Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 50 Euro Virus auf der Bildfläche im normalen Modus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.04.2012, 12:01   #1
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Hallo Leute,

auch mein Laptop ist mit einem Virus befallen. Immer wenn ich ihn im normalen Modus hochfahre, erscheint auf der Bildfläche der Hinweiß, dass mein Windowssystem zu stark mit infiziertem Material belastet ist. Um trotzdem fortzufahren soll ich 50 Euro überweisen. Wie werde ich diesen betrügerischen Plagegeist wieder los ?

Mit freundlichen Grüßen

Patrick

Ich habe mich in den weiteren Beiträgen über diesen Virus mal schlau gemacht und herausgefunden, dass ich als aller erstes einen OTL scann durchführen muss. Dies habe ich getan und hier sind die einzelnen Logfiles:

OTL :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.04.2012 12:28:58 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Patti\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 82,48% Memory free
7,96 Gb Paging File | 7,30 Gb Available in Paging File | 91,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,22 Gb Total Space | 33,17 Gb Free Space | 33,10% Space Free | Partition Type: NTFS
Drive D: | 149,92 Gb Total Space | 149,83 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 200,52 Gb Total Space | 200,41 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive F: | 0,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PATTI-PC | User Name: Patti | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.07 12:27:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Patti\Downloads\OTL (1).exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.10.28 04:38:16 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.07.06 19:18:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.02 14:53:15 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.11.12 03:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.10.29 20:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.10.08 03:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.16 00:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.11.21 13:16:02 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.07.06 19:18:36 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.06 19:18:36 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.28 05:11:46 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.28 04:03:40 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.08 03:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.07.29 15:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.08 11:42:52 | 000,144,896 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJMidi.sys -- (HDJMidi)
DRV:64bit: - [2009.07.08 11:42:46 | 000,152,064 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Packardbell | MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Packardbell | MSN
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Schnell-Startseite - COMPUTER BILD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Schnell-Startseite - COMPUTER BILD
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{4EF78312-B6A8-45AB-9B36-46DA11DD7AAB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{570E03A4-9170-4BFA-A218-196D3AE65025}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=17A7992A-1533-4A6C-AC3C-F2BF4292C90A&apn_sauid=2AE4DD1B-259B-4D12-8866-1B51F5332366&
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SKPT_deDE431
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Patti\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.02 14:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.02 14:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.02.10 21:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.24 22:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.24 22:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patti\AppData\Roaming\mozilla\Extensions
[2012.02.24 22:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.16 16:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Patti\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359E4F5A-1A40-464B-BD4A-2AF301A56293}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74C0E61E-0FEC-4924-B2EC-FB4B73049FF2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{B5930B6C-394C-4F34-85DE-B91485792E76} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7CCFEE34-03FB-C23C-F870-37E014257B93} - Java (Sun)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.06 20:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Patti\Documents\*.tmp files -> C:\Users\Patti\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.07 12:22:50 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.07 12:22:50 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.07 12:22:50 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.07 12:22:50 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.07 12:22:50 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.07 12:18:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.07 12:18:00 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 19:12:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000UA.job
[2012.03.25 19:12:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.25 11:04:54 | 092,621,341 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.03.24 23:06:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.24 22:30:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000Core.job
[2012.03.20 20:03:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 20:03:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 13:23:07 | 000,240,477 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.03.15 14:35:29 | 000,461,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 20:16:55 | 000,231,782 | ---- | M] () -- C:\Users\Patti\Documents\pussy.png
[2012.03.13 12:15:32 | 000,360,934 | ---- | M] () -- C:\Users\Patti\Documents\fing.PNG
[2012.03.13 12:13:02 | 000,604,314 | ---- | M] () -- C:\Users\Patti\Documents\finaly.png
[2012.03.13 12:10:15 | 000,114,264 | ---- | M] () -- C:\Users\Patti\Documents\ass1.png
[2012.03.13 12:07:37 | 000,123,825 | ---- | M] () -- C:\Users\Patti\Documents\kk.png
[2012.03.13 12:03:18 | 000,257,500 | ---- | M] () -- C:\Users\Patti\Documents\fff.png
[2012.03.13 11:59:30 | 000,348,374 | ---- | M] () -- C:\Users\Patti\Documents\face face face.png
[2012.03.13 11:56:48 | 000,116,085 | ---- | M] () -- C:\Users\Patti\Documents\pusy.PNG
[2012.03.13 11:56:11 | 003,235,972 | ---- | M] () -- C:\Users\Patti\Documents\so good.png
[2012.03.13 11:52:14 | 000,210,946 | ---- | M] () -- C:\Users\Patti\Documents\wet.png
[2012.03.13 11:43:11 | 000,338,563 | ---- | M] () -- C:\Users\Patti\Documents\001.png
[2012.03.13 11:31:55 | 000,551,490 | ---- | M] () -- C:\Users\Patti\Documents\tits.PNG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Patti\Documents\*.tmp files -> C:\Users\Patti\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.13 20:16:47 | 000,231,782 | ---- | C] () -- C:\Users\Patti\Documents\pussy.png
[2012.03.13 12:15:02 | 000,360,934 | ---- | C] () -- C:\Users\Patti\Documents\fing.PNG
[2012.03.13 12:12:27 | 000,604,314 | ---- | C] () -- C:\Users\Patti\Documents\finaly.png
[2012.03.13 12:09:51 | 000,114,264 | ---- | C] () -- C:\Users\Patti\Documents\ass1.png
[2012.03.13 12:07:18 | 000,123,825 | ---- | C] () -- C:\Users\Patti\Documents\kk.png
[2012.03.13 12:02:43 | 000,257,500 | ---- | C] () -- C:\Users\Patti\Documents\fff.png
[2012.03.13 11:58:57 | 000,348,374 | ---- | C] () -- C:\Users\Patti\Documents\face face face.png
[2012.03.13 11:56:21 | 000,116,085 | ---- | C] () -- C:\Users\Patti\Documents\pusy.PNG
[2012.03.13 11:54:31 | 003,235,972 | ---- | C] () -- C:\Users\Patti\Documents\so good.png
[2012.03.13 11:51:47 | 000,210,946 | ---- | C] () -- C:\Users\Patti\Documents\wet.png
[2012.03.13 11:42:35 | 000,338,563 | ---- | C] () -- C:\Users\Patti\Documents\001.png
[2012.03.13 11:31:47 | 000,551,490 | ---- | C] () -- C:\Users\Patti\Documents\tits.PNG
[2011.10.21 14:55:06 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{AB38E0A9-13F1-4BA6-8D18-B4B8003E8F13}
[2011.08.28 21:54:00 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{795018AA-FB94-4695-B8A1-6CC770702F3B}
[2011.08.28 03:01:36 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{B4080D65-9B23-4D29-A81E-851B3C0E8BF8}
[2011.08.25 00:07:25 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{75E42C81-80A3-46C5-9B43-A59B4122A8DB}
[2011.08.24 09:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{F6666340-F877-4140-ABEB-8E2D44790C71}
[2011.08.05 09:55:50 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{3AE4A35D-36FA-40FC-86FB-0BD23CD793CF}
[2011.07.31 17:19:54 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{F3051EDB-EAD0-4FF3-957F-32DD287A2736}
[2011.07.29 09:58:39 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{914AFC39-7FA3-441A-AB56-C309A9E7BF53}
[2011.05.20 22:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{26C2F5FA-A37B-46BB-A0F5-E4B42FDD87EC}
[2011.04.20 22:26:10 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.02 14:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.02 14:43:36 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.12.07 16:46:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010.12.07 16:05:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.02.10 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\AVG2012
[2011.09.13 20:18:52 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoft
[2011.07.15 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.12 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\FloodLightGames
[2012.01.26 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Need for Speed World
[2011.07.03 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\OpenOffice.org
[2011.06.18 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\PlayFirst
[2011.04.20 22:01:58 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\SNS
[2012.02.03 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\SoftGrid Client
[2011.11.17 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\toolplugin
[2011.04.20 22:27:01 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\TP
[2011.05.06 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\WildTangent
[2012.03.24 22:30:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000Core.job
[2012.03.25 19:12:05 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000UA.job
[2009.07.14 07:08:49 | 000,026,806 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(63).TXT
[2012.02.25 09:15:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.04.20 21:53:07 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.02 14:39:35 | 000,000,000 | ---D | M] -- C:\book
[2012.02.16 16:55:50 | 000,000,000 | ---D | M] -- C:\core
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.04.20 21:51:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.07 16:36:59 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.07 21:45:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.04.20 21:53:04 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.25 09:13:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.07 12:15:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.10 21:08:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.04.20 21:51:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.20 21:51:59 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.25 19:41:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.04.20 21:52:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.16 16:55:43 | 000,000,000 | ---D | M] -- C:\win32
[2012.04.07 12:18:00 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.09.14 03:18:16 | 000,353,304 | ---- | M] (Intel Corporation) MD5=F4F4CBC7F6C7CB940AA9F0AAF3EF1104 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
[2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.05.04 21:08:00 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.05.04 21:08:00 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.12.14 05:10:13 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011.05.04 21:08:00 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
 
< %USERPROFILE%\*.* >
[2009.08.28 17:28:54 | 000,004,972 | ---- | M] () -- C:\Users\Patti\EULA.txt
[2011.05.14 21:01:24 | 000,001,056 | ---- | M] () -- C:\Users\Patti\INSTALL.LOG
[2012.04.07 12:41:54 | 002,097,152 | -HS- | M] () -- C:\Users\Patti\ntuser.dat
[2012.04.07 12:41:54 | 000,262,144 | -HS- | M] () -- C:\Users\Patti\ntuser.dat.LOG1
[2011.04.20 21:52:08 | 000,000,000 | -HS- | M] () -- C:\Users\Patti\ntuser.dat.LOG2
[2011.04.21 00:10:51 | 000,065,536 | -HS- | M] () -- C:\Users\Patti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.04.21 00:10:51 | 000,524,288 | -HS- | M] () -- C:\Users\Patti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.04.21 00:10:51 | 000,524,288 | -HS- | M] () -- C:\Users\Patti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.05.30 18:22:53 | 000,065,536 | -HS- | M] () -- C:\Users\Patti\ntuser.dat{5e9b7546-8aca-11e0-b7c7-1c7508d6c8c7}.TM.blf
[2011.05.30 18:22:53 | 000,524,288 | -HS- | M] () -- C:\Users\Patti\ntuser.dat{5e9b7546-8aca-11e0-b7c7-1c7508d6c8c7}.TMContainer00000000000000000001.regtrans-ms
[2011.05.30 18:22:53 | 000,524,288 | -HS- | M] () -- C:\Users\Patti\ntuser.dat{5e9b7546-8aca-11e0-b7c7-1c7508d6c8c7}.TMContainer00000000000000000002.regtrans-ms
[2012.04.07 12:18:34 | 000,065,536 | -HS- | M] () -- C:\Users\Patti\ntuser.dat{eda8efb3-809a-11e1-b4f8-1c7508d6c8c7}.TM.blf
[2012.04.07 12:18:34 | 000,524,288 | -HS- | M] () -- C:\Users\Patti\ntuser.dat{eda8efb3-809a-11e1-b4f8-1c7508d6c8c7}.TMContainer00000000000000000001.regtrans-ms
[2012.04.07 12:18:34 | 000,524,288 | -HS- | M] () -- C:\Users\Patti\ntuser.dat{eda8efb3-809a-11e1-b4f8-1c7508d6c8c7}.TMContainer00000000000000000002.regtrans-ms
[2011.04.20 21:52:09 | 000,000,020 | -HS- | M] () -- C:\Users\Patti\ntuser.ini
[2001.05.24 19:59:30 | 000,162,304 | ---- | M] () -- C:\Users\Patti\UNWISE.EXE
[2001.05.24 20:00:14 | 000,006,855 | ---- | M] () -- C:\Users\Patti\UNWISE.INI
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

EXTRAS :OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.04.2012 12:28:59 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Patti\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 3,28 Gb Available Physical Memory | 82,48% Memory free
7,96 Gb Paging File | 7,30 Gb Available in Paging File | 91,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,22 Gb Total Space | 33,17 Gb Free Space | 33,10% Space Free | Partition Type: NTFS
Drive D: | 149,92 Gb Total Space | 149,83 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 200,52 Gb Total Space | 200,41 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive F: | 0,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PATTI-PC | User Name: Patti | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{03148a20-37c5-4966-a0af-13cf1040e10f}" = Nero 9 Essentials
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E8CA90A-DE80-453A-9BCF-46A605688DB5}" = DJ Control MP3 e2 Manual
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Studio_is1" = Free Studio version 5.1.1
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.10.722
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"toolplugin" = toolplugin
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2012 16:25:03 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error - 14.03.2012 16:25:04 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.03.2012 16:25:04 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3026
 
Error - 14.03.2012 16:25:04 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3026
 
Error - 14.03.2012 16:25:05 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.03.2012 16:25:05 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4040
 
Error - 14.03.2012 16:25:05 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4040
 
Error - 15.03.2012 01:24:57 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.03.2012 01:24:57 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32396244
 
Error - 15.03.2012 01:24:57 | Computer Name = Patti-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32396244
 
[ System Events ]
Error - 07.04.2012 06:39:30 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:40:02 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:40:02 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:40:02 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:41:30 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:41:30 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:41:30 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:42:08 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:42:08 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.04.2012 06:42:08 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---

MfG Patrick

Alt 07.04.2012, 19:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 07.04.2012, 22:09   #3
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Hier ist erstmal die LOG Datei des Malware scanns.
Den ESET Online Scanner werde ich nun durchführen und bei Beendigung posten.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Patti :: PATTI-PC [Administrator]

Schutz: Deaktiviert

07.04.2012 21:43:28
mbam-log-2012-04-07 (21-43-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403788
Laufzeit: 1 Stunde(n), 12 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 08.04.2012, 16:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2012, 16:55   #5
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Ja ich habe davor schon einmal einen Scann durchgeführt.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.07.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Patti :: PATTI-PC [Administrator]

Schutz: Deaktiviert

07.04.2012 13:39:10
mbam-log-2012-04-07 (13-39-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194140
Laufzeit: 2 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.07.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Patti :: PATTI-PC [Administrator]

Schutz: Deaktiviert

07.04.2012 13:44:54
mbam-log-2012-04-07 (13-44-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406239
Laufzeit: 54 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Patti :: PATTI-PC [Administrator]

Schutz: Deaktiviert

07.04.2012 21:43:28
mbam-log-2012-04-07 (21-43-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403788
Laufzeit: 1 Stunde(n), 12 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Um es noch einmal übersichtlicher darzustellen, habe ich alle Datein nocheinmal als Code eingefügt

Hier ist die log.txt des ESET Online Scanners.

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
         


Alt 08.04.2012, 17:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



ESET hast du falsch ausgeführt. Du musst das hier beachten und umsetzen:

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
--> 50 Euro Virus auf der Bildfläche im normalen Modus

Alt 08.04.2012, 20:32   #7
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Ok hier ist noch die log von ESET als Admin ausgeführt.

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c3fb756d180677469a1d817bff923e9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-08 07:23:20
# local_time=2012-04-08 09:23:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 5011035 5011035 0 0
# compatibility_mode=1797 16775165 100 94 80327 70440165 9785 0
# compatibility_mode=5893 16776574 100 94 5023472 85538152 0 0
# compatibility_mode=8192 67108863 100 0 75046 75046 0 0
# scanned=240816
# found=6
# cleaned=0
# scan_time=4698
C:\Users\Patti\AppData\Local\Temp\miaC004.tmp\data\OFFLINE\E31D425C\5636D6BB\Launcher.exe	Win32/RegistryBooster Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\Patti\AppData\Local\Temp\miaC004.tmp\data\OFFLINE\E31D425C\5636D6BB\rbmonitor.exe	Win32/RegistryBooster Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\Patti\AppData\Local\Temp\miaC004.tmp\data\OFFLINE\E31D425C\5636D6BB\rbnotifier.exe	Win32/RegistryBooster Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\Patti\AppData\Local\Temp\miaC004.tmp\data\OFFLINE\E31D425C\5636D6BB\rb_move_serial.exe	Win32/RegistryBooster Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\Patti\AppData\Local\Temp\miaC004.tmp\data\OFFLINE\E31D425C\5636D6BB\rb_ubm.exe	Win32/RegistryBooster Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\Patti\AppData\Local\Temp\miaC004.tmp\data\OFFLINE\E31D425C\5636D6BB\registrybooster.exe	Win32/RegistryBooster Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
         

Alt 08.04.2012, 20:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Zitat:
C:\Users\Patti\AppData\Local\Temp\miaC004.tmp\data\OFFLINE\E31D425C\5636D6BB\registrybooster.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.04.2012, 08:47   #9
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Ja der normale Modus funktioniert wieder uneingeschränkt.
Nein im Startmenü ist alles wie vorher.
Ich habe auch noch eine Frage. Was hat das jetzt alles mit diesem Registry auf sich? Ich habe nie probiert da in irgend einer Art was zu löschen.

MfG

Patrick

Alt 09.04.2012, 16:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.04.2012, 19:34   #11
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Code:
ATTFilter
OTL logfile created on: 09.04.2012 20:16:38 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Patti\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,23% Memory free
7,96 Gb Paging File | 5,87 Gb Available in Paging File | 73,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,22 Gb Total Space | 35,90 Gb Free Space | 35,82% Space Free | Partition Type: NTFS
Drive D: | 149,92 Gb Total Space | 149,83 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 200,52 Gb Total Space | 200,41 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive F: | 0,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PATTI-PC | User Name: Patti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.07 12:23:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Patti\Downloads\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.07.06 19:18:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.11.12 03:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.10.28 04:38:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.07.06 19:18:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.02 14:53:15 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.12 03:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.10.29 20:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.10.08 03:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.16 00:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.11.21 13:16:02 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.10.07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.07.06 19:18:36 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.06 19:18:36 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.28 05:11:46 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.28 04:03:40 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.08 03:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.07.29 15:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.08 11:42:52 | 000,144,896 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJMidi.sys -- (HDJMidi)
DRV:64bit: - [2009.07.08 11:42:46 | 000,152,064 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\{4EF78312-B6A8-45AB-9B36-46DA11DD7AAB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\{570E03A4-9170-4BFA-A218-196D3AE65025}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=17A7992A-1533-4A6C-AC3C-F2BF4292C90A&apn_sauid=2AE4DD1B-259B-4D12-8866-1B51F5332366&
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SKPT_deDE431
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Patti\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.02 14:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.02 14:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.02.10 21:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.24 22:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.24 22:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patti\AppData\Roaming\mozilla\Extensions
[2012.02.24 22:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.16 16:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3661535951-269751760-632708229-1000..\Run: [Facebook Update] C:\Users\Patti\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-84AQR.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359E4F5A-1A40-464B-BD4A-2AF301A56293}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74C0E61E-0FEC-4924-B2EC-FB4B73049FF2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{B5930B6C-394C-4F34-85DE-B91485792E76} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7CCFEE34-03FB-C23C-F870-37E014257B93} - Java (Sun)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi6 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.08 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Local\Apps
[2012.04.07 23:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.07 21:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE 
[2012.04.07 13:37:32 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Roaming\Malwarebytes
[2012.04.07 13:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.07 13:37:25 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.07 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.07 13:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.06 20:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Patti\Documents\*.tmp files -> C:\Users\Patti\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.09 20:15:06 | 094,259,061 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.04.09 20:14:19 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.09 20:12:55 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.09 20:12:55 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.09 20:12:55 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.09 20:12:55 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.09 20:12:55 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.09 20:11:24 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.09 20:11:24 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000UA.job
[2012.04.09 20:11:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.08 21:30:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000Core.job
[2012.04.08 17:53:44 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.08 17:53:44 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 21:42:02 | 000,709,968 | ---- | M] () -- C:\Windows\is-84AQR.exe
[2012.04.07 21:42:02 | 000,012,782 | ---- | M] () -- C:\Windows\is-84AQR.msg
[2012.04.07 21:42:02 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.07 21:42:02 | 000,000,441 | ---- | M] () -- C:\Windows\is-84AQR.lst
[2012.04.07 21:40:33 | 000,255,966 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.04.07 15:21:07 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.07 14:53:20 | 000,000,000 | -H-- | M] () -- C:\Users\Patti\Documents\Default.rdp
[2012.03.15 14:35:29 | 000,461,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Patti\Documents\*.tmp files -> C:\Users\Patti\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.07 21:42:02 | 000,709,968 | ---- | C] () -- C:\Windows\is-84AQR.exe
[2012.04.07 21:42:02 | 000,012,782 | ---- | C] () -- C:\Windows\is-84AQR.msg
[2012.04.07 21:42:02 | 000,000,441 | ---- | C] () -- C:\Windows\is-84AQR.lst
[2012.04.07 14:53:20 | 000,000,000 | -H-- | C] () -- C:\Users\Patti\Documents\Default.rdp
[2012.04.07 13:37:26 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.10.21 14:55:06 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{AB38E0A9-13F1-4BA6-8D18-B4B8003E8F13}
[2011.08.28 21:54:00 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{795018AA-FB94-4695-B8A1-6CC770702F3B}
[2011.08.28 03:01:36 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{B4080D65-9B23-4D29-A81E-851B3C0E8BF8}
[2011.08.25 00:07:25 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{75E42C81-80A3-46C5-9B43-A59B4122A8DB}
[2011.08.24 09:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{F6666340-F877-4140-ABEB-8E2D44790C71}
[2011.08.05 09:55:50 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{3AE4A35D-36FA-40FC-86FB-0BD23CD793CF}
[2011.07.31 17:19:54 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{F3051EDB-EAD0-4FF3-957F-32DD287A2736}
[2011.07.29 09:58:39 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{914AFC39-7FA3-441A-AB56-C309A9E7BF53}
[2011.05.20 22:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Patti\AppData\Local\{26C2F5FA-A37B-46BB-A0F5-E4B42FDD87EC}
[2011.04.20 22:26:10 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.02 14:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.02 14:43:36 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.12.07 16:46:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010.12.07 16:05:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.02.10 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\AVG2012
[2011.09.13 20:18:52 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoft
[2011.07.15 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.12 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\FloodLightGames
[2012.01.26 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Need for Speed World
[2011.07.03 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\OpenOffice.org
[2011.06.18 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\PlayFirst
[2011.04.20 22:01:58 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\SNS
[2012.02.03 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\SoftGrid Client
[2011.11.17 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\toolplugin
[2011.04.20 22:27:01 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\TP
[2011.05.06 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\WildTangent
[2012.04.08 21:30:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000Core.job
[2012.04.09 20:11:24 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3661535951-269751760-632708229-1000UA.job
[2009.07.14 07:08:49 | 000,026,806 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(63).TXT
[2012.02.25 09:15:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.04 00:59:26 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Adobe
[2012.02.06 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Apple Computer
[2011.05.14 20:42:04 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\ATI
[2012.02.10 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\AVG2012
[2011.07.03 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Avira
[2011.05.09 16:24:49 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\CyberLink
[2011.09.13 20:18:52 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoft
[2011.07.15 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.12 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\FloodLightGames
[2011.05.12 16:24:15 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Google
[2011.04.20 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Identities
[2011.05.15 21:17:15 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\InstallShield
[2011.04.20 21:53:35 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Intel Corporation
[2011.04.20 21:53:25 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Macromedia
[2012.04.07 13:37:32 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Media Center Programs
[2012.02.24 07:45:19 | 000,000,000 | --SD | M] -- C:\Users\Patti\AppData\Roaming\Microsoft
[2012.02.24 22:35:37 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Mozilla
[2012.01.26 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Need for Speed World
[2011.08.13 14:53:47 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Nero
[2011.07.03 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\OpenOffice.org
[2011.06.18 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\PlayFirst
[2012.04.07 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Skype
[2011.04.20 22:01:58 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\SNS
[2012.02.03 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\SoftGrid Client
[2011.11.17 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\toolplugin
[2011.04.20 22:27:01 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\TP
[2011.05.06 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\WildTangent
[2012.02.01 11:01:57 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.12.02 22:20:58 | 008,197,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Patti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.09.14 03:18:16 | 000,353,304 | ---- | M] (Intel Corporation) MD5=F4F4CBC7F6C7CB940AA9F0AAF3EF1104 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
[2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 09.04.2012, 21:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\{570E03A4-9170-4BFA-A218-196D3AE65025}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=17A7992A-1533-4A6C-AC3C-F2BF4292C90A&apn_sauid=2AE4DD1B-259B-4D12-8866-1B51F5332366&
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\SearchScopes\Plasmoo: "URL" = http://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3661535951-269751760-632708229-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-3661535951-269751760-632708229-1000..\Run: [Facebook Update] C:\Users\Patti\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-84AQR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[2012.04.07 21:42:02 | 000,709,968 | ---- | C] () -- C:\Windows\is-84AQR.exe
[2012.04.07 21:42:02 | 000,012,782 | ---- | C] () -- C:\Windows\is-84AQR.msg
[2012.04.07 21:42:02 | 000,000,441 | ---- | C] () -- C:\Windows\is-84AQR.lst
:Files
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2012, 10:00   #13
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Hallo Arne,

ich bin deinen Anweisungen gefolgt und habe nochmals einen Logfile erhalten.


Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3661535951-269751760-632708229-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\SearchScopes\{570E03A4-9170-4BFA-A218-196D3AE65025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{570E03A4-9170-4BFA-A218-196D3AE65025}\ not found.
Registry key HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3661535951-269751760-632708229-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Patti\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 deleted successfully.
C:\Windows\is-84AQR.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File C:\Windows\is-84AQR.exe not found.
C:\Windows\is-84AQR.msg moved successfully.
C:\Windows\is-84AQR.lst moved successfully.
========== FILES ==========
C:\Program Files (x86)\ConduitEngine folder moved successfully.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Patti
->Temp folder emptied: 474292140 bytes
->Temporary Internet Files folder emptied: 7264241773 bytes
->Java cache emptied: 66046 bytes
->FireFox cache emptied: 42220855 bytes
->Flash cache emptied: 8200726 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155676291 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7.577,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Patti
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04102012_104915

Files\Folders moved on Reboot...
File\Folder C:\Users\Patti\AppData\Local\Temp\OICE_6F870C22-AF34-4F65-8481-8FE7AE245C2D.0\B259F483. not found!
File\Folder C:\Users\Patti\AppData\Local\Temp\OICE_3532AE2B-3A54-4522-A20E-02BAFC669563.0\47DDD7F2. not found!
C:\Users\Patti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Ist mein Computer nun wieder sauber?

Mit freundlichen Grüßen

Patrick

Alt 10.04.2012, 13:20   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2012, 15:13   #15
Patrick_
 
50 Euro Virus auf der Bildfläche im normalen Modus - Standard

50 Euro Virus auf der Bildfläche im normalen Modus



Ich habe alles durchgeführt. Muss jetzt aber den Log in 2 nachrichten senden, da er sonst die Zeichengrenze überschreitet.

MfG,

Patrick


Code:
ATTFilter
15:54:36.0318 8076	TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37
15:54:36.0614 8076	============================================================
15:54:36.0614 8076	Current date / time: 2012/04/10 15:54:36.0614
15:54:36.0614 8076	SystemInfo:
15:54:36.0614 8076	
15:54:36.0614 8076	OS Version: 6.1.7601 ServicePack: 1.0
15:54:36.0614 8076	Product type: Workstation
15:54:36.0614 8076	ComputerName: PATTI-PC
15:54:36.0614 8076	UserName: Patti
15:54:36.0614 8076	Windows directory: C:\Windows
15:54:36.0614 8076	System windows directory: C:\Windows
15:54:36.0614 8076	Running under WOW64
15:54:36.0614 8076	Processor architecture: Intel x64
15:54:36.0614 8076	Number of processors: 8
15:54:36.0614 8076	Page size: 0x1000
15:54:36.0614 8076	Boot type: Normal boot
15:54:36.0614 8076	============================================================
15:54:37.0363 8076	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:54:37.0363 8076	\Device\Harddisk0\DR0:
15:54:37.0363 8076	MBR used
15:54:37.0363 8076	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:54:37.0363 8076	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC86F000
15:54:37.0379 8076	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE6A2000, BlocksNum 0x12BD7000
15:54:37.0394 8076	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21279800, BlocksNum 0x1910C000
15:54:37.0488 8076	Initialize success
15:54:37.0488 8076	============================================================
15:54:39.0890 5992	============================================================
15:54:39.0890 5992	Scan started
15:54:39.0890 5992	Mode: Manual; 
15:54:39.0890 5992	============================================================
15:54:41.0388 5992	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:54:41.0403 5992	1394ohci - ok
15:54:41.0466 5992	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:54:41.0481 5992	ACPI - ok
15:54:41.0559 5992	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:54:41.0559 5992	AcpiPmi - ok
15:54:41.0669 5992	AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:54:41.0684 5992	AdobeActiveFileMonitor8.0 - ok
15:54:41.0793 5992	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:54:41.0809 5992	adp94xx - ok
15:54:41.0856 5992	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:54:41.0871 5992	adpahci - ok
15:54:41.0934 5992	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:54:41.0934 5992	adpu320 - ok
15:54:41.0996 5992	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:54:41.0996 5992	AeLookupSvc - ok
15:54:42.0105 5992	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:54:42.0121 5992	AFD - ok
15:54:42.0277 5992	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:54:42.0293 5992	agp440 - ok
15:54:42.0339 5992	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:54:42.0339 5992	ALG - ok
15:54:42.0449 5992	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:54:42.0449 5992	aliide - ok
15:54:42.0605 5992	AMD External Events Utility (9cb927e76d3f65a02741a4d9a690178c) C:\Windows\system32\atiesrxx.exe
15:54:42.0620 5992	AMD External Events Utility - ok
15:54:42.0667 5992	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:54:42.0667 5992	amdide - ok
15:54:42.0714 5992	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:54:42.0729 5992	AmdK8 - ok
15:54:42.0917 5992	amdkmdag        (b8660fb5431f136635fb6446ac67faae) C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:43.0166 5992	amdkmdag - ok
15:54:43.0244 5992	amdkmdap        (5fc9d833f726383d9d60205f5a3cf16b) C:\Windows\system32\DRIVERS\atikmpag.sys
15:54:43.0260 5992	amdkmdap - ok
15:54:43.0307 5992	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:54:43.0307 5992	AmdPPM - ok
15:54:43.0353 5992	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:54:43.0385 5992	amdsata - ok
15:54:43.0431 5992	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:54:43.0447 5992	amdsbs - ok
15:54:43.0494 5992	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:54:43.0494 5992	amdxata - ok
15:54:43.0634 5992	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:54:43.0634 5992	AntiVirSchedulerService - ok
15:54:43.0681 5992	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:54:43.0697 5992	AntiVirService - ok
15:54:43.0790 5992	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:54:43.0806 5992	AppID - ok
15:54:43.0837 5992	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:54:43.0853 5992	AppIDSvc - ok
15:54:43.0931 5992	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:54:43.0946 5992	Appinfo - ok
15:54:44.0133 5992	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:54:44.0133 5992	Apple Mobile Device - ok
15:54:44.0243 5992	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:54:44.0243 5992	arc - ok
15:54:44.0274 5992	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:54:44.0274 5992	arcsas - ok
15:54:44.0321 5992	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:44.0336 5992	AsyncMac - ok
15:54:44.0414 5992	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:54:44.0414 5992	atapi - ok
15:54:44.0539 5992	athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
15:54:44.0648 5992	athr - ok
15:54:44.0773 5992	AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
15:54:44.0789 5992	AtiHdmiService - ok
15:54:44.0882 5992	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:54:44.0898 5992	AudioEndpointBuilder - ok
15:54:44.0914 5992	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:54:44.0929 5992	AudioSrv - ok
15:54:45.0148 5992	AVGIDSAgent     (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:54:45.0272 5992	AVGIDSAgent - ok
15:54:45.0413 5992	AVGIDSDriver    (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:54:45.0428 5992	AVGIDSDriver - ok
15:54:45.0475 5992	AVGIDSEH        (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:54:45.0475 5992	AVGIDSEH - ok
15:54:45.0538 5992	AVGIDSFilter    (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:54:45.0538 5992	AVGIDSFilter - ok
15:54:45.0600 5992	Avgldx64        (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:54:45.0616 5992	Avgldx64 - ok
15:54:45.0631 5992	Avgmfx64        (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:54:45.0647 5992	Avgmfx64 - ok
15:54:45.0694 5992	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:54:45.0694 5992	avgntflt - ok
15:54:45.0756 5992	Avgrkx64        (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:54:45.0772 5992	Avgrkx64 - ok
15:54:45.0787 5992	Avgtdia         (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:54:45.0803 5992	Avgtdia - ok
15:54:45.0912 5992	avgwd           (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:54:45.0912 5992	avgwd - ok
15:54:46.0021 5992	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:54:46.0037 5992	avipbb - ok
15:54:46.0099 5992	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:54:46.0115 5992	AxInstSV - ok
15:54:46.0162 5992	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:54:46.0177 5992	b06bdrv - ok
15:54:46.0240 5992	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:54:46.0255 5992	b57nd60a - ok
15:54:46.0318 5992	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:54:46.0333 5992	BDESVC - ok
15:54:46.0380 5992	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:54:46.0380 5992	Beep - ok
15:54:46.0442 5992	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:54:46.0474 5992	BFE - ok
15:54:46.0536 5992	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:54:46.0567 5992	BITS - ok
15:54:46.0661 5992	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:54:46.0676 5992	blbdrive - ok
15:54:46.0770 5992	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:54:46.0801 5992	Bonjour Service - ok
15:54:46.0895 5992	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:54:46.0895 5992	bowser - ok
15:54:46.0942 5992	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:54:46.0957 5992	BrFiltLo - ok
15:54:46.0973 5992	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:54:46.0973 5992	BrFiltUp - ok
15:54:47.0020 5992	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:54:47.0035 5992	Browser - ok
15:54:47.0066 5992	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:54:47.0066 5992	Brserid - ok
15:54:47.0129 5992	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:54:47.0129 5992	BrSerWdm - ok
15:54:47.0160 5992	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:54:47.0160 5992	BrUsbMdm - ok
15:54:47.0176 5992	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:54:47.0176 5992	BrUsbSer - ok
15:54:47.0207 5992	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:54:47.0207 5992	BTHMODEM - ok
15:54:47.0269 5992	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:54:47.0269 5992	bthserv - ok
15:54:47.0332 5992	Bulk            (5f0fc7dfb1e46ab8da45cdc9b6ec5426) C:\Windows\system32\Drivers\HDJBulk.sys
15:54:47.0332 5992	Bulk - ok
15:54:47.0394 5992	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:54:47.0394 5992	cdfs - ok
15:54:47.0456 5992	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:54:47.0456 5992	cdrom - ok
15:54:47.0519 5992	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:54:47.0519 5992	CertPropSvc - ok
15:54:47.0581 5992	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:54:47.0581 5992	circlass - ok
15:54:47.0644 5992	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:54:47.0644 5992	CLFS - ok
15:54:47.0722 5992	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:47.0737 5992	clr_optimization_v2.0.50727_32 - ok
15:54:47.0815 5992	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:54:47.0831 5992	clr_optimization_v2.0.50727_64 - ok
15:54:47.0893 5992	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:47.0909 5992	clr_optimization_v4.0.30319_32 - ok
15:54:47.0940 5992	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:54:47.0940 5992	clr_optimization_v4.0.30319_64 - ok
15:54:48.0049 5992	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:54:48.0049 5992	CmBatt - ok
15:54:48.0112 5992	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:54:48.0112 5992	cmdide - ok
15:54:48.0190 5992	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:54:48.0205 5992	CNG - ok
15:54:48.0314 5992	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:54:48.0314 5992	Compbatt - ok
15:54:48.0408 5992	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:54:48.0424 5992	CompositeBus - ok
15:54:48.0439 5992	COMSysApp - ok
15:54:48.0486 5992	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:54:48.0486 5992	crcdisk - ok
15:54:48.0548 5992	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:54:48.0548 5992	CryptSvc - ok
15:54:48.0720 5992	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:54:48.0782 5992	cvhsvc - ok
15:54:48.0907 5992	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:54:48.0907 5992	DcomLaunch - ok
15:54:48.0954 5992	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:54:48.0954 5992	defragsvc - ok
15:54:49.0016 5992	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:54:49.0016 5992	DfsC - ok
15:54:49.0094 5992	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:54:49.0110 5992	Dhcp - ok
15:54:49.0141 5992	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:54:49.0141 5992	discache - ok
15:54:49.0204 5992	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:54:49.0204 5992	Disk - ok
15:54:49.0235 5992	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:54:49.0235 5992	Dnscache - ok
15:54:49.0282 5992	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:54:49.0297 5992	dot3svc - ok
15:54:49.0328 5992	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:54:49.0328 5992	DPS - ok
15:54:49.0375 5992	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:54:49.0391 5992	drmkaud - ok
15:54:49.0484 5992	DsiWMIService   (470f7f19188ab45463f8b612d6dde7c8) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:54:49.0500 5992	DsiWMIService - ok
15:54:49.0594 5992	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:54:49.0625 5992	DXGKrnl - ok
15:54:49.0656 5992	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:54:49.0672 5992	EapHost - ok
15:54:49.0765 5992	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:54:49.0874 5992	ebdrv - ok
15:54:49.0952 5992	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:54:49.0952 5992	EFS - ok
15:54:50.0062 5992	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:54:50.0093 5992	ehRecvr - ok
15:54:50.0124 5992	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:54:50.0140 5992	ehSched - ok
15:54:50.0218 5992	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:54:50.0233 5992	elxstor - ok
15:54:50.0327 5992	ePowerSvc       (8e12d885d17ec5fa4f52d2c6e953e285) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
15:54:50.0342 5992	ePowerSvc - ok
15:54:50.0436 5992	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:54:50.0452 5992	ErrDev - ok
15:54:50.0514 5992	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:54:50.0514 5992	EventSystem - ok
15:54:50.0576 5992	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:54:50.0576 5992	exfat - ok
15:54:50.0608 5992	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:54:50.0623 5992	fastfat - ok
15:54:50.0686 5992	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:54:50.0701 5992	Fax - ok
15:54:50.0764 5992	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:54:50.0764 5992	fdc - ok
15:54:50.0810 5992	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:54:50.0810 5992	fdPHost - ok
15:54:50.0826 5992	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:54:50.0826 5992	FDResPub - ok
15:54:50.0873 5992	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:54:50.0873 5992	FileInfo - ok
15:54:50.0888 5992	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:54:50.0904 5992	Filetrace - ok
15:54:50.0998 5992	FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:54:51.0060 5992	FLEXnet Licensing Service - ok
15:54:51.0154 5992	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:54:51.0154 5992	flpydisk - ok
15:54:51.0216 5992	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:54:51.0232 5992	FltMgr - ok
15:54:51.0294 5992	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:54:51.0325 5992	FontCache - ok
15:54:51.0466 5992	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:54:51.0497 5992	FontCache3.0.0.0 - ok
15:54:51.0559 5992	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:54:51.0559 5992	FsDepends - ok
15:54:51.0622 5992	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:54:51.0622 5992	Fs_Rec - ok
15:54:51.0700 5992	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:54:51.0715 5992	fvevol - ok
15:54:51.0762 5992	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:54:51.0762 5992	gagp30kx - ok
15:54:51.0871 5992	GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
15:54:51.0918 5992	GameConsoleService - ok
15:54:52.0027 5992	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:54:52.0043 5992	GEARAspiWDM - ok
15:54:52.0152 5992	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:54:52.0199 5992	gpsvc - ok
15:54:52.0292 5992	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
15:54:52.0292 5992	GREGService - ok
15:54:52.0417 5992	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:54:52.0417 5992	gupdate - ok
15:54:52.0464 5992	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:54:52.0464 5992	gupdatem - ok
15:54:52.0542 5992	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:54:52.0558 5992	hcw85cir - ok
15:54:52.0651 5992	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:54:52.0667 5992	HdAudAddService - ok
15:54:52.0760 5992	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:54:52.0760 5992	HDAudBus - ok
15:54:52.0823 5992	HDJMidi         (94a16341a2630d35d4495974a86ae842) C:\Windows\system32\DRIVERS\HDJMidi.sys
15:54:52.0823 5992	HDJMidi - ok
15:54:52.0885 5992	HerculesDJControlMP3 (4141c2cbd8d6c9f3f4004fe842c48e79) C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
15:54:52.0885 5992	HerculesDJControlMP3 - ok
15:54:52.0948 5992	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:54:52.0948 5992	HidBatt - ok
15:54:52.0994 5992	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:54:52.0994 5992	HidBth - ok
15:54:53.0057 5992	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:54:53.0057 5992	HidIr - ok
15:54:53.0104 5992	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:54:53.0119 5992	hidserv - ok
15:54:53.0182 5992	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:54:53.0182 5992	HidUsb - ok
15:54:53.0228 5992	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:54:53.0228 5992	hkmsvc - ok
15:54:53.0291 5992	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:54:53.0306 5992	HomeGroupListener - ok
15:54:53.0338 5992	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:54:53.0338 5992	HomeGroupProvider - ok
15:54:53.0400 5992	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:54:53.0400 5992	HpSAMD - ok
15:54:53.0478 5992	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:54:53.0509 5992	HTTP - ok
15:54:53.0556 5992	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:54:53.0556 5992	hwpolicy - ok
15:54:53.0634 5992	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:54:53.0634 5992	i8042prt - ok
15:54:53.0712 5992	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
15:54:53.0728 5992	iaStor - ok
15:54:53.0821 5992	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:54:53.0821 5992	IAStorDataMgrSvc - ok
15:54:53.0930 5992	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:54:53.0946 5992	iaStorV - ok
15:54:54.0040 5992	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:54:54.0102 5992	idsvc - ok
15:54:54.0180 5992	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:54:54.0196 5992	iirsp - ok
15:54:54.0274 5992	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:54:54.0305 5992	IKEEXT - ok
15:54:54.0398 5992	IntcAzAudAddService (f4c031439501f6c1d336a36d7cb58f4f) C:\Windows\system32\drivers\RTKVHD64.sys
15:54:54.0508 5992	IntcAzAudAddService - ok
15:54:54.0601 5992	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:54:54.0617 5992	intelide - ok
15:54:54.0679 5992	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:54:54.0679 5992	intelppm - ok
15:54:54.0726 5992	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:54:54.0742 5992	IPBusEnum - ok
15:54:54.0773 5992	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:54:54.0788 5992	IpFilterDriver - ok
15:54:54.0882 5992	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:54:54.0898 5992	iphlpsvc - ok
15:54:54.0944 5992	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:54:54.0944 5992	IPMIDRV - ok
15:54:55.0007 5992	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:54:55.0022 5992	IPNAT - ok
15:54:55.0100 5992	iPod Service    (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
15:54:55.0116 5992	iPod Service - ok
15:54:55.0210 5992	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:54:55.0225 5992	IRENUM - ok
15:54:55.0303 5992	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:54:55.0319 5992	isapnp - ok
15:54:55.0381 5992	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:54:55.0397 5992	iScsiPrt - ok
15:54:55.0475 5992	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:54:55.0475 5992	kbdclass - ok
15:54:55.0553 5992	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:54:55.0553 5992	kbdhid - ok
15:54:55.0615 5992	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:54:55.0615 5992	KeyIso - ok
15:54:55.0646 5992	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:54:55.0646 5992	KSecDD - ok
15:54:55.0693 5992	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:54:55.0724 5992	KSecPkg - ok
15:54:55.0756 5992	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:54:55.0771 5992	ksthunk - ok
15:54:55.0802 5992	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:54:55.0818 5992	KtmRm - ok
15:54:55.0865 5992	L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:54:55.0865 5992	L1C - ok
15:54:55.0927 5992	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:54:55.0943 5992	LanmanServer - ok
15:54:55.0974 5992	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:54:55.0990 5992	LanmanWorkstation - ok
15:54:56.0052 5992	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:54:56.0052 5992	lltdio - ok
15:54:56.0083 5992	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:54:56.0099 5992	lltdsvc - ok
15:54:56.0146 5992	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:54:56.0146 5992	lmhosts - ok
15:54:56.0239 5992	LMS             (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:54:56.0239 5992	LMS - ok
15:54:56.0333 5992	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:54:56.0348 5992	LSI_FC - ok
15:54:56.0380 5992	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:54:56.0395 5992	LSI_SAS - ok
15:54:56.0426 5992	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:54:56.0442 5992	LSI_SAS2 - ok
15:54:56.0473 5992	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:54:56.0489 5992	LSI_SCSI - ok
15:54:56.0536 5992	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:54:56.0551 5992	luafv - ok
15:54:56.0692 5992	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:54:56.0707 5992	MBAMProtector - ok
15:54:56.0848 5992	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:54:56.0863 5992	MBAMService - ok
15:54:56.0957 5992	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:54:56.0972 5992	Mcx2Svc - ok
15:54:57.0004 5992	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:54:57.0004 5992	megasas - ok
15:54:57.0066 5992	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:54:57.0066 5992	MegaSR - ok
15:54:57.0222 5992	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:54:57.0222 5992	MEIx64 - ok
15:54:57.0253 5992	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:54:57.0269 5992	MMCSS - ok
15:54:57.0300 5992	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:54:57.0300 5992	Modem - ok
15:54:57.0331 5992	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:54:57.0331 5992	monitor - ok
15:54:57.0409 5992	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:54:57.0409 5992	mouclass - ok
15:54:57.0440 5992	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:54:57.0456 5992	mouhid - ok
15:54:57.0503 5992	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:54:57.0503 5992	mountmgr - ok
15:54:57.0550 5992	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:54:57.0550 5992	mpio - ok
15:54:57.0581 5992	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:54:57.0581 5992	mpsdrv - ok
15:54:57.0643 5992	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:54:57.0674 5992	MpsSvc - ok
15:54:57.0721 5992	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:54:57.0721 5992	MRxDAV - ok
15:54:57.0768 5992	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:54:57.0784 5992	mrxsmb - ok
15:54:57.0815 5992	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:54:57.0830 5992	mrxsmb10 - ok
15:54:57.0862 5992	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:54:57.0877 5992	mrxsmb20 - ok
15:54:57.0908 5992	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:54:57.0908 5992	msahci - ok
15:54:57.0955 5992	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:54:57.0971 5992	msdsm - ok
15:54:58.0002 5992	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:54:58.0018 5992	MSDTC - ok
15:54:58.0049 5992	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:54:58.0049 5992	Msfs - ok
15:54:58.0080 5992	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:54:58.0096 5992	mshidkmdf - ok
15:54:58.0142 5992	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:54:58.0142 5992	msisadrv - ok
15:54:58.0189 5992	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:54:58.0189 5992	MSiSCSI - ok
15:54:58.0205 5992	msiserver - ok
15:54:58.0252 5992	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:54:58.0252 5992	MSKSSRV - ok
15:54:58.0298 5992	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:54:58.0298 5992	MSPCLOCK - ok
15:54:58.0314 5992	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:54:58.0314 5992	MSPQM - ok
15:54:58.0392 5992	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:54:58.0408 5992	MsRPC - ok
15:54:58.0470 5992	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:54:58.0486 5992	mssmbios - ok
15:54:58.0501 5992	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:54:58.0517 5992	MSTEE - ok
15:54:58.0532 5992	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:54:58.0532 5992	MTConfig - ok
15:54:58.0564 5992	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:54:58.0564 5992	Mup - ok
15:54:58.0626 5992	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:54:58.0642 5992	napagent - ok
15:54:58.0704 5992	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:54:58.0720 5992	NativeWifiP - ok
15:54:58.0798 5992	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:54:58.0829 5992	NDIS - ok
15:54:58.0922 5992	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:54:58.0938 5992	NdisCap - ok
15:54:58.0985 5992	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:54:59.0000 5992	NdisTapi - ok
15:54:59.0078 5992	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:54:59.0094 5992	Ndisuio - ok
15:54:59.0125 5992	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:54:59.0141 5992	NdisWan - ok
15:54:59.0172 5992	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:54:59.0188 5992	NDProxy - ok
15:54:59.0328 5992	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:54:59.0359 5992	Nero BackItUp Scheduler 4.0 - ok
15:54:59.0484 5992	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:54:59.0500 5992	NetBIOS - ok
15:54:59.0546 5992	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:54:59.0562 5992	NetBT - ok
15:54:59.0609 5992	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:54:59.0624 5992	Netlogon - ok
15:54:59.0718 5992	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:54:59.0718 5992	Netman - ok
15:54:59.0734 5992	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:54:59.0749 5992	netprofm - ok
15:54:59.0827 5992	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:54:59.0843 5992	NetTcpPortSharing - ok
15:54:59.0921 5992	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:54:59.0921 5992	nfrd960 - ok
15:54:59.0999 5992	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:55:00.0014 5992	NlaSvc - ok
15:55:00.0155 5992	NOBU            (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:55:00.0233 5992	NOBU - ok
15:55:00.0342 5992	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:55:00.0358 5992	Npfs - ok
15:55:00.0404 5992	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:55:00.0404 5992	nsi - ok
15:55:00.0420 5992	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:55:00.0420 5992	nsiproxy - ok
15:55:00.0498 5992	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:55:00.0592 5992	Ntfs - ok
15:55:00.0670 5992	NTI IScheduleSvc (8f59a2506af43f96f5397b3c79938ae9) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
15:55:00.0685 5992	NTI IScheduleSvc - ok
15:55:00.0779 5992	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
15:55:00.0779 5992	NTIDrvr - ok
15:55:00.0810 5992	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:55:00.0826 5992	Null - ok
15:55:00.0857 5992	nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:55:00.0872 5992	nusb3hub - ok
15:55:00.0919 5992	nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:55:00.0935 5992	nusb3xhc - ok
15:55:00.0982 5992	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:55:00.0997 5992	nvraid - ok
15:55:01.0013 5992	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:55:01.0028 5992	nvstor - ok
15:55:01.0075 5992	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:55:01.0091 5992	nv_agp - ok
15:55:01.0138 5992	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:55:01.0138 5992	ohci1394 - ok
15:55:01.0262 5992	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:55:01.0278 5992	ose - ok
15:55:01.0418 5992	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:55:01.0528 5992	osppsvc - ok
15:55:01.0621 5992	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:55:01.0637 5992	p2pimsvc - ok
15:55:01.0652 5992	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:55:01.0668 5992	p2psvc - ok
15:55:01.0699 5992	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:55:01.0715 5992	Parport - ok
15:55:01.0762 5992	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:55:01.0762 5992	partmgr - ok
15:55:01.0793 5992	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:55:01.0808 5992	PcaSvc - ok
15:55:01.0840 5992	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:55:01.0855 5992	pci - ok
15:55:01.0902 5992	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:55:01.0902 5992	pciide - ok
15:55:01.0949 5992	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:55:01.0949 5992	pcmcia - ok
15:55:01.0964 5992	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:55:01.0980 5992	pcw - ok
15:55:02.0105 5992	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:55:02.0183 5992	PEAUTH - ok
15:55:02.0354 5992	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:55:02.0354 5992	PerfHost - ok
15:55:02.0526 5992	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:55:02.0651 5992	pla - ok
15:55:02.0822 5992	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:55:02.0822 5992	PlugPlay - ok
15:55:02.0900 5992	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:55:02.0900 5992	PNRPAutoReg - ok
15:55:02.0932 5992	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:55:02.0932 5992	PNRPsvc - ok
15:55:03.0025 5992	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:55:03.0041 5992	PolicyAgent - ok
15:55:03.0072 5992	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:55:03.0088 5992	Power - ok
15:55:03.0150 5992	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:03.0150 5992	PptpMiniport - ok
15:55:03.0181 5992	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:55:03.0181 5992	Processor - ok
15:55:03.0228 5992	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:55:03.0244 5992	ProfSvc - ok
15:55:03.0290 5992	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:03.0290 5992	ProtectedStorage - ok
15:55:03.0462 5992	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:55:03.0462 5992	Psched - ok
15:55:03.0540 5992	PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
15:55:03.0556 5992	PxHlpa64 - ok
15:55:03.0712 5992	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:55:03.0743 5992	ql2300 - ok
15:55:03.0852 5992	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:55:03.0868 5992	ql40xx - ok
15:55:03.0930 5992	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:55:03.0930 5992	QWAVE - ok
15:55:03.0961 5992	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:55:03.0977 5992	QWAVEdrv - ok
15:55:04.0070 5992	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:04.0070 5992	RasAcd - ok
15:55:04.0133 5992	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:55:04.0148 5992	RasAgileVpn - ok
15:55:04.0273 5992	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:55:04.0273 5992	RasAuto - ok
15:55:04.0367 5992	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:04.0367 5992	Rasl2tp - ok
15:55:04.0429 5992	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:55:04.0445 5992	RasMan - ok
15:55:04.0476 5992	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:04.0476 5992	RasPppoe - ok
15:55:04.0492 5992	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:04.0492 5992	RasSstp - ok
15:55:04.0538 5992	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:04.0554 5992	rdbss - ok
15:55:04.0570 5992	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:55:04.0570 5992	rdpbus - ok
15:55:04.0601 5992	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:04.0601 5992	RDPCDD - ok
15:55:04.0632 5992	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:55:04.0648 5992	RDPENCDD - ok
15:55:04.0694 5992	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:55:04.0694 5992	RDPREFMP - ok
15:55:04.0741 5992	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:55:04.0741 5992	RDPWD - ok
15:55:04.0804 5992	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:55:04.0804 5992	rdyboost - ok
15:55:04.0835 5992	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:55:04.0835 5992	RemoteAccess - ok
15:55:04.0866 5992	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:55:04.0882 5992	RemoteRegistry - ok
15:55:04.0991 5992	RichVideo       (cc6943e37ff6b0daff4b2580b0bb9721) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
15:55:04.0991 5992	RichVideo - ok
15:55:05.0069 5992	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:55:05.0069 5992	RpcEptMapper - ok
15:55:05.0100 5992	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:55:05.0116 5992	RpcLocator - ok
15:55:05.0162 5992	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:55:05.0162 5992	RpcSs - ok
15:55:05.0209 5992	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:05.0225 5992	rspndr - ok
15:55:05.0272 5992	RSUSBSTOR       (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
15:55:05.0272 5992	RSUSBSTOR - ok
15:55:05.0303 5992	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:05.0303 5992	SamSs - ok
15:55:05.0350 5992	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:55:05.0350 5992	sbp2port - ok
15:55:05.0396 5992	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:55:05.0396 5992	SCardSvr - ok
15:55:05.0443 5992	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:55:05.0443 5992	scfilter - ok
15:55:05.0490 5992	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:55:05.0521 5992	Schedule - ok
15:55:05.0568 5992	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:55:05.0568 5992	SCPolicySvc - ok
15:55:05.0615 5992	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:55:05.0615 5992	SDRSVC - ok
15:55:05.0724 5992	SeaPort         (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:55:05.0740 5992	SeaPort - ok
15:55:05.0833 5992	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:55:05.0833 5992	secdrv - ok
15:55:05.0896 5992	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:55:05.0896 5992	seclogon - ok
15:55:05.0989 5992	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:55:05.0989 5992	SENS - ok
15:55:06.0020 5992	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:55:06.0020 5992	SensrSvc - ok
15:55:06.0067 5992	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:55:06.0067 5992	Serenum - ok
15:55:06.0114 5992	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:55:06.0114 5992	Serial - ok
15:55:06.0161 5992	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:55:06.0161 5992	sermouse - ok
15:55:06.0223 5992	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:55:06.0223 5992	SessionEnv - ok
15:55:06.0270 5992	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:55:06.0270 5992	sffdisk - ok
15:55:06.0286 5992	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:55:06.0286 5992	sffp_mmc - ok
15:55:06.0301 5992	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:55:06.0301 5992	sffp_sd - ok
15:55:06.0348 5992	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:55:06.0348 5992	sfloppy - ok
15:55:06.0426 5992	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:55:06.0442 5992	Sftfs - ok
15:55:06.0566 5992	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:55:06.0566 5992	sftlist - ok
15:55:06.0660 5992	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:55:06.0660 5992	Sftplay - ok
15:55:06.0691 5992	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:55:06.0691 5992	Sftredir - ok
15:55:06.0738 5992	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:55:06.0738 5992	Sftvol - ok
15:55:06.0863 5992	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:55:06.0863 5992	sftvsa - ok
15:55:06.0972 5992	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:55:06.0988 5992	SharedAccess - ok
15:55:07.0034 5992	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:55:07.0034 5992	ShellHWDetection - ok
15:55:07.0097 5992	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:55:07.0097 5992	SiSRaid2 - ok
15:55:07.0112 5992	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:55:07.0112 5992	SiSRaid4 - ok
15:55:07.0159 5992	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:55:07.0159 5992	Smb - ok
15:55:07.0268 5992	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:55:07.0268 5992	SNMPTRAP - ok
15:55:07.0300 5992	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:55:07.0300 5992	spldr - ok
15:55:07.0346 5992	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:55:07.0362 5992	Spooler - ok
15:55:07.0456 5992	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:55:07.0534 5992	sppsvc - ok
15:55:07.0580 5992	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:55:07.0580 5992	sppuinotify - ok
15:55:07.0643 5992	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:55:07.0658 5992	srv - ok
15:55:07.0674 5992	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:55:07.0674 5992	srv2 - ok
15:55:07.0705 5992	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:07.0705 5992	srvnet - ok
15:55:07.0768 5992	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:55:07.0768 5992	SSDPSRV - ok
15:55:07.0814 5992	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:55:07.0814 5992	SstpSvc - ok
15:55:07.0846 5992	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:55:07.0846 5992	stexstor - ok
15:55:07.0908 5992	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:55:07.0924 5992	stisvc - ok
15:55:07.0955 5992	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:55:07.0970 5992	swenum - ok
15:55:08.0002 5992	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:55:08.0017 5992	swprv - ok
15:55:08.0095 5992	SynTP           (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
15:55:08.0126 5992	SynTP - ok
15:55:08.0204 5992	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:55:08.0251 5992	SysMain - ok
15:55:08.0314 5992	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:55:08.0314 5992	TabletInputService - ok
15:55:08.0392 5992	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:55:08.0407 5992	TapiSrv - ok
15:55:08.0454 5992	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:55:08.0454 5992	TBS - ok
15:55:08.0563 5992	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:55:08.0610 5992	Tcpip - ok
15:55:08.0688 5992	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:08.0704 5992	TCPIP6 - ok
15:55:08.0813 5992	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:55:08.0813 5992	tcpipreg - ok
15:55:08.0844 5992	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:55:08.0844 5992	TDPIPE - ok
15:55:08.0875 5992	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:55:08.0875 5992	TDTCP - ok
15:55:08.0922 5992	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:55:08.0922 5992	tdx - ok
15:55:09.0140 5992	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:55:09.0140 5992	TermDD - ok
15:55:09.0187 5992	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:55:09.0203 5992	TermService - ok
15:55:09.0234 5992	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:55:09.0234 5992	Themes - ok
15:55:09.0281 5992	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:55:09.0281 5992	THREADORDER - ok
15:55:09.0312 5992	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:55:09.0328 5992	TrkWks - ok
15:55:09.0359 5992	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:55:09.0374 5992	TrustedInstaller - ok
15:55:09.0421 5992	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:09.0421 5992	tssecsrv - ok
15:55:09.0468 5992	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:55:09.0468 5992	TsUsbFlt - ok
15:55:09.0530 5992	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:09.0530 5992	tunnel - ok
15:55:09.0593 5992	TurboB          (48743b69ea47c020a792d8649f753f44) C:\Windows\system32\DRIVERS\TurboB.sys
15:55:09.0593 5992	TurboB - ok
15:55:09.0671 5992	TurboBoost      (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:55:09.0686 5992	TurboBoost - ok
15:55:09.0764 5992	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:55:09.0764 5992	uagp35 - ok
15:55:09.0811 5992	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
15:55:09.0811 5992	UBHelper - ok
15:55:09.0874 5992	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:55:09.0874 5992	udfs - ok
15:55:09.0936 5992	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:55:09.0936 5992	UI0Detect - ok
15:55:10.0014 5992	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:55:10.0014 5992	uliagpkx - ok
15:55:10.0108 5992	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:55:10.0108 5992	umbus - ok
15:55:10.0186 5992	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:55:10.0186 5992	UmPass - ok
15:55:10.0326 5992	UNS             (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:55:10.0388 5992	UNS - ok
15:55:10.0466 5992	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
15:55:10.0466 5992	Updater Service - ok
15:55:10.0544 5992	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:55:10.0560 5992	upnphost - ok
15:55:10.0638 5992	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:55:10.0638 5992	USBAAPL64 - ok
15:55:10.0732 5992	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:55:10.0747 5992	usbaudio - ok
15:55:10.0778 5992	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:10.0794 5992	usbccgp - ok
15:55:10.0856 5992	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:55:10.0856 5992	usbcir - ok
15:55:10.0903 5992	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:55:10.0903 5992	usbehci - ok
15:55:10.0950 5992	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:10.0966 5992	usbhub - ok
15:55:11.0012 5992	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:55:11.0012 5992	usbohci - ok
15:55:11.0059 5992	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:11.0059 5992	usbprint - ok
15:55:11.0106 5992	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:55:11.0106 5992	usbscan - ok
15:55:11.0153 5992	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:11.0153 5992	USBSTOR - ok
15:55:11.0215 5992	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:55:11.0215 5992	usbuhci - ok
15:55:11.0293 5992	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:55:11.0293 5992	usbvideo - ok
15:55:11.0324 5992	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:55:11.0324 5992	UxSms - ok
15:55:11.0387 5992	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:11.0387 5992	VaultSvc - ok
15:55:11.0449 5992	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:55:11.0449 5992	vdrvroot - ok
15:55:11.0496 5992	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:55:11.0512 5992	vds - ok
15:55:11.0543 5992	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:11.0543 5992	vga - ok
15:55:11.0574 5992	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:55:11.0574 5992	VgaSave - ok
15:55:11.0605 5992	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:55:11.0621 5992	vhdmp - ok
15:55:11.0668 5992	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:55:11.0668 5992	viaide - ok
15:55:11.0730 5992	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:55:11.0730 5992	volmgr - ok
15:55:11.0777 5992	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:55:11.0777 5992	volmgrx - ok
15:55:11.0824 5992	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:55:11.0839 5992	volsnap - ok
15:55:11.0886 5992	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:55:11.0886 5992	vsmraid - ok
15:55:11.0964 5992	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:55:12.0011 5992	VSS - ok
15:55:12.0042 5992	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:55:12.0042 5992	vwifibus - ok
15:55:12.0104 5992	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:55:12.0104 5992	vwififlt - ok
15:55:12.0167 5992	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:55:12.0167 5992	vwifimp - ok
15:55:12.0229 5992	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:55:12.0229 5992	W32Time - ok
15:55:12.0260 5992	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:55:12.0260 5992	WacomPen - ok
15:55:12.0307 5992	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:12.0323 5992	WANARP - ok
15:55:12.0338 5992	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:12.0338 5992	Wanarpv6 - ok
15:55:12.0385 5992	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:55:12.0432 5992	wbengine - ok
15:55:12.0510 5992	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:55:12.0510 5992	WbioSrvc - ok
15:55:12.0572 5992	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:55:12.0572 5992	wcncsvc - ok
15:55:12.0604 5992	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:55:12.0604 5992	WcsPlugInService - ok
15:55:12.0650 5992	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:55:12.0650 5992	Wd - ok
15:55:12.0682 5992	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:55:12.0697 5992	Wdf01000 - ok
15:55:12.0744 5992	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:55:12.0744 5992	WdiServiceHost - ok
15:55:12.0744 5992	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:55:12.0744 5992	WdiSystemHost - ok
15:55:12.0806 5992	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:55:12.0806 5992	WebClient - ok
15:55:12.0838 5992	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:55:12.0838 5992	Wecsvc - ok
15:55:12.0884 5992	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:55:12.0884 5992	wercplsupport - ok
15:55:12.0931 5992	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:55:12.0931 5992	WerSvc - ok
15:55:12.0994 5992	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:55:12.0994 5992	WfpLwf - ok
15:55:13.0009 5992	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:55:13.0025 5992	WIMMount - ok
15:55:13.0072 5992	WinDefend - ok
15:55:13.0072 5992	WinHttpAutoProxySvc - ok
15:55:13.0165 5992	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:55:13.0165 5992	Winmgmt - ok
15:55:13.0243 5992	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:55:13.0306 5992	WinRM - ok
15:55:13.0446 5992	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:55:13.0446 5992	WinUsb - ok
15:55:13.0524 5992	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:55:13.0540 5992	Wlansvc - ok
15:55:13.0618 5992	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:55:13.0618 5992	wlcrasvc - ok
15:55:13.0727 5992	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:55:13.0774 5992	wlidsvc - ok
15:55:13.0883 5992	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:55:13.0883 5992	WmiAcpi - ok
15:55:13.0945 5992	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:55:13.0945 5992	wmiApSrv - ok
15:55:14.0039 5992	WMPNetworkSvc - ok
15:55:14.0117 5992	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:55:14.0132 5992	WPCSvc - ok
15:55:14.0195 5992	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:55:14.0195 5992	WPDBusEnum - ok
15:55:14.0226 5992	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:55:14.0226 5992	ws2ifsl - ok
15:55:14.0257 5992	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:55:14.0257 5992	wscsvc - ok
15:55:14.0273 5992	WSearch - ok
15:55:14.0366 5992	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:55:14.0429 5992	wuauserv - ok
15:55:14.0491 5992	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:55:14.0491 5992	WudfPf - ok
15:55:14.0616 5992	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:14.0616 5992	WUDFRd - ok
15:55:14.0663 5992	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:55:14.0663 5992	wudfsvc - ok
15:55:14.0710 5992	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:55:14.0710 5992	WwanSvc - ok
15:55:14.0772 5992	MBR (0x1B8)     (3e0a9b8449a315e0044be2adf3d12596) \Device\Harddisk0\DR0
15:55:14.0881 5992	\Device\Harddisk0\DR0 - ok
15:55:14.0897 5992	Boot (0x1200)   (77bcbadd2dc21499ee6a3a93d9db1d7f) \Device\Harddisk0\DR0\Partition0
15:55:14.0897 5992	\Device\Harddisk0\DR0\Partition0 - ok
15:55:14.0897 5992	Boot (0x1200)   (54305f69de0a90e9645487f204ca0c67) \Device\Harddisk0\DR0\Partition1
15:55:14.0897 5992	\Device\Harddisk0\DR0\Partition1 - ok
15:55:14.0912 5992	Boot (0x1200)   (af29ab554cc77fd6c4312ee23958b59f) \Device\Harddisk0\DR0\Partition2
15:55:14.0928 5992	\Device\Harddisk0\DR0\Partition2 - ok
15:55:14.0944 5992	Boot (0x1200)   (673c6646487a37c8fb49c1a9ea555f3b) \Device\Harddisk0\DR0\Partition3
15:55:14.0944 5992	\Device\Harddisk0\DR0\Partition3 - ok
15:55:14.0944 5992	============================================================
15:55:14.0944 5992	Scan finished
15:55:14.0944 5992	============================================================
15:55:14.0944 5112	Detected object count: 0
15:55:14.0944 5112	Actual detected object count: 0
15:55:27.0642 3772	============================================================
15:55:27.0642 3772	Scan started
15:55:27.0642 3772	Mode: Manual; SigCheck; TDLFS; 
15:55:27.0642 3772	============================================================
15:55:27.0907 3772	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:55:28.0016 3772	1394ohci - ok
15:55:28.0094 3772	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:55:28.0110 3772	ACPI - ok
15:55:28.0157 3772	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:55:28.0235 3772	AcpiPmi - ok
15:55:28.0344 3772	AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:55:28.0344 3772	AdobeActiveFileMonitor8.0 - ok
15:55:28.0422 3772	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:55:28.0438 3772	adp94xx - ok
15:55:28.0484 3772	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:55:28.0500 3772	adpahci - ok
15:55:28.0531 3772	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:55:28.0547 3772	adpu320 - ok
15:55:28.0594 3772	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:55:28.0734 3772	AeLookupSvc - ok
15:55:28.0828 3772	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:55:28.0874 3772	AFD - ok
15:55:28.0968 3772	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:55:28.0984 3772	agp440 - ok
15:55:29.0030 3772	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:55:29.0077 3772	ALG - ok
15:55:29.0155 3772	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:55:29.0155 3772	aliide - ok
15:55:29.0202 3772	AMD External Events Utility (9cb927e76d3f65a02741a4d9a690178c) C:\Windows\system32\atiesrxx.exe
15:55:29.0264 3772	AMD External Events Utility - ok
15:55:29.0342 3772	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:55:29.0342 3772	amdide - ok
15:55:29.0405 3772	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:55:29.0452 3772	AmdK8 - ok
15:55:29.0686 3772	amdkmdag        (b8660fb5431f136635fb6446ac67faae) C:\Windows\system32\DRIVERS\atikmdag.sys
15:55:29.0810 3772	amdkmdag - ok
15:55:29.0826 3772	amdkmdap        (5fc9d833f726383d9d60205f5a3cf16b) C:\Windows\system32\DRIVERS\atikmpag.sys
15:55:29.0873 3772	amdkmdap - ok
15:55:29.0951 3772	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:55:29.0966 3772	AmdPPM - ok
15:55:30.0029 3772	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:55:30.0044 3772	amdsata - ok
15:55:30.0091 3772	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:55:30.0107 3772	amdsbs - ok
15:55:30.0138 3772	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:55:30.0154 3772	amdxata - ok
15:55:30.0263 3772	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:55:30.0278 3772	AntiVirSchedulerService - ok
15:55:30.0325 3772	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:55:30.0325 3772	AntiVirService - ok
15:55:30.0419 3772	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:55:30.0590 3772	AppID - ok
15:55:30.0668 3772	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:55:30.0731 3772	AppIDSvc - ok
15:55:30.0762 3772	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:55:30.0840 3772	Appinfo - ok
15:55:30.0965 3772	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:55:30.0980 3772	Apple Mobile Device - ok
15:55:31.0058 3772	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:55:31.0074 3772	arc - ok
15:55:31.0105 3772	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:55:31.0105 3772	arcsas - ok
15:55:31.0152 3772	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:31.0199 3772	AsyncMac - ok
15:55:31.0277 3772	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:55:31.0277 3772	atapi - ok
15:55:31.0370 3772	athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
15:55:31.0417 3772	athr - ok
15:55:31.0448 3772	AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
15:55:31.0480 3772	AtiHdmiService - ok
15:55:31.0542 3772	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:31.0604 3772	AudioEndpointBuilder - ok
15:55:31.0636 3772	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:31.0682 3772	AudioSrv - ok
15:55:31.0870 3772	AVGIDSAgent     (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:55:31.0948 3772	AVGIDSAgent - ok
15:55:32.0057 3772	AVGIDSDriver    (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:55:32.0072 3772	AVGIDSDriver - ok
15:55:32.0119 3772	AVGIDSEH        (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:55:32.0119 3772	AVGIDSEH - ok
         

Antwort

Themen zu 50 Euro Virus auf der Bildfläche im normalen Modus
50 euro, 50 euro virus, belastet, conduit, diner dash, document, erschein, erscheint, euro, infiziertem, install.exe, laptop, launch, leute, limited.com/facebook, microsoft office word, modus, normale, normalen, nvstor.sys, packard bell, plagegeist, required, searchscopes, stark, usb 2.0, usb 3.0, version=1.0, virus, visual studio, windowssystem, wscript.exe



Ähnliche Themen: 50 Euro Virus auf der Bildfläche im normalen Modus


  1. BKA/AKM Virus, WinXP Laptop lässt sich weder im normalen noch in einem der abgesicherten Modi starten
    Log-Analyse und Auswertung - 08.01.2015 (7)
  2. PC friert im normalen Modus ein
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (9)
  3. Windows funktioniert nur noch im Abgesicherten Modus mit Netzwerkeingabe. Im normalen Modus hängt er sich nach ein par Minuten auf.
    Log-Analyse und Auswertung - 25.10.2014 (9)
  4. Weißer Bildschirm nach dem normalen Windowsstart und auch im abgesicherten Modus
    Log-Analyse und Auswertung - 30.05.2013 (23)
  5. GVU-Trojaner-win-xp-100-euro-kein-abgesicherter-modus
    Log-Analyse und Auswertung - 27.03.2013 (5)
  6. Computer gesperrt und ist weder im normalen noch im abgesicherten Modus zu verwenden!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (21)
  7. Neuer GVU Trojaner? Win XP, 100 Euro, 48 Stunden, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 31.12.2012 (16)
  8. Neuer GVU Trojaner? Win 7, 100 Euro, 48 Stunden, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (3)
  9. weiterer GVU Trojaner 100 Euro, 48h, trotz abgesicherten Modus
    Log-Analyse und Auswertung - 24.12.2012 (21)
  10. Win 7 Ukash (IAC) Virus Kein Zugriff mehr im normalen Modus mehr
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (63)
  11. Win7 Ukash Bundespolizei kein Zugriff mehr im normalen Modus
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (18)
  12. Windows Verschlüsselungs Trojaner eingefangen! Will in den normalen Modus kommen!
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)
  13. Windows 7 Pro gesperrt - 100 Euro- abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (17)
  14. [keygen] 50 Euro Virus - abgesicherter Modus funktioniert nicht!
    Mülltonne - 13.02.2012 (1)
  15. Virusbefall? Im normalen Modus nichts mehr möglich; Antivir sagt nichts
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (0)
  16. WinXP Trojaner befall, Bluescreen beim Booten im Normalen, sowie abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (7)
  17. Windows startet nicht mehr im normalen Modus...
    Plagegeister aller Art und deren Bekämpfung - 01.09.2009 (8)

Zum Thema 50 Euro Virus auf der Bildfläche im normalen Modus - Hallo Leute, auch mein Laptop ist mit einem Virus befallen. Immer wenn ich ihn im normalen Modus hochfahre, erscheint auf der Bildfläche der Hinweiß, dass mein Windowssystem zu stark mit - 50 Euro Virus auf der Bildfläche im normalen Modus...
Archiv
Du betrachtest: 50 Euro Virus auf der Bildfläche im normalen Modus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.