () -- C:\Users\BiGBo\Desktop\343_TUNINGWORLDBodensee2012.jpg

[2012.05.02 22:15:21 | 002,930,337 | ---- | C] () -- C:\Users\BiGBo\Desktop\344_TUNINGWORLDBodensee2012.jpg

[2012.05.02 22:09:31 | 003,035,847 | ---- | C] () -- C:\Users\BiGBo\Desktop\120_TUNINGWORLDBodensee2012.jpg

[2012.02.29 21:44:00 | 000,007,611 | ---- | C] () -- C:\Users\BiGBo\AppData\Local\Resmon.ResmonCfg

[2012.01.21 22:44:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.07.20 22:00:44 | 000,000,093 | ---- | C] () -- C:\Users\BiGBo\AppData\Local\fusioncache.dat

[2011.03.18 22:52:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.02.02 16:52:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011.01.10 21:04:24 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.07.08 19:32:36 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI

[2010.05.25 20:31:10 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010.05.25 20:31:08 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.05.25 20:31:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010.05.19 17:46:56 | 000,123,392 | ---- | C] () -- C:\Users\BiGBo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.19 17:29:27 | 001,567,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 
 ========== LOP Check ==========

 

[2012.02.11 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\DAEMON Tools Lite

[2012.02.11 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\DAEMON Tools Pro

[2010.06.15 13:06:41 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.11.04 10:06:59 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\ICQ

[2010.05.19 17:39:02 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Nokia

[2010.05.19 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\PC Suite

[2012.02.01 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Samsung

[2011.04.06 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\TeamViewer

[2010.07.26 12:55:51 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Template

[2010.02.07 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Thunderbird

[2011.06.16 20:58:39 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\TuneUp Software

[2012.05.06 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\UseNeXT

[2012.02.27 15:20:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.06.15 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Adobe

[2010.02.02 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\ATI

[2012.02.11 21:28:08 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Avira

[2011.10.27 00:59:02 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\CyberLink

[2012.02.11 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\DAEMON Tools Lite

[2012.02.11 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\DAEMON Tools Pro

[2011.04.05 20:05:28 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\dvdcss

[2010.06.15 13:06:41 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.02.02 20:55:12 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Google

[2010.11.04 10:06:59 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\ICQ

[2010.02.02 20:49:10 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Identities

[2010.02.17 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\InstallShield

[2010.02.02 20:49:40 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Macromedia

[2011.06.13 16:25:56 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Malwarebytes

[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Media Center Programs

[2012.04.14 16:38:13 | 000,000,000 | --SD | M] -- C:\Users\BiGBo\AppData\Roaming\Microsoft

[2011.07.20 22:28:38 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Mozilla

[2010.02.10 01:06:12 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Nero

[2010.05.19 17:39:02 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Nokia

[2010.05.19 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\PC Suite

[2012.02.01 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Samsung

[2010.05.25 20:45:06 | 000,000,000 | RH-D | M] -- C:\Users\BiGBo\AppData\Roaming\SecuROM

[2011.03.21 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Skype

[2011.03.21 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\skypePM

[2011.04.06 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\TeamViewer

[2010.07.26 12:55:51 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Template

[2010.02.07 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\Thunderbird

[2011.06.16 20:58:39 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\TuneUp Software

[2012.05.06 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\UseNeXT

[2012.05.06 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\vlc

[2010.02.07 14:29:04 | 000,000,000 | ---D | M] -- C:\Users\BiGBo\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.03.04 21:57:24 | 000,106,408 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe

[2012.03.04 21:57:24 | 000,101,288 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe

[2012.03.04 21:57:25 | 000,021,416 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe

[2012.02.11 21:08:21 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe

[2011.12.28 00:21:06 | 000,937,360 | ---- | M] (Samsung) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe

[2011.12.28 00:21:10 | 000,278,928 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe

[2011.12.23 22:03:40 | 000,304,640 | ---- | M] (Samsung) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe

[2011.12.28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe

[2011.12.23 21:59:48 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe

[2011.12.23 21:59:50 | 000,691,712 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe

[2011.12.28 00:21:12 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe

[2011.12.23 21:59:20 | 000,106,408 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe

[2011.12.23 21:59:20 | 000,101,288 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe

[2011.12.28 00:21:16 | 000,131,984 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe

[2011.12.28 00:21:18 | 000,021,392 | ---- | M] () -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe

[2011.12.28 00:21:20 | 003,569,984 | ---- | M] (Freeware) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe

[2011.12.28 00:21:22 | 000,371,088 | ---- | M] (ml) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2012.02.03 10:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\BiGBo\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.10.13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys

[2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
 

< End of report >

Grüsse
Brubbl

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = 

IE - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}

O3 - HKLM\..\Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O4 - HKU\S-1-5-21-3023812417-4257815622-3456056612-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe File not found

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Cosinus,

ich musste es leider 2x fixen.Macht das etwas aus ?
Beim ersten mal ist der Rechner abgestürzt und hat beim Neustart keine .txt geöffnet.
Beim 2. mal ging alles glatt...

Log:

Code:

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_USERS\S-1-5-21-3023812417-4257815622-3456056612-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-3023812417-4257815622-3456056612-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_USERS\S-1-5-21-3023812417-4257815622-3456056612-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.

Registry value HKEY_USERS\S-1-5-21-3023812417-4257815622-3456056612-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster not found.

File C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.

File C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{71BFC818-0CED-42D6-9C87-5142918957EE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71BFC818-0CED-42D6-9C87-5142918957EE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{71BFC818-0CED-42D6-9C87-5142918957EE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71BFC818-0CED-42D6-9C87-5142918957EE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Unable to delete ADS C:\ProgramData\Temp:5C321E34 .

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

 

User: All Users

 

User: BiGBo

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 655494 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Mcx1-BOSS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: BiGBo

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Mcx1-BOSS

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.3 log created on 05072012_214334
 

Files\Folders moved on Reboot...

File\Folder C:\Users\BiGBo\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

gruß
Brubbl

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo

Anweisung genau verfolgt:

TDSSkiller Log:

Code:

21:13:39.0111 0436        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

21:13:39.0283 0436        ============================================================

21:13:39.0283 0436        Current date / time: 2012/05/08 21:13:39.0283

21:13:39.0283 0436        SystemInfo:

21:13:39.0283 0436        

21:13:39.0283 0436        OS Version: 6.1.7601 ServicePack: 1.0

21:13:39.0283 0436        Product type: Workstation

21:13:39.0283 0436        ComputerName: BOSS

21:13:39.0283 0436        UserName: BiGBo

21:13:39.0283 0436        Windows directory: C:\Windows

21:13:39.0283 0436        System windows directory: C:\Windows

21:13:39.0283 0436        Running under WOW64

21:13:39.0283 0436        Processor architecture: Intel x64

21:13:39.0283 0436        Number of processors: 4

21:13:39.0283 0436        Page size: 0x1000

21:13:39.0283 0436        Boot type: Normal boot

21:13:39.0283 0436        ============================================================

21:13:43.0479 0436        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:13:43.0495 0436        ============================================================

21:13:43.0495 0436        \Device\Harddisk0\DR0:

21:13:43.0573 0436        MBR partitions:

21:13:43.0573 0436        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD

21:13:43.0573 0436        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384

21:13:43.0573 0436        ============================================================

21:13:43.0760 0436        C: <-> \Device\Harddisk0\DR0\Partition1

21:13:43.0931 0436        ============================================================

21:13:43.0931 0436        Initialize success

21:13:43.0931 0436        ============================================================

21:18:52.0146 2020        ============================================================

21:18:52.0146 2020        Scan started

21:18:52.0146 2020        Mode: Manual; SigCheck; TDLFS; 

21:18:52.0146 2020        ============================================================

21:18:52.0395 2020        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:18:52.0489 2020        1394ohci - ok

21:18:52.0536 2020        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:18:52.0551 2020        ACPI - ok

21:18:52.0614 2020        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:18:52.0692 2020        AcpiPmi - ok

21:18:52.0770 2020        AdobeActiveFileMonitor7.0 (6d9fc1e7ea3c548f4d3455f0c3feef8c) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

21:18:52.0785 2020        AdobeActiveFileMonitor7.0 - ok

21:18:52.0848 2020        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:18:52.0863 2020        AdobeARMservice - ok

21:18:52.0926 2020        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

21:18:52.0957 2020        adp94xx - ok

21:18:52.0988 2020        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

21:18:53.0004 2020        adpahci - ok

21:18:53.0050 2020        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

21:18:53.0066 2020        adpu320 - ok

21:18:53.0097 2020        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

21:18:53.0238 2020        AeLookupSvc - ok

21:18:53.0269 2020        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

21:18:53.0362 2020        AFD - ok

21:18:53.0409 2020        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:18:53.0425 2020        agp440 - ok

21:18:53.0472 2020        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

21:18:53.0581 2020        ALG - ok

21:18:53.0612 2020        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:18:53.0628 2020        aliide - ok

21:18:53.0690 2020        AMD External Events Utility (1d317ea326423ff7630cf1da3bd46a1c) C:\Windows\system32\atiesrxx.exe

21:18:53.0737 2020        AMD External Events Utility - ok

21:18:53.0768 2020        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:18:53.0784 2020        amdide - ok

21:18:53.0830 2020        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

21:18:53.0877 2020        AmdK8 - ok

21:18:53.0893 2020        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

21:18:53.0924 2020        AmdPPM - ok

21:18:53.0971 2020        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:18:53.0971 2020        amdsata - ok

21:18:54.0018 2020        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

21:18:54.0033 2020        amdsbs - ok

21:18:54.0064 2020        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:18:54.0064 2020        amdxata - ok

21:18:54.0174 2020        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

21:18:54.0189 2020        AntiVirSchedulerService - ok

21:18:54.0236 2020        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

21:18:54.0252 2020        AntiVirService - ok

21:18:54.0298 2020        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:18:54.0423 2020        AppID - ok

21:18:54.0454 2020        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

21:18:54.0532 2020        AppIDSvc - ok

21:18:54.0579 2020        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

21:18:54.0657 2020        Appinfo - ok

21:18:54.0720 2020        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

21:18:54.0720 2020        arc - ok

21:18:54.0735 2020        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

21:18:54.0751 2020        arcsas - ok

21:18:54.0813 2020        aspnet_state - ok

21:18:54.0844 2020        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:18:54.0907 2020        AsyncMac - ok

21:18:54.0954 2020        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:18:54.0954 2020        atapi - ok

21:18:55.0032 2020        athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys

21:18:55.0094 2020        athr - ok

21:18:55.0484 2020        atikmdag        (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys

21:18:55.0687 2020        atikmdag - ok

21:18:55.0827 2020        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

21:18:55.0890 2020        AudioEndpointBuilder - ok

21:18:55.0890 2020        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

21:18:55.0968 2020        AudioSrv - ok

21:18:56.0046 2020        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

21:18:56.0077 2020        avgntflt - ok

21:18:56.0155 2020        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

21:18:56.0155 2020        avipbb - ok

21:18:56.0170 2020        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

21:18:56.0186 2020        avkmgr - ok

21:18:56.0248 2020        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

21:18:56.0326 2020        AxInstSV - ok

21:18:56.0373 2020        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

21:18:56.0420 2020        b06bdrv - ok

21:18:56.0451 2020        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:18:56.0498 2020        b57nd60a - ok

21:18:56.0576 2020        Bandoo Coordinator - ok

21:18:56.0607 2020        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

21:18:56.0638 2020        BDESVC - ok

21:18:56.0670 2020        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:18:56.0748 2020        Beep - ok

21:18:56.0841 2020        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

21:18:56.0904 2020        BFE - ok

21:18:56.0966 2020        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

21:18:57.0044 2020        BITS - ok

21:18:57.0106 2020        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:18:57.0138 2020        blbdrive - ok

21:18:57.0184 2020        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:18:57.0231 2020        bowser - ok

21:18:57.0278 2020        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:18:57.0340 2020        BrFiltLo - ok

21:18:57.0356 2020        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:18:57.0372 2020        BrFiltUp - ok

21:18:57.0403 2020        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

21:18:57.0465 2020        Browser - ok

21:18:57.0496 2020        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:18:57.0590 2020        Brserid - ok

21:18:57.0590 2020        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:18:57.0621 2020        BrSerWdm - ok

21:18:57.0652 2020        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:18:57.0699 2020        BrUsbMdm - ok

21:18:57.0715 2020        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:18:57.0730 2020        BrUsbSer - ok

21:18:57.0746 2020        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

21:18:57.0762 2020        BTHMODEM - ok

21:18:57.0808 2020        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

21:18:57.0886 2020        bthserv - ok

21:18:57.0902 2020        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:18:57.0964 2020        cdfs - ok

21:18:58.0027 2020        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:18:58.0042 2020        cdrom - ok

21:18:58.0089 2020        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

21:18:58.0152 2020        CertPropSvc - ok

21:18:58.0198 2020        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

21:18:58.0214 2020        circlass - ok

21:18:58.0261 2020        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:18:58.0276 2020        CLFS - ok

21:18:58.0323 2020        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:18:58.0339 2020        clr_optimization_v2.0.50727_32 - ok

21:18:58.0401 2020        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:18:58.0401 2020        clr_optimization_v2.0.50727_64 - ok

21:18:58.0479 2020        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:18:58.0510 2020        clr_optimization_v4.0.30319_32 - ok

21:18:58.0588 2020        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:18:58.0604 2020        clr_optimization_v4.0.30319_64 - ok

21:18:58.0635 2020        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:18:58.0651 2020        CmBatt - ok

21:18:58.0682 2020        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:18:58.0682 2020        cmdide - ok

21:18:58.0729 2020        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

21:18:58.0822 2020        CNG - ok

21:18:58.0854 2020        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:18:58.0869 2020        Compbatt - ok

21:18:58.0916 2020        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

21:18:58.0947 2020        CompositeBus - ok

21:18:58.0978 2020        COMSysApp - ok

21:18:58.0994 2020        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

21:18:59.0010 2020        crcdisk - ok

21:18:59.0056 2020        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

21:18:59.0103 2020        CryptSvc - ok

21:18:59.0150 2020        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

21:18:59.0228 2020        DcomLaunch - ok

21:18:59.0259 2020        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

21:18:59.0322 2020        defragsvc - ok

21:18:59.0353 2020        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:18:59.0415 2020        DfsC - ok

21:18:59.0462 2020        dgderdrv        (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys

21:18:59.0478 2020        dgderdrv - ok

21:18:59.0524 2020        dg_ssudbus      (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys

21:18:59.0540 2020        dg_ssudbus - ok

21:18:59.0587 2020        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

21:18:59.0665 2020        Dhcp - ok

21:18:59.0696 2020        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:18:59.0774 2020        discache - ok

21:18:59.0836 2020        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

21:18:59.0836 2020        Disk - ok

21:18:59.0961 2020        DKbFltr         (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys

21:18:59.0977 2020        DKbFltr - ok

21:19:00.0024 2020        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

21:19:00.0055 2020        Dnscache - ok

21:19:00.0086 2020        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

21:19:00.0164 2020        dot3svc - ok

21:19:00.0195 2020        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

21:19:00.0258 2020        DPS - ok

21:19:00.0320 2020        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:19:00.0351 2020        drmkaud - ok

21:19:00.0398 2020        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:19:00.0429 2020        DXGKrnl - ok

21:19:00.0476 2020        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

21:19:00.0538 2020        EapHost - ok

21:19:00.0679 2020        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

21:19:00.0757 2020        ebdrv - ok

21:19:00.0850 2020        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

21:19:00.0882 2020        EFS - ok

21:19:00.0975 2020        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

21:19:01.0022 2020        ehRecvr - ok

21:19:01.0038 2020        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

21:19:01.0069 2020        ehSched - ok

21:19:01.0147 2020        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

21:19:01.0178 2020        elxstor - ok

21:19:01.0272 2020        ePowerSvc       (8e910f796f5f30281cdd24aba47ddea2) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

21:19:01.0303 2020        ePowerSvc - ok

21:19:01.0412 2020        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:19:01.0428 2020        ErrDev - ok

21:19:01.0490 2020        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

21:19:01.0537 2020        EventSystem - ok

21:19:01.0568 2020        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:19:01.0615 2020        exfat - ok

21:19:01.0646 2020        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:19:01.0708 2020        fastfat - ok

21:19:01.0771 2020        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

21:19:01.0818 2020        Fax - ok

21:19:01.0864 2020        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:19:01.0896 2020        fdc - ok

21:19:01.0942 2020        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

21:19:01.0989 2020        fdPHost - ok

21:19:02.0005 2020        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

21:19:02.0067 2020        FDResPub - ok

21:19:02.0067 2020        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:19:02.0083 2020        FileInfo - ok

21:19:02.0114 2020        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:19:02.0192 2020        Filetrace - ok

21:19:02.0301 2020        FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:19:02.0364 2020        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

21:19:02.0364 2020        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

21:19:02.0379 2020        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

21:19:02.0410 2020        flpydisk - ok

21:19:02.0457 2020        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:19:02.0473 2020        FltMgr - ok

21:19:02.0535 2020        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

21:19:02.0582 2020        FontCache - ok

21:19:02.0644 2020        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:19:02.0660 2020        FontCache3.0.0.0 - ok

21:19:02.0707 2020        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:19:02.0707 2020        FsDepends - ok

21:19:02.0738 2020        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

21:19:02.0754 2020        Fs_Rec - ok

21:19:02.0800 2020        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:19:02.0816 2020        fvevol - ok

21:19:02.0847 2020        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:19:02.0863 2020        gagp30kx - ok

21:19:02.0910 2020        ggflt           (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys

21:19:02.0925 2020        ggflt - ok

21:19:02.0972 2020        ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys

21:19:02.0972 2020        ggsemc - ok

21:19:03.0034 2020        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

21:19:03.0097 2020        gpsvc - ok

21:19:03.0206 2020        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:19:03.0222 2020        gupdate - ok

21:19:03.0237 2020        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:19:03.0253 2020        gupdatem - ok

21:19:03.0300 2020        gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:19:03.0315 2020        gusvc - ok

21:19:03.0346 2020        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:19:03.0393 2020        hcw85cir - ok

21:19:03.0456 2020        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:19:03.0487 2020        HdAudAddService - ok

21:19:03.0534 2020        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

21:19:03.0565 2020        HDAudBus - ok

21:19:03.0596 2020        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

21:19:03.0596 2020        HECIx64 - ok

21:19:03.0612 2020        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

21:19:03.0643 2020        HidBatt - ok

21:19:03.0674 2020        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

21:19:03.0705 2020        HidBth - ok

21:19:03.0721 2020        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

21:19:03.0736 2020        HidIr - ok

21:19:03.0768 2020        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

21:19:03.0846 2020        hidserv - ok

21:19:03.0892 2020        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

21:19:03.0908 2020        HidUsb - ok

21:19:03.0939 2020        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

21:19:03.0986 2020        hkmsvc - ok

21:19:04.0002 2020        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

21:19:04.0048 2020        HomeGroupListener - ok

21:19:04.0064 2020        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

21:19:04.0095 2020        HomeGroupProvider - ok

21:19:04.0142 2020        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:19:04.0158 2020        HpSAMD - ok

21:19:04.0220 2020        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:19:04.0298 2020        HTTP - ok

21:19:04.0314 2020        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:19:04.0329 2020        hwpolicy - ok

21:19:04.0376 2020        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

21:19:04.0392 2020        i8042prt - ok

21:19:04.0470 2020        IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

21:19:04.0485 2020        IAANTMON - ok

21:19:04.0516 2020        iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

21:19:04.0532 2020        iaStor - ok

21:19:04.0594 2020        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:19:04.0626 2020        iaStorV - ok

21:19:04.0719 2020        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:19:04.0735 2020        idsvc - ok

21:19:04.0782 2020        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

21:19:04.0797 2020        iirsp - ok

21:19:04.0844 2020        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

21:19:04.0906 2020        IKEEXT - ok

21:19:04.0984 2020        Impcd           (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys

21:19:05.0000 2020        Impcd - ok

21:19:05.0140 2020        IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys

21:19:05.0187 2020        IntcAzAudAddService - ok

21:19:05.0281 2020        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:19:05.0296 2020        intelide - ok

21:19:05.0343 2020        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:19:05.0374 2020        intelppm - ok

21:19:05.0406 2020        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

21:19:05.0452 2020        IPBusEnum - ok

21:19:05.0484 2020        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:19:05.0546 2020        IpFilterDriver - ok

21:19:05.0608 2020        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

21:19:05.0655 2020        iphlpsvc - ok

21:19:05.0671 2020        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:19:05.0686 2020        IPMIDRV - ok

21:19:05.0718 2020        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:19:05.0780 2020        IPNAT - ok

21:19:05.0811 2020        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:19:05.0889 2020        IRENUM - ok

21:19:05.0920 2020        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:19:05.0920 2020        isapnp - ok

21:19:05.0952 2020        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:19:05.0967 2020        iScsiPrt - ok

21:19:06.0030 2020        k57nd60a        (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys

21:19:06.0045 2020        k57nd60a - ok

21:19:06.0045 2020        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

21:19:06.0061 2020        kbdclass - ok

21:19:06.0108 2020        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

21:19:06.0123 2020        kbdhid - ok

21:19:06.0139 2020        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

21:19:06.0154 2020        KeyIso - ok

21:19:06.0217 2020        KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys

21:19:06.0232 2020        KMWDFILTER - ok

21:19:06.0248 2020        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

21:19:06.0264 2020        KSecDD - ok

21:19:06.0279 2020        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

21:19:06.0295 2020        KSecPkg - ok

21:19:06.0310 2020        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:19:06.0373 2020        ksthunk - ok

21:19:06.0420 2020        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

21:19:06.0466 2020        KtmRm - ok

21:19:06.0529 2020        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

21:19:06.0591 2020        LanmanServer - ok

21:19:06.0607 2020        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

21:19:06.0654 2020        LanmanWorkstation - ok

21:19:06.0700 2020        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:19:06.0763 2020        lltdio - ok

21:19:06.0794 2020        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

21:19:06.0856 2020        lltdsvc - ok

21:19:06.0872 2020        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

21:19:06.0934 2020        lmhosts - ok

21:19:07.0028 2020        LMS             (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

21:19:07.0044 2020        LMS - ok

21:19:07.0090 2020        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:19:07.0106 2020        LSI_FC - ok

21:19:07.0122 2020        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:19:07.0137 2020        LSI_SAS - ok

21:19:07.0137 2020        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:19:07.0153 2020        LSI_SAS2 - ok

21:19:07.0168 2020        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:19:07.0184 2020        LSI_SCSI - ok

21:19:07.0215 2020        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:19:07.0293 2020        luafv - ok

21:19:07.0324 2020        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

21:19:07.0356 2020        Mcx2Svc - ok

21:19:07.0387 2020        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

21:19:07.0387 2020        megasas - ok

21:19:07.0402 2020        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

21:19:07.0418 2020        MegaSR - ok

21:19:07.0480 2020        Microsoft SharePoint Workspace Audit Service - ok

21:19:07.0527 2020        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

21:19:07.0574 2020        MMCSS - ok

21:19:07.0590 2020        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:19:07.0636 2020        Modem - ok

21:19:07.0668 2020        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:19:07.0699 2020        monitor - ok

21:19:07.0746 2020        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

21:19:07.0761 2020        mouclass - ok

21:19:07.0792 2020        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:19:07.0808 2020        mouhid - ok

21:19:07.0839 2020        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:19:07.0855 2020        mountmgr - ok

21:19:07.0886 2020        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:19:07.0902 2020        mpio - ok

21:19:07.0948 2020        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:19:07.0995 2020        mpsdrv - ok

21:19:08.0042 2020        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

21:19:08.0104 2020        MpsSvc - ok

21:19:08.0136 2020        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:19:08.0182 2020        MRxDAV - ok

21:19:08.0198 2020        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:19:08.0245 2020        mrxsmb - ok

21:19:08.0276 2020        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:19:08.0292 2020        mrxsmb10 - ok

21:19:08.0307 2020        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:19:08.0323 2020        mrxsmb20 - ok

21:19:08.0354 2020        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:19:08.0370 2020        msahci - ok

21:19:08.0401 2020        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:19:08.0416 2020        msdsm - ok

21:19:08.0448 2020        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

21:19:08.0479 2020        MSDTC - ok

21:19:08.0526 2020        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:19:08.0557 2020        Msfs - ok

21:19:08.0572 2020        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:19:08.0619 2020        mshidkmdf - ok

21:19:08.0635 2020        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:19:08.0650 2020        msisadrv - ok

21:19:08.0682 2020        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

21:19:08.0744 2020        MSiSCSI - ok

21:19:08.0760 2020        msiserver - ok

21:19:08.0791 2020        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:19:08.0853 2020        MSKSSRV - ok

21:19:08.0884 2020        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:19:08.0947 2020        MSPCLOCK - ok

21:19:08.0947 2020        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:19:09.0025 2020        MSPQM - ok

21:19:09.0056 2020        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:19:09.0087 2020        MsRPC - ok

21:19:09.0118 2020        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:19:09.0118 2020        mssmbios - ok

21:19:09.0165 2020        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:19:09.0212 2020        MSTEE - ok

21:19:09.0228 2020        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

21:19:09.0259 2020        MTConfig - ok

21:19:09.0337 2020        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:19:09.0352 2020        Mup - ok

21:19:09.0384 2020        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

21:19:09.0462 2020        napagent - ok

21:19:09.0508 2020        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:19:09.0555 2020        NativeWifiP - ok

21:19:09.0618 2020        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:19:09.0649 2020        NDIS - ok

21:19:09.0696 2020        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:19:09.0742 2020        NdisCap - ok

21:19:09.0774 2020        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:19:09.0836 2020        NdisTapi - ok

21:19:09.0867 2020        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:19:09.0930 2020        Ndisuio - ok

21:19:09.0945 2020        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:19:10.0008 2020        NdisWan - ok

21:19:10.0039 2020        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:19:10.0117 2020        NDProxy - ok

21:19:10.0210 2020        Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

21:19:10.0242 2020        Nero BackItUp Scheduler 4.0 - ok

21:19:10.0273 2020        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:19:10.0351 2020        NetBIOS - ok

21:19:10.0382 2020        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:19:10.0444 2020        NetBT - ok

21:19:10.0460 2020        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

21:19:10.0460 2020        Netlogon - ok

21:19:10.0507 2020        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

21:19:10.0585 2020        Netman - ok

21:19:10.0600 2020        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

21:19:10.0678 2020        netprofm - ok

21:19:10.0725 2020        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:19:10.0741 2020        NetTcpPortSharing - ok

21:19:10.0990 2020        NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

21:19:11.0256 2020        NETw5s64 - ok

21:19:11.0365 2020        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

21:19:11.0380 2020        nfrd960 - ok

21:19:11.0427 2020        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

21:19:11.0505 2020        NlaSvc - ok

21:19:11.0521 2020        nmwcdnsucx64 - ok

21:19:11.0536 2020        nmwcdnsux64 - ok

21:19:11.0552 2020        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:19:11.0599 2020        Npfs - ok

21:19:11.0630 2020        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

21:19:11.0692 2020        nsi - ok

21:19:11.0708 2020        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:19:11.0755 2020        nsiproxy - ok

21:19:11.0848 2020        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:19:11.0911 2020        Ntfs - ok

21:19:12.0004 2020        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:19:12.0067 2020        Null - ok

21:19:12.0098 2020        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:19:12.0114 2020        nvraid - ok

21:19:12.0129 2020        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:19:12.0145 2020        nvstor - ok

21:19:12.0160 2020        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:19:12.0176 2020        nv_agp - ok

21:19:12.0207 2020        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:19:12.0223 2020        ohci1394 - ok

21:19:12.0394 2020        OODefragAgent   (26298db2cbeb62df2a9396e4b8efb515) C:\Program Files\OO Software\Defrag\oodag.exe

21:19:12.0472 2020        OODefragAgent - ok

21:19:12.0582 2020        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:19:12.0582 2020        ose - ok

21:19:12.0862 2020        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:19:13.0050 2020        osppsvc - ok

21:19:13.0159 2020        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

21:19:13.0206 2020        p2pimsvc - ok

21:19:13.0221 2020        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

21:19:13.0252 2020        p2psvc - ok

21:19:13.0299 2020        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

21:19:13.0315 2020        Parport - ok

21:19:13.0346 2020        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:19:13.0346 2020        partmgr - ok

21:19:13.0393 2020        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

21:19:13.0424 2020        PcaSvc - ok

21:19:13.0471 2020        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

21:19:13.0502 2020        pccsmcfd - ok

21:19:13.0533 2020        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:19:13.0549 2020        pci - ok

21:19:13.0564 2020        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:19:13.0580 2020        pciide - ok

21:19:13.0611 2020        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

21:19:13.0627 2020        pcmcia - ok

21:19:13.0627 2020        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:19:13.0642 2020        pcw - ok

21:19:13.0674 2020        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:19:13.0752 2020        PEAUTH - ok

21:19:13.0814 2020        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

21:19:13.0845 2020        PerfHost - ok

21:19:13.0970 2020        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

21:19:14.0064 2020        pla - ok

21:19:14.0126 2020        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

21:19:14.0157 2020        PlugPlay - ok

21:19:14.0188 2020        PnkBstrA - ok

21:19:14.0204 2020        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

21:19:14.0220 2020        PNRPAutoReg - ok

21:19:14.0251 2020        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

21:19:14.0266 2020        PNRPsvc - ok

21:19:14.0298 2020        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

21:19:14.0376 2020        PolicyAgent - ok

21:19:14.0407 2020        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

21:19:14.0469 2020        Power - ok

21:19:14.0547 2020        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:19:14.0578 2020        PptpMiniport - ok

21:19:14.0610 2020        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

21:19:14.0641 2020        Processor - ok

21:19:14.0688 2020        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

21:19:14.0734 2020        ProfSvc - ok

21:19:14.0750 2020        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

21:19:14.0766 2020        ProtectedStorage - ok

21:19:14.0812 2020        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:19:14.0875 2020        Psched - ok

21:19:14.0906 2020        PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys

21:19:14.0922 2020        PxHlpa64 - ok

21:19:15.0000 2020        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

21:19:15.0046 2020        ql2300 - ok

21:19:15.0140 2020        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

21:19:15.0156 2020        ql40xx - ok

21:19:15.0187 2020        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

21:19:15.0202 2020        QWAVE - ok

21:19:15.0202 2020        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:19:15.0234 2020        QWAVEdrv - ok

21:19:15.0249 2020        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:19:15.0312 2020        RasAcd - ok

21:19:15.0358 2020        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:19:15.0421 2020        RasAgileVpn - ok

21:19:15.0421 2020        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

21:19:15.0483 2020        RasAuto - ok

21:19:15.0514 2020        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:19:15.0577 2020        Rasl2tp - ok

21:19:15.0639 2020        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

21:19:15.0702 2020        RasMan - ok

21:19:15.0717 2020        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:19:15.0780 2020        RasPppoe - ok

21:19:15.0826 2020        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:19:15.0889 2020        RasSstp - ok

21:19:15.0936 2020        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:19:15.0998 2020        rdbss - ok

21:19:16.0014 2020        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:19:16.0045 2020        rdpbus - ok

21:19:16.0060 2020        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:19:16.0107 2020        RDPCDD - ok

21:19:16.0123 2020        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:19:16.0185 2020        RDPENCDD - ok

21:19:16.0201 2020        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:19:16.0263 2020        RDPREFMP - ok

21:19:16.0294 2020        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

21:19:16.0341 2020        RDPWD - ok

21:19:16.0388 2020        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:19:16.0404 2020        rdyboost - ok

21:19:16.0435 2020        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

21:19:16.0513 2020        RemoteAccess - ok

21:19:16.0528 2020        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

21:19:16.0591 2020        RemoteRegistry - ok

21:19:16.0622 2020        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

21:19:16.0653 2020        RpcEptMapper - ok

21:19:16.0669 2020        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

21:19:16.0684 2020        RpcLocator - ok

21:19:16.0731 2020        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

21:19:16.0778 2020        RpcSs - ok

21:19:16.0809 2020        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:19:16.0872 2020        rspndr - ok

21:19:16.0903 2020        RSUSBSTOR       (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys

21:19:16.0950 2020        RSUSBSTOR - ok

21:19:16.0996 2020        RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys

21:19:17.0012 2020        RTHDMIAzAudService - ok

21:19:17.0043 2020        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

21:19:17.0059 2020        SamSs - ok

21:19:17.0090 2020        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:19:17.0106 2020        sbp2port - ok

21:19:17.0121 2020        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

21:19:17.0184 2020        SCardSvr - ok

21:19:17.0199 2020        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:19:17.0262 2020        scfilter - ok

21:19:17.0324 2020        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

21:19:17.0386 2020        Schedule - ok

21:19:17.0418 2020        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

21:19:17.0464 2020        SCPolicySvc - ok

21:19:17.0496 2020        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

21:19:17.0527 2020        SDRSVC - ok

21:19:17.0589 2020        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:19:17.0636 2020        secdrv - ok

21:19:17.0667 2020        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

21:19:17.0714 2020        seclogon - ok

21:19:17.0776 2020        seehcri         (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys

21:19:17.0823 2020        seehcri - ok

21:19:17.0854 2020        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

21:19:17.0901 2020        SENS - ok

21:19:17.0917 2020        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

21:19:17.0964 2020        SensrSvc - ok

21:19:17.0979 2020        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:19:17.0995 2020        Serenum - ok

21:19:18.0026 2020        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:19:18.0057 2020        Serial - ok

21:19:18.0088 2020        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

21:19:18.0104 2020        sermouse - ok

21:19:18.0198 2020        ServiceLayer    (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

21:19:18.0229 2020        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

21:19:18.0229 2020        ServiceLayer - detected UnsignedFile.Multi.Generic (1)

21:19:18.0260 2020        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

21:19:18.0322 2020        SessionEnv - ok

21:19:18.0354 2020        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:19:18.0369 2020        sffdisk - ok

21:19:18.0385 2020        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:19:18.0416 2020        sffp_mmc - ok

21:19:18.0432 2020        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

21:19:18.0447 2020        sffp_sd - ok

21:19:18.0463 2020        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

21:19:18.0494 2020        sfloppy - ok

21:19:18.0541 2020        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

21:19:18.0603 2020        SharedAccess - ok

21:19:18.0634 2020        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

21:19:18.0697 2020        ShellHWDetection - ok

21:19:18.0744 2020        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:19:18.0744 2020        SiSRaid2 - ok

21:19:18.0759 2020        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

21:19:18.0775 2020        SiSRaid4 - ok

21:19:18.0806 2020        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:19:18.0853 2020        Smb - ok

21:19:18.0900 2020        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

21:19:18.0931 2020        SNMPTRAP - ok

21:19:18.0931 2020        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:19:18.0946 2020        spldr - ok

21:19:18.0993 2020        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

21:19:19.0040 2020        Spooler - ok

21:19:19.0180 2020        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

21:19:19.0321 2020        sppsvc - ok

21:19:19.0414 2020        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

21:19:19.0461 2020        sppuinotify - ok

21:19:19.0586 2020        sptd            (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\System32\Drivers\sptd.sys

21:19:19.0617 2020        sptd - ok

21:19:19.0664 2020        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:19:19.0711 2020        srv - ok

21:19:19.0742 2020        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:19:19.0773 2020        srv2 - ok

21:19:19.0789 2020        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:19:19.0804 2020        srvnet - ok

21:19:19.0851 2020        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

21:19:19.0914 2020        SSDPSRV - ok

21:19:19.0929 2020        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

21:19:19.0976 2020        SstpSvc - ok

21:19:20.0038 2020        ssudmdm         (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys

21:19:20.0038 2020        ssudmdm - ok

21:19:20.0070 2020        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

21:19:20.0085 2020        stexstor - ok

21:19:20.0132 2020        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

21:19:20.0163 2020        stisvc - ok

21:19:20.0194 2020        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:19:20.0210 2020        swenum - ok

21:19:20.0241 2020        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

21:19:20.0304 2020        swprv - ok

21:19:20.0350 2020        SynTP           (ecb9097c86db32bf3940590e0e1792c3) C:\Windows\system32\DRIVERS\SynTP.sys

21:19:20.0366 2020        SynTP - ok

21:19:20.0444 2020        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

21:19:20.0506 2020        SysMain - ok

21:19:20.0616 2020        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

21:19:20.0647 2020        TabletInputService - ok

21:19:20.0678 2020        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

21:19:20.0740 2020        TapiSrv - ok

21:19:20.0772 2020        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

21:19:20.0834 2020        TBS - ok

21:19:21.0006 2020        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

21:19:21.0052 2020        Tcpip - ok

21:19:21.0208 2020        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

21:19:21.0271 2020        TCPIP6 - ok

21:19:21.0349 2020        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:19:21.0427 2020        tcpipreg - ok

21:19:21.0442 2020        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:19:21.0489 2020        TDPIPE - ok

21:19:21.0520 2020        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

21:19:21.0552 2020        TDTCP - ok

21:19:21.0614 2020        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:19:21.0661 2020        tdx - ok

21:19:21.0879 2020        TeamViewer6     (fe559178000347d2ca1b7847f0379749) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

21:19:21.0942 2020        TeamViewer6 - ok

21:19:22.0035 2020        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

21:19:22.0051 2020        TermDD - ok

21:19:22.0098 2020        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

21:19:22.0144 2020        TermService - ok

21:19:22.0207 2020        TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys

21:19:22.0222 2020        TFsExDisk - ok

21:19:22.0238 2020        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

21:19:22.0285 2020        Themes - ok

21:19:22.0300 2020        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

21:19:22.0363 2020        THREADORDER - ok

21:19:22.0378 2020        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

21:19:22.0441 2020        TrkWks - ok

21:19:22.0503 2020        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

21:19:22.0550 2020        TrustedInstaller - ok

21:19:22.0612 2020        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:19:22.0659 2020        tssecsrv - ok

21:19:22.0690 2020        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:19:22.0722 2020        TsUsbFlt - ok

21:19:22.0784 2020        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:19:22.0862 2020        tunnel - ok

21:19:22.0909 2020        TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys

21:19:22.0909 2020        TurboB - ok

21:19:23.0002 2020        TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

21:19:23.0018 2020        TurboBoost - ok

21:19:23.0049 2020        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

21:19:23.0065 2020        uagp35 - ok

21:19:23.0096 2020        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:19:23.0143 2020        udfs - ok

21:19:23.0174 2020        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

21:19:23.0190 2020        UI0Detect - ok

21:19:23.0221 2020        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:19:23.0221 2020        uliagpkx - ok

21:19:23.0268 2020        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

21:19:23.0283 2020        umbus - ok

21:19:23.0314 2020        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

21:19:23.0346 2020        UmPass - ok

21:19:23.0502 2020        UNS             (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

21:19:23.0564 2020        UNS - ok

21:19:23.0626 2020        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

21:19:23.0642 2020        Updater Service - ok

21:19:23.0767 2020        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

21:19:23.0829 2020        upnphost - ok

21:19:23.0860 2020        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:19:23.0876 2020        usbccgp - ok

21:19:23.0907 2020        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:19:23.0923 2020        usbcir - ok

21:19:23.0954 2020        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

21:19:23.0970 2020        usbehci - ok

21:19:24.0016 2020        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:19:24.0032 2020        usbhub - ok

21:19:24.0063 2020        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

21:19:24.0094 2020        usbohci - ok

21:19:24.0110 2020        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:19:24.0141 2020        usbprint - ok

21:19:24.0172 2020        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:19:24.0204 2020        USBSTOR - ok

21:19:24.0219 2020        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

21:19:24.0266 2020        usbuhci - ok

21:19:24.0328 2020        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

21:19:24.0344 2020        usbvideo - ok

21:19:24.0360 2020        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

21:19:24.0422 2020        UxSms - ok

21:19:24.0438 2020        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

21:19:24.0453 2020        VaultSvc - ok

21:19:24.0500 2020        VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys

21:19:24.0531 2020        VClone - ok

21:19:24.0609 2020        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:19:24.0625 2020        vdrvroot - ok

21:19:24.0656 2020        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

21:19:24.0718 2020        vds - ok

21:19:24.0781 2020        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:19:24.0796 2020        vga - ok

21:19:24.0796 2020        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:19:24.0859 2020        VgaSave - ok

21:19:24.0890 2020        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:19:24.0906 2020        vhdmp - ok

21:19:24.0937 2020        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:19:24.0937 2020        viaide - ok

21:19:24.0952 2020        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:19:24.0968 2020        volmgr - ok

21:19:24.0999 2020        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:19:25.0015 2020        volmgrx - ok

21:19:25.0046 2020        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:19:25.0062 2020        volsnap - ok

21:19:25.0108 2020        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

21:19:25.0124 2020        vsmraid - ok

21:19:25.0202 2020        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

21:19:25.0296 2020        VSS - ok

21:19:25.0389 2020        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:19:25.0420 2020        vwifibus - ok

21:19:25.0436 2020        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:19:25.0467 2020        vwififlt - ok

21:19:25.0514 2020        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

21:19:25.0561 2020        W32Time - ok

21:19:25.0576 2020        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

21:19:25.0592 2020        WacomPen - ok

21:19:25.0654 2020        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:19:25.0701 2020        WANARP - ok

21:19:25.0701 2020        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:19:25.0748 2020        Wanarpv6 - ok

21:19:25.0826 2020        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

21:19:25.0888 2020        wbengine - ok

21:19:25.0998 2020        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

21:19:26.0013 2020        WbioSrvc - ok

21:19:26.0044 2020        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

21:19:26.0076 2020        wcncsvc - ok

21:19:26.0091 2020        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

21:19:26.0122 2020        WcsPlugInService - ok

21:19:26.0138 2020        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

21:19:26.0154 2020        Wd - ok

21:19:26.0200 2020        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:19:26.0216 2020        Wdf01000 - ok

21:19:26.0232 2020        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

21:19:26.0310 2020        WdiServiceHost - ok

21:19:26.0325 2020        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

21:19:26.0341 2020        WdiSystemHost - ok

21:19:26.0372 2020        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

21:19:26.0403 2020        WebClient - ok

21:19:26.0434 2020        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

21:19:26.0497 2020        Wecsvc - ok

21:19:26.0512 2020        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

21:19:26.0575 2020        wercplsupport - ok

21:19:26.0622 2020        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

21:19:26.0684 2020        WerSvc - ok

21:19:26.0746 2020        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:19:26.0778 2020        WfpLwf - ok

21:19:26.0793 2020        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:19:26.0809 2020        WIMMount - ok

21:19:26.0856 2020        WinDefend - ok

21:19:26.0856 2020        WinHttpAutoProxySvc - ok

21:19:26.0902 2020        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

21:19:26.0949 2020        Winmgmt - ok

21:19:27.0043 2020        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

21:19:27.0152 2020        WinRM - ok

21:19:27.0292 2020        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

21:19:27.0324 2020        WinUsb - ok

21:19:27.0386 2020        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

21:19:27.0433 2020        Wlansvc - ok

21:19:27.0464 2020        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:19:27.0495 2020        WmiAcpi - ok

21:19:27.0542 2020        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

21:19:27.0573 2020        wmiApSrv - ok

21:19:27.0636 2020        WMPNetworkSvc - ok

21:19:27.0651 2020        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

21:19:27.0682 2020        WPCSvc - ok

21:19:27.0729 2020        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

21:19:27.0745 2020        WPDBusEnum - ok

21:19:27.0776 2020        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:19:27.0838 2020        ws2ifsl - ok

21:19:27.0870 2020        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

21:19:27.0916 2020        wscsvc - ok

21:19:27.0916 2020        WSearch - ok

21:19:28.0057 2020        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

21:19:28.0166 2020        wuauserv - ok

21:19:28.0260 2020        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:19:28.0291 2020        WudfPf - ok

21:19:28.0338 2020        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:19:28.0384 2020        WUDFRd - ok

21:19:28.0416 2020        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

21:19:28.0462 2020        wudfsvc - ok

21:19:28.0509 2020        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

21:19:28.0540 2020        WwanSvc - ok

21:19:28.0572 2020        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:19:28.0696 2020        \Device\Harddisk0\DR0 - ok

21:19:28.0712 2020        Boot (0x1200)   (7280bcacdaeae914bf382c60bde52bdc) \Device\Harddisk0\DR0\Partition0

21:19:28.0712 2020        \Device\Harddisk0\DR0\Partition0 - ok

21:19:28.0743 2020        Boot (0x1200)   (a804428cb31cf1432761dcb3d5be1c53) \Device\Harddisk0\DR0\Partition1

21:19:28.0743 2020        \Device\Harddisk0\DR0\Partition1 - ok

21:19:28.0743 2020        ============================================================

21:19:28.0743 2020        Scan finished

21:19:28.0743 2020        ============================================================

21:19:28.0759 4896        Detected object count: 2

21:19:28.0759 4896        Actual detected object count: 2

21:19:45.0763 4896        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:45.0763 4896        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:19:45.0763 4896        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

21:19:45.0763 4896        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

gruß
Brubbl

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hallo Cosinus,

combofix log:

Code:

ComboFix 12-05-12.01 - BiGBo 12.05.2012   7:54.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2711 [GMT 2:00]

ausgeführt von:: c:\users\BiGBo\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\packardbell.ico

c:\users\BiGBo\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\system32

c:\windows\SysWow64\system32\3DAudio.ax

c:\windows\SysWow64\system32\avrt.dll

c:\windows\SysWow64\system32\cis-2.4.dll

c:\windows\SysWow64\system32\issacapi_bs-2.3.dll

c:\windows\SysWow64\system32\issacapi_pe-2.3.dll

c:\windows\SysWow64\system32\issacapi_se-2.3.dll

c:\windows\SysWow64\system32\MACXMLProto.dll

c:\windows\SysWow64\system32\MaDRM.dll

c:\windows\SysWow64\system32\MaJGUILib.dll

c:\windows\SysWow64\system32\MAMACExtract.dll

c:\windows\SysWow64\system32\MASetupCleaner.exe

c:\windows\SysWow64\system32\MaXMLProto.dll

c:\windows\SysWow64\system32\mfplat.dll

c:\windows\SysWow64\system32\MK_Lyric.dll

c:\windows\SysWow64\system32\MSCLib.dll

c:\windows\SysWow64\system32\MSFLib.dll

c:\windows\SysWow64\system32\MSLUR71.dll

c:\windows\SysWow64\system32\msvcp60.dll

c:\windows\SysWow64\system32\MTTELECHIP.dll

c:\windows\SysWow64\system32\MTXSYNCICON.dll

c:\windows\SysWow64\system32\muzaf1.dll

c:\windows\SysWow64\system32\muzapp.dll

c:\windows\SysWow64\system32\muzapp.exe

c:\windows\SysWow64\system32\muzdecode.ax

c:\windows\SysWow64\system32\muzeffect.ax

c:\windows\SysWow64\system32\muzmp4sp.ax

c:\windows\SysWow64\system32\muzmpgsp.ax

c:\windows\SysWow64\system32\muzoggsp.ax

c:\windows\SysWow64\system32\muzwmts.dll

c:\windows\SysWow64\system32\psapi.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-12 bis 2012-05-12  ))))))))))))))))))))))))))))))

.

.

2012-05-12 05:59 . 2012-05-12 05:59        --------        d-----w-        c:\users\Public\AppData\Local\temp

2012-05-12 05:59 . 2012-05-12 05:59        --------        d-----w-        c:\users\Mcx1-BOSS\AppData\Local\temp

2012-05-12 05:59 . 2012-05-12 05:59        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-12 05:59 . 2012-05-12 05:59        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-05-12 05:35 . 2012-05-12 05:35        --------        d-----w-        c:\program files\Microsoft Silverlight

2012-05-12 05:35 . 2012-05-12 05:35        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2012-05-11 18:06 . 2012-04-13 08:46        8917360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCC24F8B-FC3E-4AA6-B89D-8232DA1ECD20}\mpengine.dll

2012-05-09 23:47 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll

2012-05-09 23:47 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-05-09 23:47 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-09 23:47 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys

2012-05-09 23:47 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 23:46 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 23:46 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys

2012-05-09 23:46 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-05-09 23:46 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 23:46 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 23:46 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 23:46 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 23:46 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-07 19:41 . 2012-05-07 19:41        --------        d-----w-        C:\_OTL

2012-04-29 18:41 . 2012-04-29 18:41        --------        d-----w-        c:\program files (x86)\ESET

2012-04-17 19:35 . 2012-04-17 19:35        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-04-17 19:34 . 2012-04-17 19:34        --------        d-----w-        c:\program files (x86)\Java

2012-04-13 10:39 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-04-13 10:39 . 2012-03-01 06:38        220672        ----a-w-        c:\windows\system32\wintrust.dll

2012-04-13 10:39 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll

2012-04-13 10:39 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-04-13 10:39 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll

2012-04-13 10:39 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll

2012-04-13 10:39 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-08 20:26 . 2012-02-11 18:54        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-08 20:26 . 2012-02-11 18:54        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-04-17 19:34 . 2010-05-17 06:47        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-04-04 13:56 . 2011-06-13 14:25        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-22 19:12 . 2012-03-22 19:12        4435968        ----a-w-        c:\windows\SysWow64\GPhotos.scr

2012-02-23 08:18 . 2010-02-02 19:00        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 13:36        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 13:36        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 13:36        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 13:36        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-02-14 10:09 . 2012-02-14 10:09        1070352        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-04 21416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]

"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-07-28 1507448]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-17 1157640]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-10-29 844320]

S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 3140424]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 19:15]

.

2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-21 19:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-10-29 822816]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-30 4042568]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0324z195f49k2y254

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\BiGBo\AppData\Roaming\Mozilla\Firefox\Profiles\7jk70tgz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3023812417-4257815622-3456056612-1001\Software\SecuROM\License information*]

"datasecu"=hex:48,6f,5c,b3,0f,7f,47,b0,b6,bb,bc,a8,fc,61,a8,42,a9,2d,5b,ff,99,

   56,55,21,34,7a,54,45,a5,c5,4c,ab,09,42,2c,78,43,4b,9c,1c,5b,fd,98,a3,d6,0f,\

"rkeysecu"=hex:5a,68,fa,fd,fc,5a,e0,5e,e2,c7,78,3a,a9,ad,59,19

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG14.00.00.01PROFESSIONAL"="CE07E804296CF4CD750EF3D158C3BD30B45187EFB2D10249A0ACBE680769878B93FB503EC4524D95F3C67AB626BE93024587B630AA5A4843127A4607E9E3AC949A82868BA9D65D765F999D0BCF261F3F70D56FE39988803894FCE8AD2B4EC94D3F9F956FEE51BE47D0540D623AECAC212CF5A450CF86CDE2A0767D74AC2D778F15415B6E213E9D2317AD4BD43F259D2425051FBE1623E63F5B0D3371C02661F8E1340916403EB9E736BDAFFD2BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A2D97226D213B555A6171C11EC38DE3DD462524EF55F9B7883B0EAC3018C8E27941C706D86CCBB913DB0B9EC3CBF269C0F7B5ABA1FAE1ADC5AD6606A2DF97443B16E27C0234EFC16EAA93393D2AE484442559D0504CBAFF97F289801E4AB589132907B1912A848D17C58DF21A12E12F3ED92512ACB5E8187E95C0A431A70EB9AA8EEC58FADEC02B53EFD1CAA0A37B5ABB4E96FDC0266B3333540EE9E21E86755498AA16F328311281D7182F75496EEDD5D2838011634731CA235C835B00E86AFEC7A6EB7C22A64042A1C7606296CFB70D22B2B31DB6EECD595AC575E66A9090A11E5D19B64EE6A959C7B9B06172D9DBFA4E6113C0B8ED46895B1A525C1DAB2BA558BB3847EB599A14D245BDA91A2181B0562F1A13D616151CEDFFA472894C9097F3C3F0CE0B6E85BBABB631E6E6938C4CA399C17730B4C7F1166E9B7621C9CB3F75CE5023C7DD66E86FA251DE7F14973F199238611FE5557CF0A439B9A0EF86A4DE65AE9A5E8E278F6B154D59C029D531848DC0E5C083E30A3A39E4F64D83252ADE796FC962F128B75416B000F308A82819CE1FE82444ED6499FD76131BE21067001D4A46CD56D2D1021A68125EA6914137F92DD90254F0A9EFD8E925B5720908C679602683901D779D90878A9721A10D9738E657CEF110028D124DA9D0C9073A0E32067B00ADD7A060BD4B44B5C7B70820A3E821C3FE4DE0F4441E39A1D5525EB5578DCCE4B97F4B06715BA9B1174A462E94AD62A8024439D13508D559C550DD4ABEC1DAE55481F18B316C3924D6E8FEE4F22B7C7F4A53E458B806936F07D88E36C0C99A2528B437C4AEABB88215888C389772FF733CA52981545BD0AD4BB68C5312CF3E043031DC49BE5433E71A1D99EFBBF7AA124757750265506805885724B27630401FB5361FA27A22F53F7C042E39D368B90070C9B48CA2DEEAEDC525F698E8FD602A4A335CC85FB87D04130F61979D787F3EBF99CFE248ADC0D1A9CDCB8BD50AAC3B7A2B08ADF95099E2D6D9CE9AEE7C7DEB9ADCF9A66F0E6779AE30B761F09720E86FE642DF2D2A48DF1F95025716B59C92A19FBE1D92755AE3D2DFE832EE25708B3ED514C945DFDCE17DA9F3D88AD"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-05-12  08:06:50 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-05-12 06:06

.

Vor Suchlauf: 15 Verzeichnis(se), 166.607.368.192 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 166.257.328.128 Bytes frei

.

- - End Of File - - 95836CFC1982CAC8B3FD12828AB07A9D

mfg
brubbl

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

hi,

aswMBRLog:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-05-13 22:51:04

-----------------------------

22:51:04.479    OS Version: Windows x64 6.1.7601 Service Pack 1

22:51:04.479    Number of processors: 4 586 0x2502

22:51:04.479    ComputerName: BOSS  UserName: 

22:51:05.243    Initialize success

22:51:20.279    AVAST engine download error: 0

22:51:44.287    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:51:44.287    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3

22:51:44.303    Disk 0 MBR read successfully

22:51:44.303    Disk 0 MBR scan

22:51:44.303    Disk 0 Windows 7 default MBR code

22:51:44.303    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63

22:51:44.318    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 25173855

22:51:44.334    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       292850 MB offset 25382700

22:51:44.365    Disk 0 scanning C:\Windows\system32\drivers

22:51:50.574    Service scanning

22:52:10.261    Modules scanning

22:52:10.261    Disk 0 trace - called modules:

22:52:10.292    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

22:52:10.292    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057cc060]

22:52:10.308    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049df050]

22:52:10.308    Scan finished successfully

22:52:40.962    Disk 0 MBR has been saved successfully to "C:\Users\BiGBo\Desktop\MBR.dat"

22:52:40.993    The log file has been saved successfully to "C:\Users\BiGBo\Desktop\aswMBR.txt"

gruß
Brubbl

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hi,

soll ich eigentlich aswMBR fixen?

AntiSpyware Log:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 05/14/2012 at 11:53 PM
 

Application Version : 5.0.1148
 

Core Rules Database Version : 8593

Trace Rules Database Version: 6405
 

Scan type       : Complete Scan

Total Scan Time : 01:41:47
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 776

Memory threats detected   : 0

Registry items scanned    : 66579

Registry threats detected : 140

File items scanned        : 146026

File threats detected     : 4
 

PUP.MyWebSearch/FunWebProducts

        (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

        (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32

        (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib

        (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

        (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

        (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32

        (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib

        (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

        (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

        (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32

        (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib

        (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version

        (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

        (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32

        (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib

        (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version

        (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

        (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32

        (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib

        (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version

        (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

        (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32

        (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib

        (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version

        (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

        (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32

        (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib

        (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version

        (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

        (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32

        (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib

        (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version

        (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

        (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32

        (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib

        (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version

        (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

        (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32

        (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib

        (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

        (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

        (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32

        (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib

        (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version

        (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

        (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32

        (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib

        (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version

        (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

        (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32

        (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib

        (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version

        (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

        (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32

        (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib

        (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version

        (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

        (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32

        (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib

        (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version

        (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

        (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32

        (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib

        (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version

        (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

        (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32

        (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib

        (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version

        (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

        (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32

        (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib

        (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version

        (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

        (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32

        (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib

        (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version

        (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

        (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32

        (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib

        (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version

        (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

        (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32

        (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib

        (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version

        (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

        (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32

        (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib

        (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version

        (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

        (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32

        (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib

        (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version

        (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

        (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32

        (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib

        (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version

        (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

        (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32

        (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib

        (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version

        (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

        (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32

        (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib

        (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version

        (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

        (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32

        (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib

        (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

        (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

        (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32

        (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib

        (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version

        (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

        (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32

        (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib

        (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib

        (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version

        (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

        (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32

        (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib

        (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version

        (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

        (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32

        (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib

        (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version

        (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

        (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32

        (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib

        (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version

        (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

        (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32

        (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib

        (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
 

Adware.Tracking Cookie

        C:\Users\BiGBo\AppData\Roaming\Microsoft\Windows\Cookies\0D7HIMLH.txt [ /forum.usenext.de ]

        C:\Users\BiGBo\AppData\Roaming\Microsoft\Windows\Cookies\TQWT5BG7.txt [ /tracking.quisma.com ]

        accounts.google.com [ C:\USERS\BIGBO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.google.com [ C:\USERS\BIGBO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

AntiMalware Log:

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.15.01
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

BiGBo :: BOSS [Administrator]
 

15.05.2012 06:36:36

mbam-log-2012-05-15 (06-36-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 387594

Laufzeit: 41 Minute(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

gruß
Brubbl