Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2013, 02:51   #1
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Hallo liebes Trojaner-Board Team, wie der Titel schon sagt habe ich mir anscheinend einen Virus oder ähnliches eingefangen :/. Ich hoffe ihr könnt mir helfen diesen schnellst möglich wieder zu beseitigen .

Alt 12.02.2013, 10:35   #2
aharonov
/// TB-Ausbilder
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld.


Aus deinem Anhang konnte ich die OTL.txt und die Extras.txt lesen, den Rest nicht. Kannst du die übrigen vorhandenen Logfiles bitte nochmals nachreichen.
Poste die Logfiles jeweils bitte direkt (innerhalb von code-tags) in den Thread und hänge sie nicht an.
__________________

__________________

Alt 12.02.2013, 13:39   #3
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Wow das ging ja schnell! Sorry wegen den Logfiles hier nochmal alle:

Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-12 13:32:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC44 931,51GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\awdiapod.sys


---- User code sections - GMER 2.0 ----

.reloc   C:\Windows\system32\services.exe [660] section is executable [0x4A8, 0xA0000020]                                                                                           0000000100052000
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                0000000075ba1401 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                  0000000075ba1419 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                0000000075ba1431 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                0000000075ba144a 2 bytes [BA, 75]
.text    ...                                                                                                                                                                        * 9
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                   0000000075ba14dd 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                            0000000075ba14f5 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                   0000000075ba150d 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                            0000000075ba1525 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                  0000000075ba153d 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                       0000000075ba1555 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                0000000075ba156d 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                  0000000075ba1585 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                     0000000075ba159d 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                  0000000075ba15b5 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                0000000075ba15cd 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                            0000000075ba16b2 2 bytes [BA, 75]
.text    D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                            0000000075ba16bd 2 bytes [BA, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                           00000000732f17fa 2 bytes [2F, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                       00000000732f1860 2 bytes [2F, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                     00000000732f1942 2 bytes [2F, 73]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                    00000000732f194d 2 bytes [2F, 73]
.text    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2576] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                             0000000076fb87b1 5 bytes [33, C0, C2, 04, 00]

---- Threads - GMER 2.0 ----

Thread   C:\Windows\system32\services.exe [660:748]                                                                                                                                 00000000002a1e58
Thread   C:\Windows\system32\services.exe [660:852]                                                                                                                                 00000000002b1808
Thread   C:\Windows\system32\services.exe [660:860]                                                                                                                                 00000000002d4960
Thread   C:\Windows\system32\services.exe [660:872]                                                                                                                                 00000000002d4430
Thread   C:\Windows\system32\services.exe [660:876]                                                                                                                                 00000000002d8c50
Thread   C:\Windows\system32\services.exe [660:880]                                                                                                                                 00000000002d4060
---- Processes - GMER 2.0 ----

Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [596]                                                                000007fefdc10000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [956]                                                                000007fefdc10000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [156]                                                                000007fefdc10000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                000007fefdc10000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1164]                                                               000007fefdc10000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1408]                                                               000007fefdc10000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1744]  0000000072d00000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ D:\Hamachi\hamachi-2.exe [1812]                                                                      000007fefdc10000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2028]        0000000072d00000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ D:\Malwarebytes' Anti-Malware\mbamservice.exe [1204]                                                 0000000072d00000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrA.exe [1580]                                                              0000000072d00000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2108]                                     0000000072d00000
Library  \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2576]                                   0000000072d00000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2384]                                                               000007fefdc10000
Library  \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wermgr.exe [3944]                                                                000007fefdc10000

---- Files - GMER 2.0 ----

File     C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_865baacafd4cdab4043d973ba2fc413d746dc3_cab_067e92dc                                                       0 bytes
File     C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.3724.dmp                                                                                     0 bytes

---- EOF - GMER 2.0 ----
         


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.11.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: GAMING-PC [Administrator]

Schutz: Aktiviert

12.02.2013 00:56:39
MBAM-log-2013-02-12 (01-32-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395318
Laufzeit: 30 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Pascal\Desktop\Anderes Zeug\PerX\PerX.exe (HackTool.Agent) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000032.@ (Trojan.Clicker) -> Keine Aktion durchgeführt.

(Ende)
         



Code:
ATTFilter
OTL logfile created on: 12.02.2013 01:35:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,70 Gb Total Physical Memory | 5,60 Gb Available Physical Memory | 72,73% Memory free
15,40 Gb Paging File | 13,20 Gb Available in Paging File | 85,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 8,10 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive D: | 853,39 Gb Total Space | 794,27 Gb Free Space | 93,07% Space Free | Partition Type: NTFS
 
Computer Name: GAMING-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.02.07 14:03:31 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.26 20:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013.02.08 21:10:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll
MOD - [2013.02.08 21:10:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll
MOD - [2013.02.08 12:02:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.08 12:02:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.02.08 12:02:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.08 12:02:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.08 12:02:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.02.08 12:01:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.02.08 12:01:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.08 12:01:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.11 23:29:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.07 16:00:55 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.06 17:34:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.12 00:55:30 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.17 19:39:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.08 15:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 59 68 34 FF 02 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{B53D59EC-52C9-4e86-B240-F4C3220FAFBC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java2\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.04 19:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions
[2013.02.10 01:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions
[2013.02.10 01:29:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com
[2013.02.07 18:57:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\firefox\profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.06 17:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 17:34:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java2\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java2\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DDA3A0-17BC-4F24-A5C0-7CAC9B5427EF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956FAE59-CBA2-402C-AD51-E75D0A27FF5E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2b42becb-6f1f-11e2-9675-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2b42becb-6f1f-11e2-9675-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.12 00:35:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes
[2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 00:35:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.12 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs
[2013.02.11 23:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.02.11 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0
[2013.02.11 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Gordonsys_2.0
[2013.02.11 20:00:39 | 005,570,048 | ---- | C] (Gordonsys 2.0) -- C:\Users\Pascal\Desktop\Gordonsys 2.0.exe
[2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar
[2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\B1E
[2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Cross Fire
[2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\CFLog
[2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.02.10 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PMB Files
[2013.02.10 23:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.02.10 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.10 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\SCE
[2013.02.10 17:23:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\libimobiledevice
[2013.02.10 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PunkBuster
[2013.02.10 02:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Origin
[2013.02.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Origin
[2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.02.08 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net
[2013.02.07 21:39:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.02.07 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.07 17:49:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps
[2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.02.06 17:40:33 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.02.06 17:40:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.02.06 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.06 17:23:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\TP-LINK
[2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.02.06 17:18:24 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.02.06 17:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.02.05 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2013.02.05 21:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2013.02.05 21:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2013.02.05 20:38:20 | 000,000,000 | ---D | C] -- C:\Download
[2013.02.05 20:38:08 | 000,000,000 | ---D | C] -- C:\Nexon
[2013.02.05 20:38:07 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.02.05 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LogMeIn Hamachi
[2013.02.05 20:09:50 | 000,000,000 | ---D | C] -- C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
[2013.02.05 19:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2013.02.05 19:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2013.02.05 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Skype
[2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.05 17:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.05 17:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.05 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.05 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\World of Warcraft
[2013.02.05 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.05 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2013.02.05 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.02.05 16:21:06 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe
[2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.02.05 16:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.02.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.05 00:04:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.02.05 00:04:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.02.05 00:03:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.02.04 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\GTA San Andreas User Files
[2013.02.04 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.04 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Diagnostics
[2013.02.04 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Avira
[2013.02.04 19:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.04 19:57:53 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.04 19:57:53 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.04 19:57:53 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Apple Computer
[2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple Computer
[2013.02.04 19:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.04 19:38:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.04 19:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.04 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple
[2013.02.04 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.04 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.02.04 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Macromedia
[2013.02.04 19:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.02.04 19:21:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Mozilla
[2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Mozilla
[2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\ASRock
[2013.02.04 19:04:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe
[2013.02.04 18:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.02.04 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2013.02.04 18:39:08 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.02.04 18:39:08 | 001,491,456 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.02.04 18:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.02.04 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
[2013.02.04 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.02.04 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.02.04 18:30:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2013.02.04 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\DeviceVm
[2013.02.04 18:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.02.04 18:30:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso
[2013.02.04 18:30:18 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Cyberlink
[2013.02.04 18:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.02.04 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.02.04 18:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.02.04 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia
[2013.02.04 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe
[2013.02.04 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.02.04 18:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.02.04 18:27:55 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2013.02.04 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock
[2013.02.04 18:27:49 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013.02.04 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2013.02.04 18:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
[2013.02.04 18:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB
[2013.02.04 18:27:37 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys
[2013.02.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility
[2013.02.04 18:27:34 | 000,017,192 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2013.02.04 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2013.02.04 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2013.02.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Intel Corporation
[2013.02.04 18:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.02.04 18:25:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.04 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.02.04 18:23:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.02.04 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield
[2013.02.04 18:22:14 | 000,565,352 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.04 18:21:43 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.04 18:21:43 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.04 18:21:43 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.04 18:21:43 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.04 18:21:43 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.04 18:21:42 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.04 18:21:42 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.04 18:21:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.04 18:21:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.04 18:21:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.04 18:21:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.04 18:21:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.04 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.04 18:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.04 18:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.02.04 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.02.04 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.02.04 18:19:44 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.04 18:19:43 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.04 18:14:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.02.04 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.02.04 18:14:30 | 000,000,000 | ---D | C] -- C:\Intel
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.04 18:12:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities
[2013.02.04 18:12:15 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts
[2013.02.04 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore
[2013.02.04 18:12:06 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Videos
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Musik
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten
[2013.02.04 18:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.12 01:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable
[2013.02.12 01:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.12 01:03:25 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 01:03:25 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 01:02:24 | 001,618,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.12 01:02:24 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.12 01:02:24 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.12 01:02:24 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.12 01:02:24 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.12 00:55:44 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.12 00:55:30 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.02.12 00:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.12 00:55:20 | 1905,799,167 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 00:35:15 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.11 22:48:54 | 000,000,438 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.02.11 18:56:45 | 000,000,256 | ---- | M] () -- C:\aim
[2013.02.11 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.02.11 01:30:19 | 001,391,616 | ---- | M] () -- C:\Windows\Win.dll
[2013.02.10 23:58:34 | 000,000,708 | ---- | M] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk
[2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.10 01:09:11 | 000,000,524 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.02.09 01:07:02 | 000,007,605 | ---- | M] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg
[2013.02.08 17:22:11 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.02.08 11:54:39 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.08 11:39:08 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.07 16:24:06 | 000,000,202 | ---- | M] () -- C:\Users\Pascal\Desktop\Arctic Combat.url
[2013.02.07 15:58:34 | 000,000,538 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.06 17:22:42 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.02.06 17:18:20 | 000,000,527 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.05 21:28:22 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2013.02.05 20:38:08 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.02.05 20:38:07 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.02.05 19:12:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.02.05 17:39:56 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.05 17:30:23 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.02.05 16:20:58 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe
[2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.04 19:57:54 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.04 19:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.04 19:38:35 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.04 19:16:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.04 18:29:11 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.02.04 18:27:55 | 000,000,003 | ---- | M] () -- C:\Users\Pascal\AppData\Local\user_data.ini
[2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013.02.04 18:27:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.02.04 18:24:02 | 000,018,330 | ---- | M] () -- C:\Windows\SysNative\results.xml
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.12 01:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable
[2013.02.12 00:35:15 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.11 01:24:55 | 001,391,616 | ---- | C] () -- C:\Windows\Win.dll
[2013.02.11 00:11:12 | 000,000,256 | ---- | C] () -- C:\aim
[2013.02.10 23:58:34 | 000,000,708 | ---- | C] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk
[2013.02.10 02:25:34 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.10 02:16:22 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.10 02:16:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.10 01:09:11 | 000,000,524 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.02.09 01:07:02 | 000,007,605 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg
[2013.02.08 17:22:11 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.02.07 19:14:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.07 16:24:06 | 000,000,202 | ---- | C] () -- C:\Users\Pascal\Desktop\Arctic Combat.url
[2013.02.07 15:58:34 | 000,000,538 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.06 17:40:50 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.02.06 17:40:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.02.06 17:40:19 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.02.06 17:22:42 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.02.05 21:55:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.05 21:41:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.05 21:28:22 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2013.02.05 20:38:08 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.02.05 20:26:51 | 000,000,527 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.05 19:12:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.02.05 17:39:56 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.05 17:30:23 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.02.05 17:05:48 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.05 00:08:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.02.05 00:08:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.02.05 00:04:08 | 1905,799,167 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.04 19:57:54 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.04 19:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.04 19:38:35 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.04 19:38:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.02.04 19:21:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 19:16:38 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.04 19:16:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.04 18:39:08 | 000,137,691 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.02.04 18:39:08 | 000,007,756 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.02.04 18:30:36 | 000,001,404 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2013.02.04 18:29:12 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini
[2013.02.04 18:29:12 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini
[2013.02.04 18:29:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013.02.04 18:29:11 | 000,246,784 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.02.04 18:29:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.02.04 18:29:11 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.02.04 18:29:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.02.04 18:29:11 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.02.04 18:28:50 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2013.02.04 18:27:55 | 000,000,003 | ---- | C] () -- C:\Users\Pascal\AppData\Local\user_data.ini
[2013.02.04 18:27:20 | 000,034,752 | ---- | C] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.02.04 18:27:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.02.04 18:25:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.02.04 18:25:49 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.04 18:25:38 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.02.04 18:24:02 | 000,018,330 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.02.04 18:22:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.02.04 18:21:43 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.02.04 18:21:42 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.02.04 18:19:44 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2013.02.04 18:19:44 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2013.02.04 18:19:44 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2013.02.04 18:19:43 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin
[2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin
[2013.02.04 18:19:43 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2013.02.04 18:19:43 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013.02.04 18:19:43 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013.02.04 18:19:43 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013.02.04 18:12:29 | 000,001,409 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.02.04 18:12:26 | 000,001,443 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\@
[2013.02.12 00:55:23 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L
[2013.02.12 01:38:33 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U
[2013.02.12 00:55:23 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\00000004.@
[2013.02.12 00:54:40 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000004.@
[2013.02.12 00:54:41 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@
[2013.02.12 00:55:29 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@
[2013.02.12 00:54:40 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000000.@
[2013.02.12 00:54:41 | 000,083,456 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000064.@
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.02.12 00:55:23 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013.02.12 00:55:23 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.09 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2013.02.11 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar
[2013.02.04 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeviceVm
[2013.02.12 00:53:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0
[2013.02.10 01:12:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin
[2013.02.06 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TP-LINK
[2013.02.08 20:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 

< End of report >
         



Code:
ATTFilter
OTL Extras logfile created on: 12.02.2013 01:35:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,70 Gb Total Physical Memory | 5,60 Gb Available Physical Memory | 72,73% Memory free
15,40 Gb Paging File | 13,20 Gb Available in Paging File | 85,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 8,10 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive D: | 853,39 Gb Total Space | 794,27 Gb Free Space | 93,07% Space Free | Partition Type: NTFS
 
Computer Name: GAMING-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TP-LINK TL-WN851ND Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.248
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Avira AntiVir Desktop" = Avira Antivirus Premium
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms EU" = Combat Arms EU
"Crossfire Europe" = Crossfire Europe
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 212370" = Arctic Combat
"World of Warcraft" = World of Warcraft
"XFastUSB" = XFastUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2013 20:32:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0xc5c  Startzeit der fehlerhaften Anwendung: 0x01ce08b872203d7f  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: afdfd361-74ab-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:33:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0xe70  Startzeit der fehlerhaften Anwendung: 0x01ce08b89608b349  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: d3ba00ea-74ab-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:34:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: 80000032.@_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x50cb9164  Ausnahmecode: 0xc0000005  Fehleroffset: 0x012ab690
ID
 des fehlerhaften Prozesses: 0x928  Startzeit der fehlerhaften Anwendung: 0x01ce08b8b9e4b593
Pfad
 der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften
 Moduls: 80000032.@  Berichtskennung: f79d2755-74ab-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:35:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0xa38  Startzeit der fehlerhaften Anwendung: 0x01ce08b8ddc6baed  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 1b78088e-74ac-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:36:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0x3b0  Startzeit der fehlerhaften Anwendung: 0x01ce08b901a3d66e  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 3f57856f-74ac-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:37:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0x194  Startzeit der fehlerhaften Anwendung: 0x01ce08b925803e48  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 632cc928-74ac-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:38:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: 80000032.@_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x50cb9164  Ausnahmecode: 0xc0000005  Fehleroffset: 0x012ab690
ID
 des fehlerhaften Prozesses: 0x3f4  Startzeit der fehlerhaften Anwendung: 0x01ce08b949610353
Pfad
 der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften
 Moduls: 80000032.@  Berichtskennung: 8714b255-74ac-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:39:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0x524  Startzeit der fehlerhaften Anwendung: 0x01ce08b96d3e1ed4  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: aaeaa9b5-74ac-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:40:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0x888  Startzeit der fehlerhaften Anwendung: 0x01ce08b99112aedc  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: cec65ddd-74ac-11e2-9ab2-8c49cb21fc6b
 
Error - 11.02.2013 20:41:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x74bcc9f1  ID des fehlerhaften
 Prozesses: 0x420  Startzeit der fehlerhaften Anwendung: 0x01ce08b9b4f22bbd  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: f29eb69d-74ac-11e2-9ab2-8c49cb21fc6b
 
[ System Events ]
Error - 11.02.2013 18:54:44 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.02.2013 18:54:46 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.02.2013 18:54:46 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.02.2013 18:55:02 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.02.2013 18:55:02 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.02.2013 19:55:28 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.02.2013 19:55:30 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 11.02.2013 19:55:33 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.02.2013 19:56:00 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.02.2013 19:56:00 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
__________________

Alt 12.02.2013, 14:29   #4
aharonov
/// TB-Ausbilder
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Hallo Elmox und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
    • .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • .. installiere oder deinstalliere während der Bereinigung keine Software.
    • .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).
  • Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
    • Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
    • Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.
Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.



Da hast du dir das ZeroAccess Rootkit eingefangen..


Schritt 1

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan.
  • Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von TDSSKiller
__________________
cheers,
Leo

Alt 12.02.2013, 14:43   #5
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Code:
ATTFilter
14:41:52.0947 1296  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:41:53.0165 1296  ============================================================
14:41:53.0165 1296  Current date / time: 2013/02/12 14:41:53.0165
14:41:53.0165 1296  SystemInfo:
14:41:53.0165 1296  
14:41:53.0165 1296  OS Version: 6.1.7601 ServicePack: 1.0
14:41:53.0165 1296  Product type: Workstation
14:41:53.0165 1296  ComputerName: GAMING-PC
14:41:53.0165 1296  UserName: Pascal
14:41:53.0165 1296  Windows directory: C:\Windows
14:41:53.0165 1296  System windows directory: C:\Windows
14:41:53.0165 1296  Running under WOW64
14:41:53.0165 1296  Processor architecture: Intel x64
14:41:53.0165 1296  Number of processors: 4
14:41:53.0165 1296  Page size: 0x1000
14:41:53.0165 1296  Boot type: Normal boot
14:41:53.0165 1296  ============================================================
14:41:53.0571 1296  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:41:53.0851 1296  ============================================================
14:41:53.0851 1296  \Device\Harddisk0\DR0:
14:41:53.0851 1296  MBR partitions:
14:41:53.0851 1296  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:41:53.0851 1296  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0D800
14:41:53.0851 1296  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x6AAC6000
14:41:53.0851 1296  ============================================================
14:41:54.0101 1296  C: <-> \Device\Harddisk0\DR0\Partition2
14:41:54.0117 1296  D: <-> \Device\Harddisk0\DR0\Partition3
14:41:54.0117 1296  ============================================================
14:41:54.0117 1296  Initialize success
14:41:54.0117 1296  ============================================================
14:42:10.0091 2288  ============================================================
14:42:10.0091 2288  Scan started
14:42:10.0091 2288  Mode: Manual; 
14:42:10.0091 2288  ============================================================
14:42:10.0216 2288  ================ Scan system memory ========================
14:42:10.0216 2288  System memory - ok
14:42:10.0216 2288  ================ Scan services =============================
14:42:10.0309 2288  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:42:10.0309 2288  1394ohci - ok
14:42:10.0341 2288  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:42:10.0341 2288  ACPI - ok
14:42:10.0356 2288  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:42:10.0356 2288  AcpiPmi - ok
14:42:10.0403 2288  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:42:10.0419 2288  AdobeARMservice - ok
14:42:10.0497 2288  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:42:10.0512 2288  AdobeFlashPlayerUpdateSvc - ok
14:42:10.0543 2288  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:42:10.0559 2288  adp94xx - ok
14:42:10.0559 2288  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:42:10.0575 2288  adpahci - ok
14:42:10.0575 2288  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:42:10.0575 2288  adpu320 - ok
14:42:10.0606 2288  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:42:10.0606 2288  AeLookupSvc - ok
14:42:10.0637 2288  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:42:10.0653 2288  AFD - ok
14:42:10.0668 2288  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:42:10.0668 2288  agp440 - ok
14:42:10.0684 2288  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:42:10.0684 2288  ALG - ok
14:42:10.0699 2288  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:42:10.0699 2288  aliide - ok
14:42:10.0699 2288  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:42:10.0699 2288  amdide - ok
14:42:10.0715 2288  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:42:10.0715 2288  AmdK8 - ok
14:42:10.0715 2288  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:42:10.0715 2288  AmdPPM - ok
14:42:10.0731 2288  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:42:10.0731 2288  amdsata - ok
14:42:10.0746 2288  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:42:10.0746 2288  amdsbs - ok
14:42:10.0762 2288  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:42:10.0762 2288  amdxata - ok
14:42:10.0793 2288  [ B73EB5109193A4BACE8520B79DD77B25 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
14:42:10.0809 2288  AntiVirMailService - ok
14:42:10.0809 2288  [ 44E76CC89F7E38B3C31F000A4E566856 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:42:10.0824 2288  AntiVirSchedulerService - ok
14:42:10.0824 2288  [ 3FE1CDD4DCF5D42DDBD6F1A3F83B5D3A ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:42:10.0840 2288  AntiVirService - ok
14:42:10.0855 2288  [ 4B46FED191BEB6EAFED88DE90E97A7DB ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:42:10.0871 2288  AntiVirWebService - ok
14:42:10.0887 2288  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:42:10.0902 2288  AppID - ok
14:42:10.0902 2288  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:42:10.0902 2288  AppIDSvc - ok
14:42:10.0918 2288  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:42:10.0933 2288  Appinfo - ok
14:42:10.0965 2288  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:42:10.0965 2288  Apple Mobile Device - ok
14:42:10.0965 2288  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:42:10.0980 2288  arc - ok
14:42:10.0980 2288  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:42:10.0980 2288  arcsas - ok
14:42:11.0027 2288  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:42:11.0043 2288  aspnet_state - ok
14:42:11.0058 2288  [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
14:42:11.0058 2288  AsrAppCharger - ok
14:42:11.0074 2288  [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
14:42:11.0074 2288  AsrRamDisk - ok
14:42:11.0089 2288  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:11.0105 2288  AsyncMac - ok
14:42:11.0121 2288  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:42:11.0121 2288  atapi - ok
14:42:11.0167 2288  [ 7D89B0C443F6068E5B27AA3B972069FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:42:11.0183 2288  athr - ok
14:42:11.0214 2288  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:42:11.0230 2288  AudioEndpointBuilder - ok
14:42:11.0230 2288  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:42:11.0245 2288  AudioSrv - ok
14:42:11.0261 2288  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:42:11.0277 2288  avgntflt - ok
14:42:11.0292 2288  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:42:11.0292 2288  avipbb - ok
14:42:11.0308 2288  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:42:11.0308 2288  avkmgr - ok
14:42:11.0339 2288  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:42:11.0339 2288  AxInstSV - ok
14:42:11.0355 2288  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:42:11.0370 2288  b06bdrv - ok
14:42:11.0370 2288  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:42:11.0386 2288  b57nd60a - ok
14:42:11.0401 2288  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:42:11.0417 2288  BDESVC - ok
14:42:11.0417 2288  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:42:11.0417 2288  Beep - ok
14:42:11.0433 2288  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:11.0433 2288  blbdrive - ok
14:42:11.0448 2288  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:42:11.0448 2288  bowser - ok
14:42:11.0464 2288  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:42:11.0464 2288  BrFiltLo - ok
14:42:11.0464 2288  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:42:11.0464 2288  BrFiltUp - ok
14:42:11.0495 2288  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:42:11.0495 2288  Browser - ok
14:42:11.0511 2288  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:42:11.0526 2288  Brserid - ok
14:42:11.0526 2288  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:11.0526 2288  BrSerWdm - ok
14:42:11.0526 2288  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:11.0542 2288  BrUsbMdm - ok
14:42:11.0542 2288  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:11.0542 2288  BrUsbSer - ok
14:42:11.0542 2288  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:42:11.0557 2288  BTHMODEM - ok
14:42:11.0573 2288  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:42:11.0573 2288  bthserv - ok
14:42:11.0573 2288  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:42:11.0589 2288  cdfs - ok
14:42:11.0604 2288  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:42:11.0604 2288  cdrom - ok
14:42:11.0635 2288  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:42:11.0651 2288  CertPropSvc - ok
14:42:11.0651 2288  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:42:11.0651 2288  circlass - ok
14:42:11.0667 2288  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:42:11.0682 2288  CLFS - ok
14:42:11.0729 2288  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:11.0729 2288  clr_optimization_v2.0.50727_32 - ok
14:42:11.0745 2288  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:42:11.0760 2288  clr_optimization_v2.0.50727_64 - ok
14:42:11.0807 2288  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:42:11.0807 2288  clr_optimization_v4.0.30319_32 - ok
14:42:11.0823 2288  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:42:11.0838 2288  clr_optimization_v4.0.30319_64 - ok
14:42:11.0838 2288  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:42:11.0838 2288  CmBatt - ok
14:42:11.0869 2288  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:42:11.0869 2288  cmdide - ok
14:42:11.0901 2288  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
14:42:11.0916 2288  CNG - ok
14:42:11.0916 2288  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:42:11.0932 2288  Compbatt - ok
14:42:11.0947 2288  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:42:11.0947 2288  CompositeBus - ok
14:42:11.0963 2288  COMSysApp - ok
14:42:12.0041 2288  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:42:12.0041 2288  cphs - ok
14:42:12.0057 2288  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:42:12.0072 2288  crcdisk - ok
14:42:12.0088 2288  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:42:12.0103 2288  CryptSvc - ok
14:42:12.0119 2288  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:42:12.0135 2288  DcomLaunch - ok
14:42:12.0150 2288  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:42:12.0166 2288  defragsvc - ok
14:42:12.0181 2288  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:42:12.0181 2288  DfsC - ok
14:42:12.0197 2288  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:42:12.0213 2288  Dhcp - ok
14:42:12.0213 2288  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:42:12.0213 2288  discache - ok
14:42:12.0228 2288  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:42:12.0228 2288  Disk - ok
14:42:12.0244 2288  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:42:12.0259 2288  Dnscache - ok
14:42:12.0275 2288  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:42:12.0291 2288  dot3svc - ok
14:42:12.0306 2288  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:42:12.0306 2288  DPS - ok
14:42:12.0337 2288  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:42:12.0337 2288  drmkaud - ok
14:42:12.0369 2288  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:42:12.0384 2288  DXGKrnl - ok
14:42:12.0400 2288  EagleX64 - ok
14:42:12.0400 2288  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:42:12.0415 2288  EapHost - ok
14:42:12.0478 2288  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:42:12.0525 2288  ebdrv - ok
14:42:12.0540 2288  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:42:12.0540 2288  EFS - ok
14:42:12.0571 2288  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:42:12.0587 2288  ehRecvr - ok
14:42:12.0603 2288  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:42:12.0618 2288  ehSched - ok
14:42:12.0634 2288  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:42:12.0649 2288  elxstor - ok
14:42:12.0665 2288  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:42:12.0681 2288  ErrDev - ok
14:42:12.0696 2288  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:42:12.0712 2288  EventSystem - ok
14:42:12.0712 2288  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:42:12.0727 2288  exfat - ok
14:42:12.0790 2288  FairplayKD - ok
14:42:12.0790 2288  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:42:12.0805 2288  fastfat - ok
14:42:12.0837 2288  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:42:12.0837 2288  Fax - ok
14:42:12.0852 2288  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:42:12.0852 2288  fdc - ok
14:42:12.0868 2288  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:42:12.0868 2288  fdPHost - ok
14:42:12.0868 2288  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:42:12.0883 2288  FDResPub - ok
14:42:12.0883 2288  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:42:12.0883 2288  FileInfo - ok
14:42:12.0883 2288  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:42:12.0899 2288  Filetrace - ok
14:42:12.0899 2288  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:12.0899 2288  flpydisk - ok
14:42:12.0915 2288  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:42:12.0930 2288  FltMgr - ok
14:42:12.0946 2288  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
14:42:12.0946 2288  FNETURPX - ok
14:42:12.0977 2288  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:42:12.0993 2288  FontCache - ok
14:42:13.0039 2288  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:42:13.0039 2288  FontCache3.0.0.0 - ok
14:42:13.0039 2288  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:42:13.0055 2288  FsDepends - ok
14:42:13.0071 2288  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:42:13.0071 2288  Fs_Rec - ok
14:42:13.0086 2288  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:42:13.0102 2288  fvevol - ok
14:42:13.0102 2288  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:42:13.0102 2288  gagp30kx - ok
14:42:13.0117 2288  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:42:13.0117 2288  GEARAspiWDM - ok
14:42:13.0133 2288  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:42:13.0149 2288  gpsvc - ok
14:42:13.0180 2288  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
14:42:13.0180 2288  hamachi - ok
14:42:13.0211 2288  Hamachi2Svc - ok
14:42:13.0227 2288  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:42:13.0227 2288  hcw85cir - ok
14:42:13.0258 2288  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:42:13.0273 2288  HdAudAddService - ok
14:42:13.0289 2288  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:42:13.0289 2288  HDAudBus - ok
14:42:13.0289 2288  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:42:13.0289 2288  HidBatt - ok
14:42:13.0305 2288  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:42:13.0305 2288  HidBth - ok
14:42:13.0305 2288  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:42:13.0320 2288  HidIr - ok
14:42:13.0336 2288  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
14:42:13.0336 2288  hidserv - ok
14:42:13.0351 2288  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:42:13.0351 2288  HidUsb - ok
14:42:13.0367 2288  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:42:13.0383 2288  hkmsvc - ok
14:42:13.0383 2288  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:42:13.0398 2288  HomeGroupListener - ok
14:42:13.0414 2288  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:42:13.0429 2288  HomeGroupProvider - ok
14:42:13.0445 2288  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:42:13.0445 2288  HpSAMD - ok
14:42:13.0461 2288  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:42:13.0476 2288  HTTP - ok
14:42:13.0492 2288  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:42:13.0492 2288  hwpolicy - ok
14:42:13.0507 2288  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:42:13.0507 2288  i8042prt - ok
14:42:13.0539 2288  [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:42:13.0539 2288  iaStor - ok
14:42:13.0585 2288  [ 1F35EFEC56CD1BF62435EAF97EABC3B3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:42:13.0585 2288  IAStorDataMgrSvc - ok
14:42:13.0617 2288  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:42:13.0617 2288  iaStorV - ok
14:42:13.0648 2288  [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
14:42:13.0663 2288  ICCS - ok
14:42:13.0679 2288  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:42:13.0710 2288  idsvc - ok
14:42:13.0773 2288  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:42:13.0851 2288  igfx - ok
14:42:13.0866 2288  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:42:13.0866 2288  iirsp - ok
14:42:13.0897 2288  [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
14:42:13.0897 2288  ikbevent - ok
14:42:13.0929 2288  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:42:13.0944 2288  IKEEXT - ok
14:42:13.0960 2288  [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
14:42:13.0960 2288  imsevent - ok
14:42:14.0022 2288  [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:42:14.0038 2288  IntcAzAudAddService - ok
14:42:14.0069 2288  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:42:14.0069 2288  IntcDAud - ok
14:42:14.0116 2288  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:42:14.0131 2288  Intel(R) Capability Licensing Service Interface - ok
14:42:14.0178 2288  [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
14:42:14.0178 2288  Intel(R) ME Service - ok
14:42:14.0194 2288  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:42:14.0194 2288  intelide - ok
14:42:14.0194 2288  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:42:14.0194 2288  intelppm - ok
14:42:14.0225 2288  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:42:14.0225 2288  IPBusEnum - ok
14:42:14.0241 2288  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:14.0256 2288  IpFilterDriver - ok
14:42:14.0272 2288  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:42:14.0272 2288  IPMIDRV - ok
14:42:14.0287 2288  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:42:14.0287 2288  IPNAT - ok
14:42:14.0334 2288  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:42:14.0350 2288  iPod Service - ok
14:42:14.0350 2288  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:42:14.0350 2288  IRENUM - ok
14:42:14.0365 2288  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:42:14.0365 2288  isapnp - ok
14:42:14.0381 2288  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:42:14.0381 2288  iScsiPrt - ok
14:42:14.0412 2288  [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
14:42:14.0412 2288  ISCT - ok
14:42:14.0428 2288  [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
14:42:14.0443 2288  ISCTAgent - ok
14:42:14.0459 2288  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:42:14.0459 2288  iusb3hcs - ok
14:42:14.0490 2288  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
14:42:14.0490 2288  iusb3hub - ok
14:42:14.0521 2288  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:42:14.0537 2288  iusb3xhc - ok
14:42:14.0553 2288  [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:42:14.0568 2288  jhi_service - ok
14:42:14.0568 2288  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:42:14.0568 2288  kbdclass - ok
14:42:14.0599 2288  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:42:14.0599 2288  kbdhid - ok
14:42:14.0615 2288  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:42:14.0615 2288  KeyIso - ok
14:42:14.0662 2288  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:42:14.0677 2288  KMWDFILTER - ok
14:42:14.0693 2288  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:42:14.0709 2288  KSecDD - ok
14:42:14.0724 2288  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:42:14.0724 2288  KSecPkg - ok
14:42:14.0740 2288  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:42:14.0740 2288  ksthunk - ok
14:42:14.0755 2288  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:42:14.0771 2288  KtmRm - ok
14:42:14.0787 2288  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:42:14.0802 2288  LanmanServer - ok
14:42:14.0818 2288  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:42:14.0833 2288  LanmanWorkstation - ok
14:42:14.0833 2288  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:42:14.0833 2288  lltdio - ok
14:42:14.0865 2288  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:42:14.0865 2288  lltdsvc - ok
14:42:14.0880 2288  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:42:14.0880 2288  lmhosts - ok
14:42:14.0896 2288  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:42:14.0896 2288  LMS - ok
14:42:14.0911 2288  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:42:14.0911 2288  LSI_FC - ok
14:42:14.0911 2288  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:42:14.0927 2288  LSI_SAS - ok
14:42:14.0927 2288  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:42:14.0927 2288  LSI_SAS2 - ok
14:42:14.0943 2288  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:42:14.0943 2288  LSI_SCSI - ok
14:42:14.0958 2288  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:42:14.0958 2288  luafv - ok
14:42:14.0989 2288  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:42:15.0005 2288  MBAMProtector - ok
14:42:15.0036 2288  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:42:15.0036 2288  MBAMScheduler - ok
14:42:15.0067 2288  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     D:\Malwarebytes' Anti-Malware\mbamservice.exe
14:42:15.0067 2288  MBAMService - ok
14:42:15.0099 2288  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
14:42:15.0099 2288  MBfilt - ok
14:42:15.0130 2288  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:42:15.0130 2288  Mcx2Svc - ok
14:42:15.0130 2288  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:42:15.0145 2288  megasas - ok
14:42:15.0145 2288  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:42:15.0161 2288  MegaSR - ok
14:42:15.0177 2288  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:42:15.0177 2288  MEIx64 - ok
14:42:15.0192 2288  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:42:15.0208 2288  MMCSS - ok
14:42:15.0208 2288  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:42:15.0223 2288  Modem - ok
14:42:15.0223 2288  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:42:15.0223 2288  monitor - ok
14:42:15.0239 2288  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
14:42:15.0239 2288  mouclass - ok
14:42:15.0255 2288  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:42:15.0255 2288  mouhid - ok
14:42:15.0255 2288  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:42:15.0270 2288  mountmgr - ok
14:42:15.0301 2288  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:42:15.0317 2288  MozillaMaintenance - ok
14:42:15.0333 2288  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:42:15.0348 2288  mpio - ok
14:42:15.0348 2288  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:42:15.0364 2288  mpsdrv - ok
14:42:15.0379 2288  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:42:15.0379 2288  MRxDAV - ok
14:42:15.0411 2288  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:15.0411 2288  mrxsmb - ok
14:42:15.0426 2288  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:15.0442 2288  mrxsmb10 - ok
14:42:15.0457 2288  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:15.0457 2288  mrxsmb20 - ok
14:42:15.0473 2288  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:42:15.0489 2288  msahci - ok
14:42:15.0489 2288  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:42:15.0504 2288  msdsm - ok
14:42:15.0520 2288  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:42:15.0520 2288  MSDTC - ok
14:42:15.0535 2288  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:42:15.0535 2288  Msfs - ok
14:42:15.0551 2288  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:42:15.0551 2288  mshidkmdf - ok
14:42:15.0551 2288  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:42:15.0567 2288  msisadrv - ok
14:42:15.0582 2288  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:42:15.0582 2288  MSiSCSI - ok
14:42:15.0582 2288  msiserver - ok
14:42:15.0613 2288  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:42:15.0613 2288  MSKSSRV - ok
14:42:15.0613 2288  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:15.0613 2288  MSPCLOCK - ok
14:42:15.0613 2288  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:42:15.0629 2288  MSPQM - ok
14:42:15.0645 2288  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:42:15.0645 2288  MsRPC - ok
14:42:15.0676 2288  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:42:15.0676 2288  mssmbios - ok
14:42:15.0676 2288  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:42:15.0676 2288  MSTEE - ok
14:42:15.0676 2288  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:42:15.0691 2288  MTConfig - ok
14:42:15.0691 2288  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:42:15.0691 2288  Mup - ok
14:42:15.0707 2288  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:42:15.0723 2288  napagent - ok
14:42:15.0754 2288  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:42:15.0754 2288  NativeWifiP - ok
14:42:15.0801 2288  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:42:15.0801 2288  NDIS - ok
14:42:15.0816 2288  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:42:15.0816 2288  NdisCap - ok
14:42:15.0832 2288  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:15.0832 2288  NdisTapi - ok
14:42:15.0863 2288  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:15.0863 2288  Ndisuio - ok
14:42:15.0894 2288  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:15.0894 2288  NdisWan - ok
14:42:15.0910 2288  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:42:15.0910 2288  NDProxy - ok
14:42:15.0925 2288  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:42:15.0925 2288  NetBIOS - ok
14:42:15.0941 2288  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:42:15.0941 2288  NetBT - ok
14:42:15.0957 2288  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:42:15.0957 2288  Netlogon - ok
14:42:15.0988 2288  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:42:16.0003 2288  Netman - ok
14:42:16.0035 2288  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0035 2288  NetMsmqActivator - ok
14:42:16.0050 2288  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0050 2288  NetPipeActivator - ok
14:42:16.0066 2288  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:42:16.0066 2288  netprofm - ok
14:42:16.0081 2288  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0081 2288  NetTcpActivator - ok
14:42:16.0081 2288  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0081 2288  NetTcpPortSharing - ok
14:42:16.0097 2288  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:42:16.0097 2288  nfrd960 - ok
14:42:16.0113 2288  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:42:16.0113 2288  NlaSvc - ok
14:42:16.0128 2288  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:42:16.0128 2288  Npfs - ok
14:42:16.0128 2288  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:42:16.0144 2288  nsi - ok
14:42:16.0144 2288  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:42:16.0144 2288  nsiproxy - ok
14:42:16.0191 2288  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:42:16.0206 2288  Ntfs - ok
14:42:16.0222 2288  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:42:16.0222 2288  Null - ok
14:42:16.0237 2288  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:42:16.0237 2288  nvraid - ok
14:42:16.0253 2288  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:42:16.0269 2288  nvstor - ok
14:42:16.0269 2288  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:42:16.0269 2288  nv_agp - ok
14:42:16.0284 2288  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:42:16.0284 2288  ohci1394 - ok
14:42:16.0300 2288  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:42:16.0315 2288  p2pimsvc - ok
14:42:16.0331 2288  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:42:16.0347 2288  p2psvc - ok
14:42:16.0347 2288  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:42:16.0362 2288  Parport - ok
14:42:16.0378 2288  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:42:16.0393 2288  partmgr - ok
14:42:16.0409 2288  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:42:16.0409 2288  PcaSvc - ok
14:42:16.0425 2288  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:42:16.0440 2288  pci - ok
14:42:16.0440 2288  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:42:16.0456 2288  pciide - ok
14:42:16.0456 2288  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:42:16.0471 2288  pcmcia - ok
14:42:16.0487 2288  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:42:16.0487 2288  pcw - ok
14:42:16.0487 2288  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:42:16.0503 2288  PEAUTH - ok
14:42:16.0565 2288  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:42:16.0565 2288  PerfHost - ok
14:42:16.0612 2288  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:42:16.0643 2288  pla - ok
14:42:16.0674 2288  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:42:16.0690 2288  PlugPlay - ok
14:42:16.0705 2288  PnkBstrA - ok
14:42:16.0705 2288  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:42:16.0721 2288  PNRPAutoReg - ok
14:42:16.0721 2288  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:42:16.0721 2288  PNRPsvc - ok
14:42:16.0737 2288  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:42:16.0752 2288  PolicyAgent - ok
14:42:16.0768 2288  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:42:16.0768 2288  Power - ok
14:42:16.0783 2288  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:42:16.0783 2288  PptpMiniport - ok
14:42:16.0783 2288  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:42:16.0799 2288  Processor - ok
14:42:16.0815 2288  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:42:16.0830 2288  ProfSvc - ok
14:42:16.0830 2288  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:42:16.0830 2288  ProtectedStorage - ok
14:42:16.0861 2288  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:42:16.0861 2288  Psched - ok
14:42:16.0908 2288  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:42:16.0924 2288  ql2300 - ok
14:42:16.0924 2288  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:42:16.0939 2288  ql40xx - ok
14:42:16.0939 2288  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:42:16.0955 2288  QWAVE - ok
14:42:16.0955 2288  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:42:16.0955 2288  QWAVEdrv - ok
14:42:16.0971 2288  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:42:16.0971 2288  RasAcd - ok
14:42:16.0986 2288  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:42:17.0002 2288  RasAgileVpn - ok
14:42:17.0017 2288  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:42:17.0017 2288  RasAuto - ok
14:42:17.0033 2288  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:17.0033 2288  Rasl2tp - ok
14:42:17.0064 2288  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:42:17.0080 2288  RasMan - ok
14:42:17.0080 2288  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:17.0080 2288  RasPppoe - ok
14:42:17.0095 2288  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:42:17.0095 2288  RasSstp - ok
14:42:17.0111 2288  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:42:17.0111 2288  rdbss - ok
14:42:17.0127 2288  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:42:17.0127 2288  rdpbus - ok
14:42:17.0142 2288  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:17.0142 2288  RDPCDD - ok
14:42:17.0158 2288  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:42:17.0158 2288  RDPENCDD - ok
14:42:17.0158 2288  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:42:17.0158 2288  RDPREFMP - ok
14:42:17.0205 2288  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:42:17.0205 2288  RdpVideoMiniport - ok
14:42:17.0220 2288  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:42:17.0236 2288  RDPWD - ok
14:42:17.0251 2288  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:42:17.0267 2288  rdyboost - ok
14:42:17.0298 2288  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:42:17.0298 2288  RemoteAccess - ok
14:42:17.0314 2288  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:42:17.0329 2288  RemoteRegistry - ok
14:42:17.0329 2288  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:42:17.0345 2288  RpcEptMapper - ok
14:42:17.0345 2288  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:42:17.0361 2288  RpcLocator - ok
14:42:17.0376 2288  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:42:17.0376 2288  RpcSs - ok
14:42:17.0376 2288  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:42:17.0376 2288  rspndr - ok
14:42:17.0407 2288  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:42:17.0423 2288  RTL8167 - ok
14:42:17.0454 2288  [ 4CE333AC701C4BD2E3EFF721C0DB2526 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
14:42:17.0470 2288  RTL8192su - ok
14:42:17.0485 2288  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:42:17.0485 2288  SamSs - ok
14:42:17.0532 2288  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:42:17.0532 2288  sbp2port - ok
14:42:17.0548 2288  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:42:17.0563 2288  SCardSvr - ok
14:42:17.0579 2288  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:42:17.0595 2288  scfilter - ok
14:42:17.0626 2288  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:42:17.0641 2288  Schedule - ok
14:42:17.0657 2288  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:42:17.0657 2288  SCPolicySvc - ok
14:42:17.0657 2288  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:42:17.0673 2288  SDRSVC - ok
14:42:17.0673 2288  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:42:17.0673 2288  secdrv - ok
14:42:17.0688 2288  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:42:17.0704 2288  seclogon - ok
14:42:17.0704 2288  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:42:17.0719 2288  SENS - ok
14:42:17.0719 2288  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:42:17.0735 2288  SensrSvc - ok
14:42:17.0735 2288  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:42:17.0735 2288  Serenum - ok
14:42:17.0751 2288  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:42:17.0751 2288  Serial - ok
14:42:17.0766 2288  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:42:17.0766 2288  sermouse - ok
14:42:17.0797 2288  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:42:17.0797 2288  SessionEnv - ok
14:42:17.0813 2288  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:42:17.0829 2288  sffdisk - ok
14:42:17.0829 2288  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:42:17.0844 2288  sffp_mmc - ok
14:42:17.0844 2288  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:42:17.0844 2288  sffp_sd - ok
14:42:17.0860 2288  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:42:17.0860 2288  sfloppy - ok
14:42:17.0875 2288  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:42:17.0891 2288  ShellHWDetection - ok
14:42:17.0891 2288  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:42:17.0907 2288  SiSRaid2 - ok
14:42:17.0907 2288  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:42:17.0907 2288  SiSRaid4 - ok
14:42:17.0922 2288  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:42:17.0922 2288  Smb - ok
14:42:17.0938 2288  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:42:17.0938 2288  SNMPTRAP - ok
14:42:17.0953 2288  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:42:17.0953 2288  spldr - ok
14:42:17.0985 2288  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:42:18.0000 2288  Spooler - ok
14:42:18.0047 2288  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:42:18.0094 2288  sppsvc - ok
14:42:18.0094 2288  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:42:18.0094 2288  sppuinotify - ok
14:42:18.0125 2288  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:42:18.0125 2288  srv - ok
14:42:18.0141 2288  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:42:18.0156 2288  srv2 - ok
14:42:18.0172 2288  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:42:18.0187 2288  srvnet - ok
14:42:18.0187 2288  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:42:18.0203 2288  SSDPSRV - ok
14:42:18.0203 2288  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:42:18.0203 2288  SstpSvc - ok
14:42:18.0250 2288  Steam Client Service - ok
14:42:18.0265 2288  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:42:18.0265 2288  stexstor - ok
14:42:18.0297 2288  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:42:18.0312 2288  stisvc - ok
14:42:18.0312 2288  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:42:18.0328 2288  swenum - ok
14:42:18.0328 2288  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:42:18.0343 2288  swprv - ok
14:42:18.0390 2288  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:42:18.0421 2288  SysMain - ok
14:42:18.0421 2288  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:42:18.0437 2288  TabletInputService - ok
14:42:18.0453 2288  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:42:18.0453 2288  TapiSrv - ok
14:42:18.0468 2288  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:42:18.0468 2288  TBS - ok
14:42:18.0515 2288  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:42:18.0546 2288  Tcpip - ok
14:42:18.0577 2288  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:42:18.0593 2288  TCPIP6 - ok
14:42:18.0609 2288  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:42:18.0609 2288  tcpipreg - ok
14:42:18.0624 2288  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:42:18.0624 2288  TDPIPE - ok
14:42:18.0655 2288  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:42:18.0655 2288  TDTCP - ok
14:42:18.0687 2288  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:42:18.0687 2288  tdx - ok
14:42:18.0687 2288  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:42:18.0702 2288  TermDD - ok
14:42:18.0718 2288  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:42:18.0718 2288  TermService - ok
14:42:18.0733 2288  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:42:18.0733 2288  Themes - ok
14:42:18.0780 2288  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:42:18.0780 2288  THREADORDER - ok
14:42:18.0780 2288  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:42:18.0796 2288  TrkWks - ok
14:42:18.0827 2288  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:42:18.0827 2288  TrustedInstaller - ok
14:42:18.0843 2288  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:18.0843 2288  tssecsrv - ok
14:42:18.0874 2288  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:42:18.0874 2288  TsUsbFlt - ok
14:42:18.0905 2288  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:42:18.0921 2288  tunnel - ok
14:42:18.0921 2288  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:42:18.0936 2288  uagp35 - ok
14:42:18.0952 2288  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:42:18.0967 2288  udfs - ok
14:42:18.0983 2288  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:42:18.0983 2288  UI0Detect - ok
14:42:18.0999 2288  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:42:18.0999 2288  uliagpkx - ok
14:42:19.0014 2288  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:42:19.0030 2288  umbus - ok
14:42:19.0030 2288  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:42:19.0045 2288  UmPass - ok
14:42:19.0092 2288  [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:42:19.0108 2288  UNS - ok
14:42:19.0123 2288  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:42:19.0139 2288  upnphost - ok
14:42:19.0155 2288  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:42:19.0155 2288  USBAAPL64 - ok
14:42:19.0170 2288  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:19.0170 2288  usbccgp - ok
14:42:19.0186 2288  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:42:19.0201 2288  usbcir - ok
14:42:19.0217 2288  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:42:19.0217 2288  usbehci - ok
14:42:19.0217 2288  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:42:19.0233 2288  usbhub - ok
14:42:19.0233 2288  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:42:19.0233 2288  usbohci - ok
14:42:19.0248 2288  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:42:19.0248 2288  usbprint - ok
14:42:19.0248 2288  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
14:42:19.0264 2288  USBSTOR - ok
14:42:19.0264 2288  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:42:19.0264 2288  usbuhci - ok
14:42:19.0279 2288  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:42:19.0279 2288  UxSms - ok
14:42:19.0295 2288  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:42:19.0295 2288  VaultSvc - ok
14:42:19.0295 2288  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:42:19.0295 2288  vdrvroot - ok
14:42:19.0326 2288  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:42:19.0342 2288  vds - ok
14:42:19.0342 2288  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:42:19.0357 2288  vga - ok
14:42:19.0357 2288  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:42:19.0357 2288  VgaSave - ok
14:42:19.0373 2288  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:42:19.0373 2288  vhdmp - ok
14:42:19.0389 2288  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:42:19.0389 2288  viaide - ok
14:42:19.0404 2288  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:42:19.0404 2288  volmgr - ok
14:42:19.0435 2288  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:42:19.0435 2288  volmgrx - ok
14:42:19.0451 2288  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:42:19.0467 2288  volsnap - ok
14:42:19.0467 2288  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:42:19.0467 2288  vsmraid - ok
14:42:19.0513 2288  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:42:19.0529 2288  VSS - ok
14:42:19.0529 2288  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:42:19.0529 2288  vwifibus - ok
14:42:19.0560 2288  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:42:19.0560 2288  vwififlt - ok
14:42:19.0576 2288  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:42:19.0576 2288  vwifimp - ok
14:42:19.0607 2288  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:42:19.0607 2288  W32Time - ok
14:42:19.0623 2288  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:42:19.0623 2288  WacomPen - ok
14:42:19.0638 2288  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:42:19.0638 2288  WANARP - ok
14:42:19.0638 2288  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:42:19.0638 2288  Wanarpv6 - ok
14:42:19.0669 2288  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:42:19.0701 2288  wbengine - ok
14:42:19.0716 2288  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:42:19.0716 2288  WbioSrvc - ok
14:42:19.0732 2288  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:42:19.0747 2288  wcncsvc - ok
14:42:19.0763 2288  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:42:19.0763 2288  WcsPlugInService - ok
14:42:19.0810 2288  [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
14:42:19.0810 2288  WCUService_STC_IE - ok
14:42:19.0825 2288  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:42:19.0825 2288  Wd - ok
14:42:19.0857 2288  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:42:19.0872 2288  Wdf01000 - ok
14:42:19.0888 2288  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:42:19.0888 2288  WdiServiceHost - ok
14:42:19.0888 2288  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:42:19.0903 2288  WdiSystemHost - ok
14:42:19.0919 2288  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:42:19.0935 2288  WebClient - ok
14:42:19.0966 2288  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:42:19.0966 2288  Wecsvc - ok
14:42:19.0981 2288  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:42:19.0981 2288  wercplsupport - ok
14:42:19.0997 2288  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:42:19.0997 2288  WerSvc - ok
14:42:19.0997 2288  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:42:20.0013 2288  WfpLwf - ok
14:42:20.0013 2288  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:42:20.0028 2288  WIMMount - ok
14:42:20.0028 2288  WinHttpAutoProxySvc - ok
14:42:20.0075 2288  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:42:20.0075 2288  Winmgmt - ok
14:42:20.0122 2288  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:42:20.0153 2288  WinRM - ok
14:42:20.0200 2288  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:42:20.0215 2288  WinUsb - ok
14:42:20.0231 2288  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:42:20.0247 2288  Wlansvc - ok
14:42:20.0262 2288  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:42:20.0262 2288  WmiAcpi - ok
14:42:20.0278 2288  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:42:20.0278 2288  wmiApSrv - ok
14:42:20.0309 2288  WMPNetworkSvc - ok
14:42:20.0325 2288  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:42:20.0325 2288  WPCSvc - ok
14:42:20.0340 2288  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:42:20.0356 2288  WPDBusEnum - ok
14:42:20.0371 2288  [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001    C:\Windows\system32\drivers\WPRO_41_2001.sys
14:42:20.0371 2288  WPRO_41_2001 - ok
14:42:20.0387 2288  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:42:20.0387 2288  ws2ifsl - ok
14:42:20.0387 2288  WSearch - ok
14:42:20.0403 2288  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:42:20.0418 2288  WudfPf - ok
14:42:20.0449 2288  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:42:20.0449 2288  WUDFRd - ok
14:42:20.0481 2288  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:42:20.0481 2288  wudfsvc - ok
14:42:20.0496 2288  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:42:20.0512 2288  WwanSvc - ok
14:42:20.0574 2288  X6va012 - ok
14:42:20.0590 2288  ================ Scan global ===============================
14:42:20.0605 2288  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:42:20.0637 2288  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:42:20.0652 2288  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:42:20.0683 2288  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:42:20.0715 2288  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
14:42:20.0715 2288  Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
14:42:20.0715 2288  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
14:42:20.0715 2288  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
14:42:20.0715 2288  ================ Scan MBR ==================================
14:42:20.0730 2288  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:42:21.0229 2288  \Device\Harddisk0\DR0 - ok
14:42:21.0229 2288  ================ Scan VBR ==================================
14:42:21.0229 2288  [ CD6D33772586B8FB578825C4ED328A3B ] \Device\Harddisk0\DR0\Partition1
14:42:21.0229 2288  \Device\Harddisk0\DR0\Partition1 - ok
14:42:21.0229 2288  [ D531F34B3A4ED3B3A5BA512DC2A4A9DA ] \Device\Harddisk0\DR0\Partition2
14:42:21.0245 2288  \Device\Harddisk0\DR0\Partition2 - ok
14:42:21.0245 2288  [ 680B142A802269C02CA7D0DA22D20468 ] \Device\Harddisk0\DR0\Partition3
14:42:21.0261 2288  \Device\Harddisk0\DR0\Partition3 - ok
14:42:21.0261 2288  ============================================================
14:42:21.0261 2288  Scan finished
14:42:21.0261 2288  ============================================================
14:42:21.0261 3364  Detected object count: 1
14:42:21.0261 3364  Actual detected object count: 1
14:42:29.0029 3364  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
14:42:29.0029 3364  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
         
Achja was genau ist ein ZeroAcess Rootkit? (gefährlich?)


Alt 12.02.2013, 15:56   #6
aharonov
/// TB-Ausbilder
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Weiter:


Schritt 1

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Drücke auf Start Scan.
    Mache während des Scans nichts am Rechner!
  • Gehe sicher, dass bei Virus.Win64.ZAccess.a die Option Cure (default) angehakt ist.
  • Drücke Continue --> Reboot.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles in deinen Thread.



Schritt 2

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 3

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort:
  • Log von TDSSKiller
  • Log von AdwCleaner
  • Log von Combofix
__________________
--> W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)

Alt 12.02.2013, 16:40   #7
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Ich habe 2 Logs von TDSSKiller:
Code:
ATTFilter
16:04:56.0130 3296  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:04:56.0333 3296  ============================================================
16:04:56.0333 3296  Current date / time: 2013/02/12 16:04:56.0333
16:04:56.0333 3296  SystemInfo:
16:04:56.0333 3296  
16:04:56.0333 3296  OS Version: 6.1.7601 ServicePack: 1.0
16:04:56.0333 3296  Product type: Workstation
16:04:56.0333 3296  ComputerName: GAMING-PC
16:04:56.0333 3296  UserName: Pascal
16:04:56.0333 3296  Windows directory: C:\Windows
16:04:56.0333 3296  System windows directory: C:\Windows
16:04:56.0333 3296  Running under WOW64
16:04:56.0333 3296  Processor architecture: Intel x64
16:04:56.0333 3296  Number of processors: 4
16:04:56.0333 3296  Page size: 0x1000
16:04:56.0333 3296  Boot type: Normal boot
16:04:56.0333 3296  ============================================================
16:04:57.0238 3296  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:57.0253 3296  ============================================================
16:04:57.0253 3296  \Device\Harddisk0\DR0:
16:04:57.0253 3296  MBR partitions:
16:04:57.0253 3296  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:04:57.0253 3296  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0D800
16:04:57.0253 3296  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x6AAC6000
16:04:57.0253 3296  ============================================================
16:04:57.0269 3296  C: <-> \Device\Harddisk0\DR0\Partition2
16:04:57.0284 3296  D: <-> \Device\Harddisk0\DR0\Partition3
16:04:57.0284 3296  ============================================================
16:04:57.0300 3296  Initialize success
16:04:57.0300 3296  ============================================================
16:05:23.0118 4328  ============================================================
16:05:23.0118 4328  Scan started
16:05:23.0118 4328  Mode: Manual; 
16:05:23.0118 4328  ============================================================
16:05:23.0321 4328  ================ Scan system memory ========================
16:05:23.0321 4328  System memory - ok
16:05:23.0321 4328  ================ Scan services =============================
16:05:23.0773 4328  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:05:23.0789 4328  1394ohci - ok
16:05:23.0804 4328  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:05:23.0804 4328  ACPI - ok
16:05:23.0820 4328  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:05:23.0820 4328  AcpiPmi - ok
16:05:23.0882 4328  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:23.0882 4328  AdobeARMservice - ok
16:05:23.0992 4328  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:23.0992 4328  AdobeFlashPlayerUpdateSvc - ok
16:05:24.0007 4328  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:05:24.0023 4328  adp94xx - ok
16:05:24.0038 4328  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:05:24.0038 4328  adpahci - ok
16:05:24.0054 4328  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:05:24.0070 4328  adpu320 - ok
16:05:24.0085 4328  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:05:24.0085 4328  AeLookupSvc - ok
16:05:24.0132 4328  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:05:24.0148 4328  AFD - ok
16:05:24.0163 4328  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:05:24.0163 4328  agp440 - ok
16:05:24.0179 4328  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:05:24.0194 4328  ALG - ok
16:05:24.0194 4328  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:05:24.0210 4328  aliide - ok
16:05:24.0210 4328  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:05:24.0226 4328  amdide - ok
16:05:24.0241 4328  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:05:24.0257 4328  AmdK8 - ok
16:05:24.0257 4328  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:05:24.0272 4328  AmdPPM - ok
16:05:24.0288 4328  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:05:24.0304 4328  amdsata - ok
16:05:24.0319 4328  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:05:24.0319 4328  amdsbs - ok
16:05:24.0335 4328  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:05:24.0335 4328  amdxata - ok
16:05:24.0382 4328  [ B73EB5109193A4BACE8520B79DD77B25 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
16:05:24.0397 4328  AntiVirMailService - ok
16:05:24.0397 4328  [ 44E76CC89F7E38B3C31F000A4E566856 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:05:24.0413 4328  AntiVirSchedulerService - ok
16:05:24.0444 4328  [ 3FE1CDD4DCF5D42DDBD6F1A3F83B5D3A ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:05:24.0460 4328  AntiVirService - ok
16:05:24.0475 4328  [ 4B46FED191BEB6EAFED88DE90E97A7DB ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:05:24.0491 4328  AntiVirWebService - ok
16:05:24.0522 4328  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:05:24.0522 4328  AppID - ok
16:05:24.0538 4328  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:05:24.0553 4328  AppIDSvc - ok
16:05:24.0584 4328  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:05:24.0584 4328  Appinfo - ok
16:05:24.0616 4328  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:05:24.0631 4328  Apple Mobile Device - ok
16:05:24.0631 4328  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:05:24.0631 4328  arc - ok
16:05:24.0647 4328  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:05:24.0647 4328  arcsas - ok
16:05:24.0725 4328  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:05:24.0787 4328  aspnet_state - ok
16:05:24.0803 4328  [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
16:05:24.0803 4328  AsrAppCharger - ok
16:05:24.0818 4328  [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
16:05:24.0834 4328  AsrRamDisk - ok
16:05:24.0850 4328  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:24.0850 4328  AsyncMac - ok
16:05:24.0881 4328  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:05:24.0881 4328  atapi - ok
16:05:24.0943 4328  [ 7D89B0C443F6068E5B27AA3B972069FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:05:24.0959 4328  athr - ok
16:05:24.0990 4328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:25.0006 4328  AudioEndpointBuilder - ok
16:05:25.0021 4328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:05:25.0021 4328  AudioSrv - ok
16:05:25.0021 4328  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:05:25.0021 4328  avgntflt - ok
16:05:25.0037 4328  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:05:25.0037 4328  avipbb - ok
16:05:25.0052 4328  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:05:25.0052 4328  avkmgr - ok
16:05:25.0084 4328  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:05:25.0099 4328  AxInstSV - ok
16:05:25.0115 4328  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:05:25.0130 4328  b06bdrv - ok
16:05:25.0162 4328  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:05:25.0162 4328  b57nd60a - ok
16:05:25.0208 4328  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:05:25.0208 4328  BDESVC - ok
16:05:25.0224 4328  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:05:25.0224 4328  Beep - ok
16:05:25.0240 4328  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:05:25.0240 4328  blbdrive - ok
16:05:25.0271 4328  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:05:25.0271 4328  bowser - ok
16:05:25.0286 4328  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:05:25.0286 4328  BrFiltLo - ok
16:05:25.0286 4328  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:05:25.0286 4328  BrFiltUp - ok
16:05:25.0349 4328  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:05:25.0349 4328  Browser - ok
16:05:25.0364 4328  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:05:25.0380 4328  Brserid - ok
16:05:25.0380 4328  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:25.0380 4328  BrSerWdm - ok
16:05:25.0396 4328  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:25.0396 4328  BrUsbMdm - ok
16:05:25.0411 4328  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:25.0411 4328  BrUsbSer - ok
16:05:25.0427 4328  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:05:25.0427 4328  BTHMODEM - ok
16:05:25.0442 4328  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:05:25.0458 4328  bthserv - ok
16:05:25.0458 4328  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:05:25.0474 4328  cdfs - ok
16:05:25.0505 4328  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:05:25.0505 4328  cdrom - ok
16:05:25.0552 4328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:05:25.0567 4328  CertPropSvc - ok
16:05:25.0567 4328  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:05:25.0567 4328  circlass - ok
16:05:25.0598 4328  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:05:25.0598 4328  CLFS - ok
16:05:25.0676 4328  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:25.0676 4328  clr_optimization_v2.0.50727_32 - ok
16:05:25.0723 4328  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:25.0723 4328  clr_optimization_v2.0.50727_64 - ok
16:05:25.0786 4328  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:25.0879 4328  clr_optimization_v4.0.30319_32 - ok
16:05:25.0910 4328  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:25.0926 4328  clr_optimization_v4.0.30319_64 - ok
16:05:25.0942 4328  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:05:25.0942 4328  CmBatt - ok
16:05:25.0957 4328  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:05:25.0957 4328  cmdide - ok
16:05:26.0035 4328  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
16:05:26.0066 4328  CNG - ok
16:05:26.0082 4328  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:05:26.0082 4328  Compbatt - ok
16:05:26.0098 4328  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:05:26.0113 4328  CompositeBus - ok
16:05:26.0113 4328  COMSysApp - ok
16:05:26.0191 4328  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:05:26.0207 4328  cphs - ok
16:05:26.0207 4328  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:05:26.0222 4328  crcdisk - ok
16:05:26.0254 4328  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:05:26.0254 4328  CryptSvc - ok
16:05:26.0300 4328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:05:26.0300 4328  DcomLaunch - ok
16:05:26.0332 4328  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:05:26.0332 4328  defragsvc - ok
16:05:26.0363 4328  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:05:26.0363 4328  DfsC - ok
16:05:26.0394 4328  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:05:26.0410 4328  Dhcp - ok
16:05:26.0410 4328  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:05:26.0425 4328  discache - ok
16:05:26.0425 4328  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:05:26.0441 4328  Disk - ok
16:05:26.0472 4328  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:05:26.0488 4328  Dnscache - ok
16:05:26.0519 4328  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:05:26.0534 4328  dot3svc - ok
16:05:26.0550 4328  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:05:26.0550 4328  DPS - ok
16:05:26.0581 4328  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:05:26.0581 4328  drmkaud - ok
16:05:26.0628 4328  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:05:26.0628 4328  DXGKrnl - ok
16:05:26.0659 4328  EagleX64 - ok
16:05:26.0675 4328  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:05:26.0690 4328  EapHost - ok
16:05:26.0737 4328  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:05:26.0800 4328  ebdrv - ok
16:05:26.0815 4328  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:05:26.0815 4328  EFS - ok
16:05:26.0846 4328  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:05:26.0862 4328  ehRecvr - ok
16:05:26.0893 4328  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:05:26.0893 4328  ehSched - ok
16:05:26.0924 4328  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:05:26.0940 4328  elxstor - ok
16:05:26.0956 4328  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:05:26.0971 4328  ErrDev - ok
16:05:27.0002 4328  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:05:27.0002 4328  EventSystem - ok
16:05:27.0034 4328  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:05:27.0034 4328  exfat - ok
16:05:27.0127 4328  FairplayKD - ok
16:05:27.0127 4328  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:05:27.0143 4328  fastfat - ok
16:05:27.0174 4328  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:05:27.0190 4328  Fax - ok
16:05:27.0190 4328  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:05:27.0190 4328  fdc - ok
16:05:27.0205 4328  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:05:27.0205 4328  fdPHost - ok
16:05:27.0236 4328  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:05:27.0236 4328  FDResPub - ok
16:05:27.0236 4328  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:05:27.0236 4328  FileInfo - ok
16:05:27.0252 4328  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:05:27.0252 4328  Filetrace - ok
16:05:27.0252 4328  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:05:27.0252 4328  flpydisk - ok
16:05:27.0283 4328  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:05:27.0283 4328  FltMgr - ok
16:05:27.0314 4328  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
16:05:27.0314 4328  FNETURPX - ok
16:05:27.0346 4328  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:05:27.0361 4328  FontCache - ok
16:05:27.0392 4328  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:05:27.0408 4328  FontCache3.0.0.0 - ok
16:05:27.0408 4328  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:05:27.0408 4328  FsDepends - ok
16:05:27.0439 4328  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:05:27.0439 4328  Fs_Rec - ok
16:05:27.0470 4328  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:05:27.0470 4328  fvevol - ok
16:05:27.0486 4328  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:05:27.0486 4328  gagp30kx - ok
16:05:27.0517 4328  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:05:27.0517 4328  GEARAspiWDM - ok
16:05:27.0533 4328  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:05:27.0564 4328  gpsvc - ok
16:05:27.0580 4328  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
16:05:27.0595 4328  hamachi - ok
16:05:27.0611 4328  Hamachi2Svc - ok
16:05:27.0626 4328  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:05:27.0626 4328  hcw85cir - ok
16:05:27.0658 4328  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:05:27.0673 4328  HdAudAddService - ok
16:05:27.0689 4328  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:05:27.0689 4328  HDAudBus - ok
16:05:27.0704 4328  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:05:27.0704 4328  HidBatt - ok
16:05:27.0720 4328  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:05:27.0720 4328  HidBth - ok
16:05:27.0736 4328  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:05:27.0736 4328  HidIr - ok
16:05:27.0751 4328  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:05:27.0767 4328  hidserv - ok
16:05:27.0782 4328  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:05:27.0782 4328  HidUsb - ok
16:05:27.0798 4328  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:05:27.0814 4328  hkmsvc - ok
16:05:27.0829 4328  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:05:27.0845 4328  HomeGroupListener - ok
16:05:27.0860 4328  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:05:27.0860 4328  HomeGroupProvider - ok
16:05:27.0876 4328  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:05:27.0892 4328  HpSAMD - ok
16:05:27.0907 4328  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:05:27.0938 4328  HTTP - ok
16:05:27.0938 4328  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:05:27.0954 4328  hwpolicy - ok
16:05:27.0954 4328  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:05:27.0970 4328  i8042prt - ok
16:05:27.0985 4328  [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:05:28.0001 4328  iaStor - ok
16:05:28.0048 4328  [ 1F35EFEC56CD1BF62435EAF97EABC3B3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:05:28.0048 4328  IAStorDataMgrSvc - ok
16:05:28.0063 4328  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:05:28.0063 4328  iaStorV - ok
16:05:28.0094 4328  [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
16:05:28.0094 4328  ICCS - ok
16:05:28.0126 4328  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:05:28.0157 4328  idsvc - ok
16:05:28.0250 4328  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:05:28.0328 4328  igfx - ok
16:05:28.0328 4328  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:05:28.0344 4328  iirsp - ok
16:05:28.0360 4328  [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
16:05:28.0375 4328  ikbevent - ok
16:05:28.0422 4328  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:05:28.0438 4328  IKEEXT - ok
16:05:28.0453 4328  [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
16:05:28.0469 4328  imsevent - ok
16:05:28.0531 4328  [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:05:28.0547 4328  IntcAzAudAddService - ok
16:05:28.0578 4328  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:05:28.0594 4328  IntcDAud - ok
16:05:28.0640 4328  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:05:28.0656 4328  Intel(R) Capability Licensing Service Interface - ok
16:05:28.0687 4328  [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:05:28.0703 4328  Intel(R) ME Service - ok
16:05:28.0718 4328  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:05:28.0718 4328  intelide - ok
16:05:28.0734 4328  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:05:28.0734 4328  intelppm - ok
16:05:28.0750 4328  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:05:28.0765 4328  IPBusEnum - ok
16:05:28.0781 4328  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:05:28.0796 4328  IpFilterDriver - ok
16:05:28.0812 4328  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:05:28.0812 4328  IPMIDRV - ok
16:05:28.0843 4328  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:05:28.0859 4328  IPNAT - ok
16:05:28.0906 4328  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:05:28.0921 4328  iPod Service - ok
16:05:28.0937 4328  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:05:28.0937 4328  IRENUM - ok
16:05:28.0952 4328  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:05:28.0952 4328  isapnp - ok
16:05:28.0968 4328  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:05:28.0984 4328  iScsiPrt - ok
16:05:28.0984 4328  [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
16:05:28.0999 4328  ISCT - ok
16:05:29.0015 4328  [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
16:05:29.0030 4328  ISCTAgent - ok
16:05:29.0046 4328  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:05:29.0062 4328  iusb3hcs - ok
16:05:29.0077 4328  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
16:05:29.0093 4328  iusb3hub - ok
16:05:29.0108 4328  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:05:29.0124 4328  iusb3xhc - ok
16:05:29.0140 4328  [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:05:29.0140 4328  jhi_service - ok
16:05:29.0155 4328  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:05:29.0171 4328  kbdclass - ok
16:05:29.0186 4328  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:05:29.0202 4328  kbdhid - ok
16:05:29.0218 4328  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:05:29.0218 4328  KeyIso - ok
16:05:29.0280 4328  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
16:05:29.0280 4328  KMWDFILTER - ok
16:05:29.0296 4328  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:05:29.0311 4328  KSecDD - ok
16:05:29.0327 4328  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:05:29.0342 4328  KSecPkg - ok
16:05:29.0342 4328  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:05:29.0342 4328  ksthunk - ok
16:05:29.0374 4328  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:05:29.0389 4328  KtmRm - ok
16:05:29.0436 4328  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:05:29.0436 4328  LanmanServer - ok
16:05:29.0467 4328  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:05:29.0483 4328  LanmanWorkstation - ok
16:05:29.0498 4328  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:05:29.0514 4328  lltdio - ok
16:05:29.0545 4328  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:05:29.0545 4328  lltdsvc - ok
16:05:29.0576 4328  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:05:29.0576 4328  lmhosts - ok
16:05:29.0623 4328  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:05:29.0623 4328  LMS - ok
16:05:29.0623 4328  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:05:29.0639 4328  LSI_FC - ok
16:05:29.0639 4328  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:05:29.0654 4328  LSI_SAS - ok
16:05:29.0654 4328  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:05:29.0654 4328  LSI_SAS2 - ok
16:05:29.0670 4328  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:05:29.0670 4328  LSI_SCSI - ok
16:05:29.0686 4328  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:05:29.0686 4328  luafv - ok
16:05:29.0748 4328  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:05:29.0748 4328  MBAMProtector - ok
16:05:29.0779 4328  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:05:29.0795 4328  MBAMScheduler - ok
16:05:29.0842 4328  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     D:\Malwarebytes' Anti-Malware\mbamservice.exe
16:05:29.0842 4328  MBAMService - ok
16:05:29.0873 4328  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
16:05:29.0873 4328  MBfilt - ok
16:05:29.0888 4328  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:05:29.0904 4328  Mcx2Svc - ok
16:05:29.0904 4328  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:05:29.0920 4328  megasas - ok
16:05:29.0920 4328  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:05:29.0935 4328  MegaSR - ok
16:05:29.0951 4328  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
16:05:29.0966 4328  MEIx64 - ok
16:05:29.0982 4328  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:05:29.0982 4328  MMCSS - ok
16:05:29.0998 4328  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:05:29.0998 4328  Modem - ok
16:05:30.0013 4328  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:05:30.0013 4328  monitor - ok
16:05:30.0029 4328  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:05:30.0029 4328  mouclass - ok
16:05:30.0044 4328  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:05:30.0060 4328  mouhid - ok
16:05:30.0091 4328  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:05:30.0091 4328  mountmgr - ok
16:05:30.0138 4328  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:05:30.0138 4328  MozillaMaintenance - ok
16:05:30.0154 4328  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:05:30.0169 4328  mpio - ok
16:05:30.0185 4328  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:05:30.0200 4328  mpsdrv - ok
16:05:30.0216 4328  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:05:30.0232 4328  MRxDAV - ok
16:05:30.0247 4328  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:30.0247 4328  mrxsmb - ok
16:05:30.0263 4328  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:30.0278 4328  mrxsmb10 - ok
16:05:30.0294 4328  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:30.0294 4328  mrxsmb20 - ok
16:05:30.0310 4328  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:05:30.0310 4328  msahci - ok
16:05:30.0341 4328  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:05:30.0341 4328  msdsm - ok
16:05:30.0356 4328  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:05:30.0356 4328  MSDTC - ok
16:05:30.0372 4328  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:05:30.0388 4328  Msfs - ok
16:05:30.0388 4328  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:05:30.0388 4328  mshidkmdf - ok
16:05:30.0388 4328  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:05:30.0403 4328  msisadrv - ok
16:05:30.0419 4328  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:05:30.0419 4328  MSiSCSI - ok
16:05:30.0434 4328  msiserver - ok
16:05:30.0450 4328  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:05:30.0450 4328  MSKSSRV - ok
16:05:30.0466 4328  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:30.0466 4328  MSPCLOCK - ok
16:05:30.0466 4328  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:05:30.0481 4328  MSPQM - ok
16:05:30.0497 4328  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:05:30.0512 4328  MsRPC - ok
16:05:30.0528 4328  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:05:30.0528 4328  mssmbios - ok
16:05:30.0544 4328  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:05:30.0559 4328  MSTEE - ok
16:05:30.0559 4328  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:05:30.0559 4328  MTConfig - ok
16:05:30.0575 4328  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:05:30.0575 4328  Mup - ok
16:05:30.0590 4328  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:05:30.0606 4328  napagent - ok
16:05:30.0637 4328  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:05:30.0637 4328  NativeWifiP - ok
16:05:30.0715 4328  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:05:30.0715 4328  NDIS - ok
16:05:30.0746 4328  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:05:30.0746 4328  NdisCap - ok
16:05:30.0762 4328  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:30.0762 4328  NdisTapi - ok
16:05:30.0809 4328  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:30.0809 4328  Ndisuio - ok
16:05:30.0824 4328  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:30.0840 4328  NdisWan - ok
16:05:30.0856 4328  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:05:30.0856 4328  NDProxy - ok
16:05:30.0871 4328  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:05:30.0871 4328  NetBIOS - ok
16:05:30.0887 4328  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:05:30.0902 4328  NetBT - ok
16:05:30.0918 4328  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:05:30.0918 4328  Netlogon - ok
16:05:30.0965 4328  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:05:30.0965 4328  Netman - ok
16:05:30.0996 4328  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0027 4328  NetMsmqActivator - ok
16:05:31.0027 4328  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0027 4328  NetPipeActivator - ok
16:05:31.0043 4328  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:05:31.0058 4328  netprofm - ok
16:05:31.0074 4328  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0074 4328  NetTcpActivator - ok
16:05:31.0074 4328  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0074 4328  NetTcpPortSharing - ok
16:05:31.0090 4328  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:05:31.0090 4328  nfrd960 - ok
16:05:31.0121 4328  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:05:31.0121 4328  NlaSvc - ok
16:05:31.0121 4328  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:05:31.0136 4328  Npfs - ok
16:05:31.0136 4328  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:05:31.0152 4328  nsi - ok
16:05:31.0152 4328  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:05:31.0152 4328  nsiproxy - ok
16:05:31.0199 4328  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:05:31.0230 4328  Ntfs - ok
16:05:31.0246 4328  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:05:31.0246 4328  Null - ok
16:05:31.0261 4328  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:05:31.0261 4328  nvraid - ok
16:05:31.0292 4328  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:05:31.0292 4328  nvstor - ok
16:05:31.0324 4328  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:05:31.0324 4328  nv_agp - ok
16:05:31.0339 4328  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:05:31.0339 4328  ohci1394 - ok
16:05:31.0355 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:05:31.0370 4328  p2pimsvc - ok
16:05:31.0370 4328  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:05:31.0386 4328  p2psvc - ok
16:05:31.0386 4328  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:05:31.0402 4328  Parport - ok
16:05:31.0417 4328  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:05:31.0433 4328  partmgr - ok
16:05:31.0448 4328  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:05:31.0448 4328  PcaSvc - ok
16:05:31.0464 4328  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:05:31.0480 4328  pci - ok
16:05:31.0480 4328  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:05:31.0495 4328  pciide - ok
16:05:31.0511 4328  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:05:31.0511 4328  pcmcia - ok
16:05:31.0526 4328  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:05:31.0526 4328  pcw - ok
16:05:31.0542 4328  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:05:31.0558 4328  PEAUTH - ok
16:05:31.0620 4328  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:05:31.0620 4328  PerfHost - ok
16:05:31.0667 4328  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:05:31.0698 4328  pla - ok
16:05:31.0729 4328  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:05:31.0745 4328  PlugPlay - ok
16:05:31.0760 4328  PnkBstrA - ok
16:05:31.0776 4328  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:05:31.0792 4328  PNRPAutoReg - ok
16:05:31.0792 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:05:31.0792 4328  PNRPsvc - ok
16:05:31.0823 4328  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:05:31.0838 4328  PolicyAgent - ok
16:05:31.0885 4328  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:05:31.0885 4328  Power - ok
16:05:31.0901 4328  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:05:31.0901 4328  PptpMiniport - ok
16:05:31.0916 4328  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:05:31.0916 4328  Processor - ok
16:05:31.0948 4328  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:05:31.0948 4328  ProfSvc - ok
16:05:31.0963 4328  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:05:31.0963 4328  ProtectedStorage - ok
16:05:31.0994 4328  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:05:31.0994 4328  Psched - ok
16:05:32.0026 4328  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:05:32.0057 4328  ql2300 - ok
16:05:32.0072 4328  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:05:32.0088 4328  ql40xx - ok
16:05:32.0088 4328  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:05:32.0104 4328  QWAVE - ok
16:05:32.0104 4328  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:05:32.0119 4328  QWAVEdrv - ok
16:05:32.0119 4328  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:05:32.0135 4328  RasAcd - ok
16:05:32.0150 4328  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:05:32.0150 4328  RasAgileVpn - ok
16:05:32.0166 4328  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:05:32.0166 4328  RasAuto - ok
16:05:32.0182 4328  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:32.0197 4328  Rasl2tp - ok
16:05:32.0228 4328  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:05:32.0244 4328  RasMan - ok
16:05:32.0260 4328  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:32.0275 4328  RasPppoe - ok
16:05:32.0275 4328  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:05:32.0275 4328  RasSstp - ok
16:05:32.0291 4328  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:05:32.0306 4328  rdbss - ok
16:05:32.0322 4328  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:05:32.0322 4328  rdpbus - ok
16:05:32.0353 4328  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:32.0353 4328  RDPCDD - ok
16:05:32.0353 4328  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:05:32.0353 4328  RDPENCDD - ok
16:05:32.0384 4328  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:05:32.0384 4328  RDPREFMP - ok
16:05:32.0447 4328  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:05:32.0447 4328  RdpVideoMiniport - ok
16:05:32.0462 4328  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:05:32.0478 4328  RDPWD - ok
16:05:32.0509 4328  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:05:32.0525 4328  rdyboost - ok
16:05:32.0556 4328  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:05:32.0572 4328  RemoteAccess - ok
16:05:32.0572 4328  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:05:32.0587 4328  RemoteRegistry - ok
16:05:32.0603 4328  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:05:32.0618 4328  RpcEptMapper - ok
16:05:32.0618 4328  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:05:32.0634 4328  RpcLocator - ok
16:05:32.0650 4328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:05:32.0650 4328  RpcSs - ok
16:05:32.0665 4328  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:05:32.0681 4328  rspndr - ok
16:05:32.0712 4328  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:05:32.0712 4328  RTL8167 - ok
16:05:32.0759 4328  [ 4CE333AC701C4BD2E3EFF721C0DB2526 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
16:05:32.0774 4328  RTL8192su - ok
16:05:32.0790 4328  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:05:32.0790 4328  SamSs - ok
16:05:32.0821 4328  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:05:32.0821 4328  sbp2port - ok
16:05:32.0837 4328  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:05:32.0837 4328  SCardSvr - ok
16:05:32.0868 4328  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:05:32.0868 4328  scfilter - ok
16:05:32.0899 4328  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:05:32.0930 4328  Schedule - ok
16:05:32.0946 4328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:05:32.0946 4328  SCPolicySvc - ok
16:05:32.0962 4328  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:05:32.0977 4328  SDRSVC - ok
16:05:32.0977 4328  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:05:32.0977 4328  secdrv - ok
16:05:33.0008 4328  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:05:33.0008 4328  seclogon - ok
16:05:33.0040 4328  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:05:33.0040 4328  SENS - ok
16:05:33.0055 4328  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:05:33.0055 4328  SensrSvc - ok
16:05:33.0071 4328  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:05:33.0071 4328  Serenum - ok
16:05:33.0086 4328  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:05:33.0086 4328  Serial - ok
16:05:33.0118 4328  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:05:33.0118 4328  sermouse - ok
16:05:33.0133 4328  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:05:33.0149 4328  SessionEnv - ok
16:05:33.0164 4328  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:05:33.0164 4328  sffdisk - ok
16:05:33.0180 4328  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:05:33.0180 4328  sffp_mmc - ok
16:05:33.0180 4328  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:05:33.0180 4328  sffp_sd - ok
16:05:33.0211 4328  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:05:33.0211 4328  sfloppy - ok
16:05:33.0227 4328  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:05:33.0242 4328  ShellHWDetection - ok
16:05:33.0258 4328  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:05:33.0258 4328  SiSRaid2 - ok
16:05:33.0274 4328  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:05:33.0274 4328  SiSRaid4 - ok
16:05:33.0289 4328  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:05:33.0305 4328  Smb - ok
16:05:33.0320 4328  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:05:33.0336 4328  SNMPTRAP - ok
16:05:33.0336 4328  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:05:33.0336 4328  spldr - ok
16:05:33.0367 4328  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:05:33.0383 4328  Spooler - ok
16:05:33.0430 4328  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:05:33.0476 4328  sppsvc - ok
16:05:33.0492 4328  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:05:33.0492 4328  sppuinotify - ok
16:05:33.0508 4328  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:05:33.0523 4328  srv - ok
16:05:33.0523 4328  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:05:33.0539 4328  srv2 - ok
16:05:33.0539 4328  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:05:33.0539 4328  srvnet - ok
16:05:33.0570 4328  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:05:33.0570 4328  SSDPSRV - ok
16:05:33.0586 4328  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:05:33.0586 4328  SstpSvc - ok
16:05:33.0617 4328  Steam Client Service - ok
16:05:33.0617 4328  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:05:33.0632 4328  stexstor - ok
16:05:33.0664 4328  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:05:33.0679 4328  stisvc - ok
16:05:33.0695 4328  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:05:33.0695 4328  swenum - ok
16:05:33.0710 4328  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:05:33.0726 4328  swprv - ok
16:05:33.0757 4328  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:05:33.0773 4328  SysMain - ok
16:05:33.0788 4328  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:05:33.0804 4328  TabletInputService - ok
16:05:33.0820 4328  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:05:33.0835 4328  TapiSrv - ok
16:05:33.0851 4328  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:05:33.0851 4328  TBS - ok
16:05:33.0898 4328  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:05:33.0929 4328  Tcpip - ok
16:05:33.0960 4328  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:05:33.0976 4328  TCPIP6 - ok
16:05:34.0022 4328  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:05:34.0022 4328  tcpipreg - ok
16:05:34.0038 4328  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:05:34.0038 4328  TDPIPE - ok
16:05:34.0069 4328  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:05:34.0069 4328  TDTCP - ok
16:05:34.0100 4328  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:05:34.0116 4328  tdx - ok
16:05:34.0116 4328  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:05:34.0116 4328  TermDD - ok
16:05:34.0132 4328  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:05:34.0163 4328  TermService - ok
16:05:34.0178 4328  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:05:34.0178 4328  Themes - ok
16:05:34.0194 4328  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:05:34.0194 4328  THREADORDER - ok
16:05:34.0210 4328  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:05:34.0210 4328  TrkWks - ok
16:05:34.0241 4328  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:05:34.0256 4328  TrustedInstaller - ok
16:05:34.0256 4328  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:34.0272 4328  tssecsrv - ok
16:05:34.0288 4328  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:05:34.0288 4328  TsUsbFlt - ok
16:05:34.0319 4328  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:05:34.0334 4328  tunnel - ok
16:05:34.0334 4328  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:05:34.0350 4328  uagp35 - ok
16:05:34.0366 4328  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:05:34.0381 4328  udfs - ok
16:05:34.0397 4328  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:05:34.0412 4328  UI0Detect - ok
16:05:34.0412 4328  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:05:34.0412 4328  uliagpkx - ok
16:05:34.0444 4328  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:05:34.0444 4328  umbus - ok
16:05:34.0459 4328  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:05:34.0459 4328  UmPass - ok
16:05:34.0522 4328  [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:05:34.0522 4328  UNS - ok
16:05:34.0537 4328  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:05:34.0553 4328  upnphost - ok
16:05:34.0568 4328  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:05:34.0584 4328  USBAAPL64 - ok
16:05:34.0584 4328  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:34.0600 4328  usbccgp - ok
16:05:34.0615 4328  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:05:34.0631 4328  usbcir - ok
16:05:34.0646 4328  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:05:34.0646 4328  usbehci - ok
16:05:34.0678 4328  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:05:34.0693 4328  usbhub - ok
16:05:34.0709 4328  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:05:34.0709 4328  usbohci - ok
16:05:34.0724 4328  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:05:34.0724 4328  usbprint - ok
16:05:34.0740 4328  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
16:05:34.0740 4328  USBSTOR - ok
16:05:34.0756 4328  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:05:34.0756 4328  usbuhci - ok
16:05:34.0771 4328  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:05:34.0787 4328  UxSms - ok
16:05:34.0802 4328  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:05:34.0802 4328  VaultSvc - ok
16:05:34.0818 4328  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:05:34.0818 4328  vdrvroot - ok
16:05:34.0834 4328  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:05:34.0849 4328  vds - ok
16:05:34.0865 4328  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:34.0880 4328  vga - ok
16:05:34.0880 4328  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:05:34.0880 4328  VgaSave - ok
16:05:34.0896 4328  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:05:34.0912 4328  vhdmp - ok
16:05:34.0927 4328  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:05:34.0927 4328  viaide - ok
16:05:34.0943 4328  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:05:34.0943 4328  volmgr - ok
16:05:34.0974 4328  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:05:34.0974 4328  volmgrx - ok
16:05:34.0990 4328  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:05:35.0005 4328  volsnap - ok
16:05:35.0021 4328  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:05:35.0036 4328  vsmraid - ok
16:05:35.0068 4328  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:05:35.0099 4328  VSS - ok
16:05:35.0099 4328  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:05:35.0099 4328  vwifibus - ok
16:05:35.0130 4328  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:05:35.0146 4328  vwififlt - ok
16:05:35.0161 4328  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:05:35.0161 4328  vwifimp - ok
16:05:35.0177 4328  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:05:35.0192 4328  W32Time - ok
16:05:35.0208 4328  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:05:35.0208 4328  WacomPen - ok
16:05:35.0224 4328  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:05:35.0239 4328  WANARP - ok
16:05:35.0239 4328  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:05:35.0239 4328  Wanarpv6 - ok
16:05:35.0286 4328  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:05:35.0302 4328  wbengine - ok
16:05:35.0317 4328  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:05:35.0333 4328  WbioSrvc - ok
16:05:35.0348 4328  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:05:35.0348 4328  wcncsvc - ok
16:05:35.0364 4328  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:05:35.0364 4328  WcsPlugInService - ok
16:05:35.0411 4328  [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
16:05:35.0426 4328  WCUService_STC_IE - ok
16:05:35.0426 4328  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:05:35.0426 4328  Wd - ok
16:05:35.0458 4328  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:05:35.0473 4328  Wdf01000 - ok
16:05:35.0489 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:05:35.0489 4328  WdiServiceHost - ok
16:05:35.0504 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:05:35.0504 4328  WdiSystemHost - ok
16:05:35.0520 4328  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:05:35.0536 4328  WebClient - ok
16:05:35.0551 4328  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:05:35.0567 4328  Wecsvc - ok
16:05:35.0567 4328  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:05:35.0567 4328  wercplsupport - ok
16:05:35.0582 4328  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:05:35.0582 4328  WerSvc - ok
16:05:35.0598 4328  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:05:35.0598 4328  WfpLwf - ok
16:05:35.0614 4328  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:05:35.0614 4328  WIMMount - ok
16:05:35.0614 4328  WinHttpAutoProxySvc - ok
16:05:35.0660 4328  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:05:35.0676 4328  Winmgmt - ok
16:05:35.0707 4328  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:05:35.0723 4328  WinRM - ok
16:05:35.0770 4328  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:05:35.0770 4328  WinUsb - ok
16:05:35.0816 4328  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:05:35.0832 4328  Wlansvc - ok
16:05:35.0848 4328  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:05:35.0848 4328  WmiAcpi - ok
16:05:35.0863 4328  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:05:35.0879 4328  wmiApSrv - ok
16:05:35.0894 4328  WMPNetworkSvc - ok
16:05:35.0910 4328  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:05:35.0910 4328  WPCSvc - ok
16:05:35.0941 4328  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:05:35.0941 4328  WPDBusEnum - ok
16:05:35.0957 4328  [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001    C:\Windows\system32\drivers\WPRO_41_2001.sys
16:05:35.0957 4328  WPRO_41_2001 - ok
16:05:35.0957 4328  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:05:35.0957 4328  ws2ifsl - ok
16:05:35.0972 4328  WSearch - ok
16:05:35.0988 4328  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:05:36.0004 4328  WudfPf - ok
16:05:36.0004 4328  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:05:36.0019 4328  WUDFRd - ok
16:05:36.0035 4328  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:05:36.0050 4328  wudfsvc - ok
16:05:36.0066 4328  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:05:36.0066 4328  WwanSvc - ok
16:05:36.0113 4328  X6va012 - ok
16:05:36.0144 4328  ================ Scan global ===============================
16:05:36.0175 4328  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:05:36.0191 4328  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:05:36.0206 4328  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:05:36.0238 4328  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:05:36.0269 4328  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
16:05:36.0269 4328  Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
16:05:36.0269 4328  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
16:05:36.0269 4328  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
16:05:36.0269 4328  ================ Scan MBR ==================================
16:05:36.0284 4328  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:05:36.0518 4328  \Device\Harddisk0\DR0 - ok
16:05:36.0518 4328  ================ Scan VBR ==================================
16:05:36.0518 4328  [ CD6D33772586B8FB578825C4ED328A3B ] \Device\Harddisk0\DR0\Partition1
16:05:36.0518 4328  \Device\Harddisk0\DR0\Partition1 - ok
16:05:36.0550 4328  [ D531F34B3A4ED3B3A5BA512DC2A4A9DA ] \Device\Harddisk0\DR0\Partition2
16:05:36.0550 4328  \Device\Harddisk0\DR0\Partition2 - ok
16:05:36.0565 4328  [ 680B142A802269C02CA7D0DA22D20468 ] \Device\Harddisk0\DR0\Partition3
16:05:36.0565 4328  \Device\Harddisk0\DR0\Partition3 - ok
16:05:36.0565 4328  ============================================================
16:05:36.0565 4328  Scan finished
16:05:36.0565 4328  ============================================================
16:05:36.0565 3556  Detected object count: 1
16:05:36.0565 3556  Actual detected object count: 1
16:05:44.0833 3556  C:\Windows\system32\services.exe - copied to quarantine
16:05:45.0005 3556  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
16:05:45.0005 3556  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
16:05:45.0036 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\@ - copied to quarantine
16:05:45.0052 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\00000004.@ - copied to quarantine
16:05:45.0067 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000004.@ - copied to quarantine
16:05:45.0067 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@ - copied to quarantine
16:05:45.0067 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@ - copied to quarantine
16:05:45.0083 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000000.@ - copied to quarantine
16:05:45.0083 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000032.@ - copied to quarantine
16:05:45.0083 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000064.@ - copied to quarantine
16:06:15.0667 3556  Backup copy not found, trying to cure infected file..
16:06:15.0667 3556  Cure success, using it..
16:06:15.0714 3556  C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
16:06:15.0714 3556  C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
16:06:15.0730 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\@ - will be deleted on reboot
16:06:15.0730 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000004.@ - will be deleted on reboot
16:06:15.0730 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@ - will be deleted on reboot
16:06:15.0730 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@ - will be deleted on reboot
16:06:15.0730 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000000.@ - will be deleted on reboot
16:06:15.0730 3556  C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000064.@ - will be deleted on reboot
16:06:15.0730 3556  C:\Windows\system32\services.exe - will be cured on reboot
16:06:15.0730 3556  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure 
16:06:20.0191 4512  Deinitialize success
         

Code:
ATTFilter
16:08:09.0117 3916  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:08:09.0305 3916  ============================================================
16:08:09.0305 3916  Current date / time: 2013/02/12 16:08:09.0305
16:08:09.0305 3916  SystemInfo:
16:08:09.0305 3916  
16:08:09.0305 3916  OS Version: 6.1.7601 ServicePack: 1.0
16:08:09.0305 3916  Product type: Workstation
16:08:09.0305 3916  ComputerName: GAMING-PC
16:08:09.0305 3916  UserName: Pascal
16:08:09.0305 3916  Windows directory: C:\Windows
16:08:09.0305 3916  System windows directory: C:\Windows
16:08:09.0305 3916  Running under WOW64
16:08:09.0305 3916  Processor architecture: Intel x64
16:08:09.0305 3916  Number of processors: 4
16:08:09.0305 3916  Page size: 0x1000
16:08:09.0305 3916  Boot type: Normal boot
16:08:09.0305 3916  ============================================================
16:08:14.0000 3916  BG loaded
16:08:14.0765 3916  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:08:14.0765 3916  ============================================================
16:08:14.0765 3916  \Device\Harddisk0\DR0:
16:08:14.0765 3916  MBR partitions:
16:08:14.0765 3916  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:08:14.0765 3916  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0D800
16:08:14.0765 3916  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x6AAC6000
16:08:14.0765 3916  ============================================================
16:08:14.0796 3916  C: <-> \Device\Harddisk0\DR0\Partition2
16:08:14.0827 3916  D: <-> \Device\Harddisk0\DR0\Partition3
16:08:14.0827 3916  ============================================================
16:08:14.0827 3916  Initialize success
16:08:14.0827 3916  ============================================================
16:21:33.0686 3784  Deinitialize success
         

Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 12/02/2013 um 16:00:05 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Pascal - GAMING-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Pascal\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1222 octets] - [12/02/2013 16:00:05]

########## EOF - C:\AdwCleaner[S1].txt - [1282 octets] ##########
         


Code:
ATTFilter
ComboFix 13-02-12.01 - Pascal 12.02.2013  16:23:37.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7885.6285 [GMT 1:00]
ausgeführt von:: c:\users\Pascal\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\programdata\ntuser.dat
c:\windows\security\Database\tmp.edb
c:\windows\win.dll
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-12 bis 2013-02-12  ))))))))))))))))))))))))))))))
.
.
2013-02-12 15:26 . 2013-02-12 15:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-12 15:07 . 2013-02-12 15:27	94656	----a-w-	c:\windows\system32\WPRO_41_2001woem.tmp
2013-02-12 15:05 . 2013-02-12 15:05	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-02-12 01:34 . 2013-02-12 01:34	--------	d-----w-	c:\program files (x86)\7-Zip
2013-02-11 23:35 . 2013-02-11 23:35	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-11 23:35 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-11 22:47 . 2013-02-11 22:47	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2013-02-10 22:37 . 2013-02-10 22:38	--------	d-----w-	c:\programdata\PMB Files
2013-02-10 22:37 . 2013-02-10 22:37	--------	d-----w-	c:\program files (x86)\Pando Networks
2013-02-10 18:11 . 2008-10-15 05:22	5631312	----a-w-	c:\windows\system32\D3DX9_40.dll
2013-02-10 18:11 . 2008-10-15 05:22	519000	----a-w-	c:\windows\system32\d3dx10_40.dll
2013-02-10 18:11 . 2008-10-15 05:22	452440	----a-w-	c:\windows\SysWow64\d3dx10_40.dll
2013-02-10 18:11 . 2008-10-15 05:22	4379984	----a-w-	c:\windows\SysWow64\D3DX9_40.dll
2013-02-10 18:11 . 2008-10-15 05:22	2605920	----a-w-	c:\windows\system32\D3DCompiler_40.dll
2013-02-10 18:11 . 2008-10-15 05:22	2036576	----a-w-	c:\windows\SysWow64\D3DCompiler_40.dll
2013-02-10 01:25 . 2013-02-10 01:25	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-02-10 01:16 . 2013-02-10 01:25	234768	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-02-10 01:16 . 2013-02-10 01:16	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-02-10 00:11 . 2013-02-10 00:34	--------	d-----w-	c:\program files (x86)\Origin Games
2013-02-10 00:09 . 2013-02-10 00:33	--------	d-----w-	c:\programdata\Origin
2013-02-10 00:09 . 2013-02-10 00:09	--------	d-----w-	c:\programdata\Electronic Arts
2013-02-08 10:57 . 2013-01-18 11:15	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{90623E7D-7121-41F4-B0DA-936347020410}\mpengine.dll
2013-02-08 10:46 . 2012-10-03 17:56	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-07 20:39 . 2013-02-07 20:39	--------	d-----w-	c:\windows\system32\SPReview
2013-02-07 20:38 . 2013-02-07 20:38	--------	d-----w-	c:\windows\system32\EventProviders
2013-02-07 18:14 . 2013-02-07 18:14	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-07 14:58 . 2013-02-07 15:21	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2013-02-06 16:41 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2013-02-06 16:41 . 2010-11-05 01:57	1942856	----a-w-	c:\windows\system32\dfshim.dll
2013-02-06 16:39 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2013-02-06 16:39 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2013-02-06 16:39 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2013-02-06 16:24 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-02-06 16:24 . 2011-03-25 03:29	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-02-06 16:24 . 2011-03-25 03:29	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-02-06 16:24 . 2011-03-25 03:29	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-02-06 16:24 . 2011-03-25 03:29	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-02-06 16:24 . 2011-03-25 03:29	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-02-06 16:24 . 2011-03-25 03:28	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-02-06 16:23 . 2011-03-11 06:41	189824	----a-w-	c:\windows\system32\drivers\storport.sys
2013-02-06 16:23 . 2011-03-11 06:41	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2013-02-06 16:23 . 2011-03-11 06:41	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2013-02-06 16:23 . 2011-03-11 06:41	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2013-02-06 16:23 . 2011-03-11 06:41	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2013-02-06 16:23 . 2011-03-11 06:41	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2013-02-06 16:23 . 2011-03-11 06:33	2565632	----a-w-	c:\windows\system32\esent.dll
2013-02-06 16:23 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2013-02-06 16:23 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\SysWow64\esent.dll
2013-02-06 16:23 . 2011-03-11 05:31	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2013-02-06 16:23 . 2011-03-11 04:37	91648	----a-w-	c:\windows\system32\drivers\USBSTOR.SYS
2013-02-06 16:22 . 2013-02-06 16:22	--------	d-----w-	c:\program files (x86)\TP-LINK
2013-02-06 16:18 . 2009-03-18 15:35	33856	---ha-w-	c:\windows\system32\hamachi.sys
2013-02-06 10:49 . 2012-12-16 16:31	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-02-05 21:13 . 2013-02-05 21:13	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-02-05 21:13 . 2013-02-05 21:13	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-02-05 20:55 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-02-05 20:55 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-02-05 20:55 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-02-05 20:55 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-02-05 20:49 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-02-05 20:41 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-02-05 20:41 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-02-05 20:41 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-02-05 20:41 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-02-05 20:41 . 2010-09-30 10:41	100864	----a-w-	c:\windows\system32\fontsub.dll
2013-02-05 20:41 . 2010-09-30 06:47	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-02-05 20:41 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-02-05 20:41 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-02-05 20:41 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-02-05 20:41 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-02-05 20:41 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-02-05 20:41 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-02-05 20:41 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-02-05 20:38 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-02-05 20:38 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-02-05 20:38 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-02-05 20:38 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-02-05 20:38 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-02-05 20:29 . 2013-02-05 20:29	--------	d-----w-	c:\programdata\Nexon
2013-02-05 19:38 . 2013-02-05 20:27	--------	d-----w-	C:\Download
2013-02-05 19:38 . 2013-02-05 19:38	235	----a-w-	c:\windows\SysWow64\nxEuUninstall.bat
2013-02-05 19:38 . 2013-02-05 19:38	--------	d-----w-	C:\Nexon
2013-02-05 19:38 . 2013-02-05 19:38	446464	----a-w-	c:\windows\NEXON_EU_DownloaderUpdater.exe
2013-02-05 19:09 . 2013-02-05 19:09	--------	d-----w-	c:\windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
2013-02-05 18:12 . 2013-02-05 18:12	--------	d-----w-	c:\programdata\MTA San Andreas All
2013-02-05 16:39 . 2013-02-05 16:39	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-02-05 16:39 . 2013-02-05 16:39	--------	d-----w-	c:\programdata\Skype
2013-02-05 16:05 . 2013-02-05 16:05	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-02-05 15:41 . 2013-02-05 15:41	310688	----a-w-	c:\windows\system32\javaws.exe
2013-02-05 15:41 . 2013-02-05 15:41	188832	----a-w-	c:\windows\system32\javaw.exe
2013-02-05 15:41 . 2013-02-05 15:41	188320	----a-w-	c:\windows\system32\java.exe
2013-02-05 15:41 . 2013-02-05 15:41	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-05 15:39 . 2011-02-25 06:19	2871808	----a-w-	c:\windows\explorer.exe
2013-02-05 15:38 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2013-02-05 15:36 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-02-05 15:36 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2013-02-05 15:36 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2013-02-05 15:36 . 2011-02-24 06:15	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-02-05 15:36 . 2011-02-24 05:38	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-02-05 15:35 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-05 15:35 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-05 15:35 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-05 15:35 . 2011-03-12 12:08	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2013-02-05 15:35 . 2011-03-12 11:23	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-02-05 15:35 . 2011-03-11 06:34	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2013-02-05 15:35 . 2011-03-11 06:34	1395712	----a-w-	c:\windows\system32\mfc42.dll
2013-02-05 15:35 . 2011-03-11 05:33	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2013-02-05 15:35 . 2011-03-11 05:33	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
2013-02-05 15:35 . 2012-06-09 05:43	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-02-05 15:35 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2013-02-05 15:33 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2013-02-05 15:32 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2013-02-05 15:31 . 2013-02-05 15:41	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-05 15:31 . 2013-02-05 15:41	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-05 15:28 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2013-02-05 15:27 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2013-02-05 15:27 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-02-05 15:27 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2013-02-05 15:27 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2013-02-05 15:26 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-02-05 15:26 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-02-05 15:26 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-02-05 15:26 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-02-05 15:26 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-02-05 15:26 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-07 20:44 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-02-07 20:44 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-12-14 01:42 . 2012-12-14 01:42	9728	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrnor.lrc
2012-12-14 01:42 . 2012-12-14 01:42	21850112	----a-w-	c:\windows\SysWow64\igdfcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42	196096	----a-w-	c:\windows\SysWow64\IntelOpenCL32.dll
2012-12-14 01:42 . 2012-12-14 01:42	384512	----a-w-	c:\windows\system32\igfxpph.dll
2012-12-14 01:42 . 2012-12-14 01:42	64512	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-12-14 01:42 . 2012-12-14 01:42	440320	----a-w-	c:\windows\system32\igfxrell.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrptb.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437248	----a-w-	c:\windows\system32\igfxrtha.lrc
2012-12-14 01:42 . 2012-12-14 01:42	435712	----a-w-	c:\windows\system32\igfxrheb.lrc
2012-12-14 01:42 . 2012-12-14 01:42	435712	----a-w-	c:\windows\system32\igfxrara.lrc
2012-12-14 01:42 . 2012-12-14 01:42	431104	----a-w-	c:\windows\system32\igfxrkor.lrc
2012-12-14 01:42 . 2012-12-14 01:42	429056	----a-w-	c:\windows\system32\igfxrcht.lrc
2012-12-14 01:42 . 2012-12-14 01:42	330752	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2012-12-14 01:42 . 2012-12-14 01:42	28672	----a-w-	c:\windows\system32\igfxexps.dll
2012-12-14 01:42 . 2012-12-14 01:42	180224	----a-w-	c:\windows\SysWow64\iglhcp32.dll
2012-12-14 01:42 . 2012-12-14 01:42	11174912	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-12-14 01:42 . 2012-12-14 01:42	640512	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42	512112	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrnld.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrdeu.lrc
2012-12-14 01:42 . 2012-12-14 01:42	3121152	----a-w-	c:\windows\SysWow64\igfxcmjit32.dll
2012-12-14 01:42 . 2012-12-14 01:42	255088	----a-w-	c:\windows\system32\igfxext.exe
2012-12-14 01:42 . 2012-12-14 01:42	483840	----a-w-	c:\windows\system32\igfx11cmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42	439808	----a-w-	c:\windows\system32\igfxresn.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrtrk.lrc
2012-12-14 01:42 . 2012-12-14 01:42	428544	----a-w-	c:\windows\system32\igfxrchs.lrc
2012-12-14 01:42 . 2012-12-14 01:42	241664	----a-w-	c:\windows\system32\IntelOpenCL64.dll
2012-12-14 01:42 . 2012-12-14 01:42	80384	----a-w-	c:\windows\system32\igdde64.dll
2012-12-14 01:42 . 2012-12-14 01:42	754652	----a-w-	c:\windows\system32\igcodeckrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42	598384	----a-w-	c:\windows\system32\igvpkrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42	459264	----a-w-	c:\windows\SysWow64\igfx11cmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrptg.lrc
2012-12-14 01:42 . 2012-12-14 01:42	286208	----a-w-	c:\windows\system32\igfxrenu.lrc
2012-12-14 01:42 . 2012-12-14 01:42	142336	----a-w-	c:\windows\system32\igfxdo.dll
2012-12-14 01:42 . 2012-12-14 01:42	56832	----a-w-	c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-12-14 01:42 . 2012-12-14 01:42	5353888	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-12-14 01:42 . 2012-12-14 01:42	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrcsy.lrc
2012-12-14 01:42 . 2012-12-14 01:42	25088	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2012-12-14 01:42 . 2012-12-14 01:42	185968	----a-w-	c:\windows\system32\difx64.exe
2012-12-14 01:42 . 2012-12-14 01:42	11633152	----a-w-	c:\windows\system32\ig7icd64.dll
2012-12-14 01:42 . 2012-12-14 01:42	8621056	----a-w-	c:\windows\SysWow64\ig7icd32.dll
2012-12-14 01:42 . 2012-12-14 01:42	518656	----a-w-	c:\windows\system32\igfxcmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrfin.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrsve.lrc
2012-12-14 01:42 . 2012-12-14 01:42	432128	----a-w-	c:\windows\system32\igfxrjpn.lrc
2012-12-14 01:42 . 2012-12-14 01:42	27457536	----a-w-	c:\windows\system32\igdfcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42	116224	----a-w-	c:\windows\system32\igfxCoIn_v2932.dll
2012-12-14 01:42 . 2012-12-14 01:42	442880	----a-w-	c:\windows\system32\igfxdev.dll
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrita.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrhun.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437248	----a-w-	c:\windows\system32\igfxrdan.lrc
2012-12-14 01:42 . 2012-12-14 01:42	27643904	----a-w-	c:\windows\SysWow64\igdrcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42	126976	----a-w-	c:\windows\system32\igfxcpl.cpl
2012-12-14 01:42 . 2012-12-14 01:42	441968	----a-w-	c:\windows\system32\igfxpers.exe
2012-12-14 01:42 . 2012-12-14 01:42	439808	----a-w-	c:\windows\system32\igfxrfra.lrc
2012-12-14 01:42 . 2012-12-14 01:42	410112	----a-w-	c:\windows\system32\igfxTMM.dll
2012-12-14 01:42 . 2012-12-14 01:42	3581440	----a-w-	c:\windows\system32\igdbcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42	172144	----a-w-	c:\windows\system32\igfxtray.exe
2012-12-14 01:42 . 2012-12-14 01:42	5906032	----a-w-	c:\windows\system32\GfxUI.exe
2012-12-14 01:42 . 2012-12-14 01:42	56320	----a-w-	c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrsky.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrplk.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrhrv.lrc
2012-12-14 01:42 . 2012-12-14 01:42	3511296	----a-w-	c:\windows\system32\igfxcmjit64.dll
2012-12-14 01:42 . 2012-12-14 01:42	2898944	----a-w-	c:\windows\SysWow64\igdbcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42	27664896	----a-w-	c:\windows\system32\igdrcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42	175104	----a-w-	c:\windows\system32\gfxSrvc.dll
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2012-12-14 01:42 . 2012-12-14 01:42	399984	----a-w-	c:\windows\system32\hkcmd.exe
2012-12-14 01:42 . 2012-12-14 01:42	277616	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-12-14 01:42 . 2012-12-14 01:42	216064	----a-w-	c:\windows\system32\iglhcp64.dll
2012-12-13 15:24 . 2012-12-13 15:24	342528	----a-w-	c:\windows\system32\drivers\IntcDAud.sys
2012-12-13 15:24 . 2012-12-13 15:24	16896	----a-w-	c:\windows\system32\IntcDAuC.dll
2012-11-30 04:45 . 2013-02-05 15:32	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-10 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-07 385248]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-04 27800]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-02-04 15936]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-02-07 400608]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-07 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-07 565472]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-12-14 682344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-12-13 342528]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-02-12 34752]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 22:29]
.
2013-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2013-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-07 18:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-10 01:29; battlefieldplay4free@ea.com; c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
SafeBoot-78041831.sys
AddRemove-ASRock InstantBoot_is1 - c:\program files (x86)\ASRock Utility\InstantBoot\unins000.exe
AddRemove-PunkBusterSvc - d:\battlefield play 4 free\pbsvc_p4f.exe
AddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - d:\battlefield play 4 free\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\malwarebytes' anti-malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-12  16:30:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-12 15:30
.
Vor Suchlauf: 8.161.193.984 Bytes frei
Nach Suchlauf: 8.540.614.656 Bytes frei
.
- - End Of File - - F308597A29A8A9C2771091F5FC075F45
         

Alt 12.02.2013, 17:46   #8
aharonov
/// TB-Ausbilder
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Gut, kontrollieren wir, ob das ganze Rootkit ausgegraben wurde.
Wie läuft der Rechner jetzt?


Schritt 1

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
  • Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.
Falls Funde angezeigt werden:
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
  • Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.
Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.



Schritt 2

Starte bitte die OTL.exe.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Logs von MBAR
  • Log von OTL
__________________
cheers,
Leo

Alt 12.02.2013, 18:19   #9
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Mein Rechner läuft endlich wieder normal und Avira meldet auch keine Trojaner mehr

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: GAMING-PC [administrator]

12.02.2013 17:56:34
mbar-log-2013-02-12 (17-56-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28976
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U (Backdoor.0Access) -> Delete on reboot.

Files Detected: 3
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.

(end)
         


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: GAMING-PC [administrator]

12.02.2013 18:05:52
mbar-log-2013-02-12 (18-05-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28938
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Code:
ATTFilter
OTL logfile created on: 12.02.2013 18:08:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pascal\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,70 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 76,63% Memory free
15,40 Gb Paging File | 13,40 Gb Available in Paging File | 87,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 8,89 Gb Free Space | 11,40% Space Free | Partition Type: NTFS
Drive D: | 853,39 Gb Total Space | 805,55 Gb Free Space | 94,39% Space Free | Partition Type: NTFS
 
Computer Name: GAMING-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
PRC - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.02.07 14:03:31 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.26 20:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013.02.08 21:10:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll
MOD - [2013.02.08 21:10:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll
MOD - [2013.02.08 12:02:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.08 12:02:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.02.08 12:02:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.08 12:02:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.08 12:02:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.02.08 12:01:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.02.08 12:01:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.08 12:01:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.11 23:29:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.07 16:00:55 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.06 17:34:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.12 18:00:20 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.17 19:39:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.08 15:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 59 68 34 FF 02 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{B53D59EC-52C9-4e86-B240-F4C3220FAFBC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java2\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.04 19:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions
[2013.02.10 01:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions
[2013.02.10 01:29:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com
[2013.02.07 18:57:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\firefox\profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.06 17:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 17:34:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.12 16:26:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java2\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java2\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DDA3A0-17BC-4F24-A5C0-7CAC9B5427EF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956FAE59-CBA2-402C-AD51-E75D0A27FF5E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.12 18:07:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
[2013.02.12 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\mbar
[2013.02.12 16:27:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.12 16:26:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.12 16:22:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.12 16:22:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.12 16:22:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.12 16:22:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.12 16:22:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.12 16:22:06 | 005,033,736 | R--- | C] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe
[2013.02.12 16:05:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.02.12 14:41:23 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe
[2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.02.12 00:35:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes
[2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 00:35:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.12 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs
[2013.02.11 23:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.02.11 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0
[2013.02.11 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Gordonsys_2.0
[2013.02.11 20:00:39 | 005,570,048 | ---- | C] (Gordonsys 2.0) -- C:\Users\Pascal\Desktop\Gordonsys 2.0.exe
[2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar
[2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\B1E
[2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Cross Fire
[2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.02.10 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PMB Files
[2013.02.10 23:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.02.10 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.10 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\SCE
[2013.02.10 17:23:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\libimobiledevice
[2013.02.10 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PunkBuster
[2013.02.10 02:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Origin
[2013.02.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Origin
[2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.02.08 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net
[2013.02.07 21:39:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.02.07 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.07 17:49:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps
[2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.02.06 17:40:33 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.02.06 17:40:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.02.06 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.06 17:23:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\TP-LINK
[2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.02.06 17:18:24 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.02.06 17:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.02.05 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2013.02.05 21:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2013.02.05 21:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2013.02.05 20:38:20 | 000,000,000 | ---D | C] -- C:\Download
[2013.02.05 20:38:08 | 000,000,000 | ---D | C] -- C:\Nexon
[2013.02.05 20:38:07 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.02.05 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LogMeIn Hamachi
[2013.02.05 20:09:50 | 000,000,000 | ---D | C] -- C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
[2013.02.05 19:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2013.02.05 19:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2013.02.05 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Skype
[2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.05 17:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.05 17:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.05 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.05 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\World of Warcraft
[2013.02.05 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.05 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2013.02.05 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.02.05 16:21:06 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe
[2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.02.05 16:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.02.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.05 00:04:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.02.05 00:04:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.02.05 00:03:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.02.04 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\GTA San Andreas User Files
[2013.02.04 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.04 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Diagnostics
[2013.02.04 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Avira
[2013.02.04 19:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.04 19:57:53 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.04 19:57:53 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.04 19:57:53 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Apple Computer
[2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple Computer
[2013.02.04 19:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.04 19:38:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.04 19:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.04 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple
[2013.02.04 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.04 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.02.04 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Macromedia
[2013.02.04 19:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.02.04 19:21:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Mozilla
[2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Mozilla
[2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\ASRock
[2013.02.04 19:04:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe
[2013.02.04 18:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.02.04 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2013.02.04 18:39:08 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.02.04 18:39:08 | 001,491,456 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.02.04 18:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.02.04 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
[2013.02.04 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.02.04 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.02.04 18:30:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2013.02.04 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\DeviceVm
[2013.02.04 18:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.02.04 18:30:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso
[2013.02.04 18:30:18 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Cyberlink
[2013.02.04 18:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.02.04 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.02.04 18:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.02.04 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia
[2013.02.04 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe
[2013.02.04 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.02.04 18:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.02.04 18:27:55 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2013.02.04 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock
[2013.02.04 18:27:49 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013.02.04 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2013.02.04 18:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
[2013.02.04 18:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB
[2013.02.04 18:27:37 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys
[2013.02.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility
[2013.02.04 18:27:34 | 000,017,192 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2013.02.04 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2013.02.04 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2013.02.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Intel Corporation
[2013.02.04 18:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.02.04 18:25:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.04 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.02.04 18:23:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.02.04 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield
[2013.02.04 18:22:14 | 000,565,352 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.04 18:21:43 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.04 18:21:43 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.04 18:21:43 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.04 18:21:43 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.04 18:21:43 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.04 18:21:42 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.04 18:21:42 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.04 18:21:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.04 18:21:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.04 18:21:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.04 18:21:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.04 18:21:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.04 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.04 18:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.04 18:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.02.04 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.02.04 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.02.04 18:19:44 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.04 18:19:43 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.04 18:14:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.02.04 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.02.04 18:14:30 | 000,000,000 | ---D | C] -- C:\Intel
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.04 18:12:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities
[2013.02.04 18:12:15 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts
[2013.02.04 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore
[2013.02.04 18:12:06 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Videos
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Musik
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten
[2013.02.04 18:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.04 18:12:02 | 000,000,000 | ---D | C] -- C:\Recovery
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.12 18:08:06 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 18:08:06 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 18:06:01 | 001,618,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.12 18:06:01 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.12 18:06:01 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.12 18:06:01 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.12 18:06:01 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.12 18:00:36 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.02.12 18:00:27 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.12 18:00:20 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.02.12 18:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.12 18:00:13 | 1905,799,167 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.12 16:26:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.12 16:12:42 | 005,033,736 | R--- | M] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe
[2013.02.12 15:58:20 | 000,587,671 | ---- | M] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe
[2013.02.12 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.02.12 14:41:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe
[2013.02.12 01:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable
[2013.02.12 01:19:30 | 000,365,568 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe
[2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
[2013.02.12 00:35:15 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.11 18:56:45 | 000,000,256 | ---- | M] () -- C:\aim
[2013.02.10 23:58:34 | 000,000,708 | ---- | M] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk
[2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.10 01:09:11 | 000,000,524 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.02.09 01:07:02 | 000,007,605 | ---- | M] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg
[2013.02.08 11:54:39 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.08 11:39:08 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.07 16:24:06 | 000,000,202 | ---- | M] () -- C:\Users\Pascal\Desktop\Arctic Combat.url
[2013.02.07 15:58:34 | 000,000,538 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.06 17:22:42 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.02.06 17:18:20 | 000,000,527 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.05 21:28:22 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2013.02.05 20:38:08 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.02.05 20:38:07 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.02.05 19:12:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.02.05 17:39:56 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.05 17:30:23 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.02.05 16:20:58 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe
[2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.04 19:57:54 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.04 19:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.04 19:38:35 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.04 19:16:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.04 18:29:11 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.02.04 18:27:55 | 000,000,003 | ---- | M] () -- C:\Users\Pascal\AppData\Local\user_data.ini
[2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013.02.04 18:27:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.02.04 18:24:02 | 000,018,330 | ---- | M] () -- C:\Windows\SysNative\results.xml
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.12 16:22:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.12 16:22:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.12 16:22:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.12 16:22:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.12 16:22:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.12 15:59:40 | 000,587,671 | ---- | C] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe
[2013.02.12 01:58:24 | 000,365,568 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe
[2013.02.12 01:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable
[2013.02.12 00:35:15 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.11 00:11:12 | 000,000,256 | ---- | C] () -- C:\aim
[2013.02.10 23:58:34 | 000,000,708 | ---- | C] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk
[2013.02.10 02:25:34 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.10 02:16:22 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.10 02:16:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.10 01:09:11 | 000,000,524 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.02.09 01:07:02 | 000,007,605 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg
[2013.02.07 19:14:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.07 16:24:06 | 000,000,202 | ---- | C] () -- C:\Users\Pascal\Desktop\Arctic Combat.url
[2013.02.07 15:58:34 | 000,000,538 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.06 17:40:50 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.02.06 17:40:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.02.06 17:40:19 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.02.06 17:22:42 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.02.05 21:55:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.05 21:41:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.05 21:28:22 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2013.02.05 20:38:08 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.02.05 20:26:51 | 000,000,527 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.05 19:12:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.02.05 17:39:56 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.05 17:30:23 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.02.05 17:05:48 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.05 00:08:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.02.05 00:08:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.02.05 00:04:08 | 1905,799,167 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.04 19:57:54 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.04 19:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.04 19:38:35 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.04 19:38:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.02.04 19:21:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 19:16:38 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.04 19:16:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.04 18:39:08 | 000,137,691 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.02.04 18:39:08 | 000,007,756 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.02.04 18:30:36 | 000,001,404 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2013.02.04 18:29:12 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini
[2013.02.04 18:29:12 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini
[2013.02.04 18:29:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013.02.04 18:29:11 | 000,246,784 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.02.04 18:29:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.02.04 18:29:11 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.02.04 18:29:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.02.04 18:29:11 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.02.04 18:28:50 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2013.02.04 18:27:55 | 000,000,003 | ---- | C] () -- C:\Users\Pascal\AppData\Local\user_data.ini
[2013.02.04 18:27:20 | 000,034,752 | ---- | C] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.02.04 18:27:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.02.04 18:25:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.02.04 18:25:49 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.04 18:25:38 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.02.04 18:24:02 | 000,018,330 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.02.04 18:22:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.02.04 18:21:43 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.02.04 18:21:42 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.02.04 18:19:44 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2013.02.04 18:19:44 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2013.02.04 18:19:44 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2013.02.04 18:19:43 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin
[2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin
[2013.02.04 18:19:43 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2013.02.04 18:19:43 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013.02.04 18:19:43 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013.02.04 18:19:43 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013.02.04 18:12:29 | 000,001,409 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.02.04 18:12:26 | 000,001,443 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.09 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2013.02.11 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar
[2013.02.04 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeviceVm
[2013.02.12 00:53:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0
[2013.02.10 01:12:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin
[2013.02.06 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TP-LINK
[2013.02.08 20:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 

< End of report >
         
Beim zweiten Durchlauf hat MBAR keine Malware mehr gefunden.

Ich habe jetzt noch 3 Fragen:
1. Ist mein PC damit jetzt bereinigt und wir sind durch mit der ganzen Sache? Wenn ja bedanke ich mich unendlich bei euch für den schnellen Support und die großartige Hilfe, Ich werde euch auf jeden Fall überall weiter empfehlen!
2. Ich habe jetzt Avira deinstalliert und mir Avast gedownloadet da ich gehört habe das es viel besser sein soll. Könnt ihr mir vielleicht das aus eurer Sicht beste Antiviren Programm oder eine gute Kombi empfehlen?
3. Kann ich jetzt die ganzen Programme wie adwcleaner,gmer,Malwarebytes,Combofix,tdsskiller,OTL,mbar wieder deinstallieren oder sollte ich sie behalten?

Gruß Elmox

Alt 12.02.2013, 21:47   #10
aharonov
/// TB-Ausbilder
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Hey,

Zitat:
Ist mein PC damit jetzt bereinigt und wir sind durch mit der ganzen Sache?
Nein, wir sind noch nicht fertig, aber es fehlt nicht mehr viel.
Machen wir morgen hier weiter, lass bis dann bitte noch alles, wie es ist. Wir räumen dann am Schluss auf.
__________________
cheers,
Leo

Alt 12.02.2013, 22:09   #11
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Alles klar

Ich habe gerade einen kompletten Systemcheck mit Avast gemacht und es wurden die von TDSSKiller in Quarantäne verschobenen Dateien gefunden. Ich habe dann gesagt das Avast diese alle löschen soll, ist das schlimm?

Alt 12.02.2013, 22:14   #12
aharonov
/// TB-Ausbilder
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Nein, das ist nicht schlimm, war ja nur die Quarantäne.
Du brauchst sonst noch nichts zu löschen oder so, wir räumen morgen zum Schluss alles auf, wenn die Bereinigung durch ist.
__________________
cheers,
Leo

Alt 12.02.2013, 22:29   #13
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Ok, dann ist ja gut

Morgen werde ich so ab 16 Uhr zu Hause sein.

Alt 13.02.2013, 11:42   #14
aharonov
/// TB-Ausbilder
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Ok, dann machen wir so noch weiter:


Schritt 1

Öffne bitte den erstellten Ordner von Malwarebytes Anti-Rootkit.
Starte die fixdamage.exe und beantworte die Frage mit Yes.
Wenn das Tool fertig ist, starte den Rechner neu auf.



Schritt 2
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
[2013.02.11 23:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 3
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 4

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 5

Starte bitte die OTL.exe.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von OTL
__________________
cheers,
Leo

Alt 13.02.2013, 15:16   #15
Elmox
 
W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Standard

W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)



Code:
ATTFilter
OTL logfile created on: 13.02.2013 15:02:12 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pascal\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,70 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 76,66% Memory free
15,40 Gb Paging File | 13,63 Gb Available in Paging File | 88,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 8,52 Gb Free Space | 10,92% Space Free | Partition Type: NTFS
Drive D: | 853,39 Gb Total Space | 805,27 Gb Free Space | 94,36% Space Free | Partition Type: NTFS
 
Computer Name: GAMING-PC | User Name: Pascal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
PRC - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.26 20:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.12 19:41:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.12 19:41:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.08 21:10:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll
MOD - [2013.02.08 21:10:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll
MOD - [2013.02.08 12:02:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.08 12:02:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.08 12:02:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.08 12:02:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.02.08 12:01:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.02.08 12:01:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.08 12:01:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.11 23:29:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.07 16:00:55 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.06 17:34:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.13 14:06:21 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.17 19:39:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.08 15:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 59 68 34 FF 02 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{B53D59EC-52C9-4e86-B240-F4C3220FAFBC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java2\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.12 20:27:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.04 19:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions
[2013.02.10 01:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions
[2013.02.10 01:29:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com
[2013.02.07 18:57:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\firefox\profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.06 17:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.12 20:27:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.02.06 17:34:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.02.12 16:26:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java2\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java2\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DDA3A0-17BC-4F24-A5C0-7CAC9B5427EF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956FAE59-CBA2-402C-AD51-E75D0A27FF5E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.13 14:12:49 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Pascal\Desktop\esetsmartinstaller_enu.exe
[2013.02.13 14:05:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.12 22:34:19 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013.02.12 22:34:14 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013.02.12 22:34:14 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.02.12 22:34:13 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013.02.12 22:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013.02.12 21:12:52 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0
[2013.02.12 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Google
[2013.02.12 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.02.12 20:27:25 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.02.12 20:27:24 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.02.12 20:27:24 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.02.12 20:27:24 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.02.12 20:27:23 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.02.12 20:27:22 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.02.12 20:27:22 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.02.12 20:27:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013.02.12 20:27:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.02.12 20:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.02.12 20:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.02.12 18:07:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
[2013.02.12 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\mbar
[2013.02.12 16:27:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.12 16:26:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.12 16:22:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.12 16:22:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.12 16:22:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.12 16:22:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.12 16:22:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.12 16:22:06 | 005,033,736 | R--- | C] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe
[2013.02.12 16:05:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.02.12 14:41:23 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe
[2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.02.12 00:35:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes
[2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 00:35:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.12 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs
[2013.02.11 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Gordonsys_2.0
[2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar
[2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\B1E
[2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Cross Fire
[2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
[2013.02.10 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.10 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\SCE
[2013.02.10 17:23:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\libimobiledevice
[2013.02.10 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PunkBuster
[2013.02.10 02:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Origin
[2013.02.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Origin
[2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.02.08 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net
[2013.02.07 21:39:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.02.07 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.07 17:49:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps
[2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.02.06 17:40:33 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.02.06 17:40:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.02.06 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.06 17:23:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\TP-LINK
[2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.02.06 17:18:24 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.02.06 17:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.02.05 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2013.02.05 21:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2013.02.05 21:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2013.02.05 20:38:20 | 000,000,000 | ---D | C] -- C:\Download
[2013.02.05 20:38:08 | 000,000,000 | ---D | C] -- C:\Nexon
[2013.02.05 20:38:07 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.02.05 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LogMeIn Hamachi
[2013.02.05 20:09:50 | 000,000,000 | ---D | C] -- C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
[2013.02.05 19:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2013.02.05 19:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2013.02.05 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Skype
[2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.05 17:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.05 17:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.05 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.02.05 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\World of Warcraft
[2013.02.05 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.05 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2013.02.05 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.02.05 16:21:06 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe
[2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.02.05 16:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.02.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.05 00:04:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.02.05 00:04:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.02.05 00:03:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.02.04 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\GTA San Andreas User Files
[2013.02.04 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.04 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Diagnostics
[2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Apple Computer
[2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple Computer
[2013.02.04 19:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.04 19:38:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.04 19:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.04 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple
[2013.02.04 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.04 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.02.04 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Macromedia
[2013.02.04 19:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.02.04 19:21:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Mozilla
[2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Mozilla
[2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\ASRock
[2013.02.04 19:04:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe
[2013.02.04 18:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.02.04 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2013.02.04 18:39:08 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.02.04 18:39:08 | 001,491,456 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.02.04 18:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.02.04 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
[2013.02.04 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.02.04 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.02.04 18:30:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2013.02.04 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\DeviceVm
[2013.02.04 18:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.02.04 18:30:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso
[2013.02.04 18:30:18 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Cyberlink
[2013.02.04 18:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.02.04 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.02.04 18:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.02.04 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia
[2013.02.04 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe
[2013.02.04 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.02.04 18:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.02.04 18:27:55 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2013.02.04 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock
[2013.02.04 18:27:49 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013.02.04 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2013.02.04 18:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
[2013.02.04 18:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB
[2013.02.04 18:27:37 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys
[2013.02.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility
[2013.02.04 18:27:34 | 000,017,192 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2013.02.04 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2013.02.04 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2013.02.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Intel Corporation
[2013.02.04 18:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.02.04 18:25:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.04 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.02.04 18:23:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.02.04 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield
[2013.02.04 18:22:14 | 000,565,352 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.04 18:21:43 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.04 18:21:43 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.04 18:21:43 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.04 18:21:43 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.04 18:21:43 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.04 18:21:42 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.04 18:21:42 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.04 18:21:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.04 18:21:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.04 18:21:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.04 18:21:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.04 18:21:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.04 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.04 18:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.04 18:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.02.04 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.02.04 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.02.04 18:19:44 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.04 18:19:43 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.04 18:14:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.02.04 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.02.04 18:14:30 | 000,000,000 | ---D | C] -- C:\Intel
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches
[2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.04 18:12:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities
[2013.02.04 18:12:15 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts
[2013.02.04 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore
[2013.02.04 18:12:06 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop
[2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Videos
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Musik
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten
[2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten
[2013.02.04 18:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft
[2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.04 18:12:02 | 000,000,000 | ---D | C] -- C:\Recovery
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.13 14:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.13 14:13:32 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 14:13:32 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 14:11:32 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Pascal\Desktop\esetsmartinstaller_enu.exe
[2013.02.13 14:11:17 | 001,618,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.13 14:11:17 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.13 14:11:17 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.13 14:11:17 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.13 14:11:17 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.13 14:06:26 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.02.13 14:06:22 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.13 14:06:21 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.02.13 14:06:09 | 1905,799,167 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 22:34:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.02.12 22:33:05 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.02.12 19:39:50 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 16:26:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.12 16:12:42 | 005,033,736 | R--- | M] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe
[2013.02.12 15:58:20 | 000,587,671 | ---- | M] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe
[2013.02.12 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.02.12 14:41:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe
[2013.02.12 01:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable
[2013.02.12 01:19:30 | 000,365,568 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe
[2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
[2013.02.12 00:35:15 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.10 23:58:34 | 000,000,708 | ---- | M] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk
[2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.10 01:09:11 | 000,000,524 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.02.09 01:07:02 | 000,007,605 | ---- | M] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg
[2013.02.08 11:54:39 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.07 16:24:06 | 000,000,202 | ---- | M] () -- C:\Users\Pascal\Desktop\Arctic Combat.url
[2013.02.07 15:58:34 | 000,000,538 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.06 17:22:42 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.02.06 17:18:20 | 000,000,527 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.05 21:28:22 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2013.02.05 20:38:08 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.02.05 20:38:07 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.02.05 19:12:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.02.05 17:39:56 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.05 17:30:23 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.02.05 16:20:58 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe
[2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.04 19:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.04 19:38:35 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.04 19:16:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.04 18:29:11 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.02.04 18:27:55 | 000,000,003 | ---- | M] () -- C:\Users\Pascal\AppData\Local\user_data.ini
[2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013.02.04 18:27:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.02.04 18:24:02 | 000,018,330 | ---- | M] () -- C:\Windows\SysNative\results.xml
 
========== Files Created - No Company Name ==========
 
[2013.02.12 22:33:05 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.02.12 20:27:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.02.12 16:22:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.12 16:22:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.12 16:22:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.12 16:22:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.12 16:22:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.12 15:59:40 | 000,587,671 | ---- | C] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe
[2013.02.12 01:58:24 | 000,365,568 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe
[2013.02.12 01:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable
[2013.02.12 00:35:15 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.10 23:58:34 | 000,000,708 | ---- | C] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk
[2013.02.10 02:25:34 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.10 02:16:22 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.10 02:16:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.10 01:09:11 | 000,000,524 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.02.09 01:07:02 | 000,007,605 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg
[2013.02.07 19:14:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.07 16:24:06 | 000,000,202 | ---- | C] () -- C:\Users\Pascal\Desktop\Arctic Combat.url
[2013.02.07 15:58:34 | 000,000,538 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.02.06 17:40:50 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.02.06 17:40:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.02.06 17:40:19 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.02.06 17:22:42 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
[2013.02.05 21:55:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.05 21:41:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.05 21:28:22 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2013.02.05 20:38:08 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.02.05 20:26:51 | 000,000,527 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.02.05 19:12:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013.02.05 17:39:56 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.05 17:30:23 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.02.05 17:05:48 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.05 00:08:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.02.05 00:08:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.02.05 00:04:08 | 1905,799,167 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.04 19:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.02.04 19:38:35 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.04 19:38:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.02.04 19:21:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 19:16:38 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.04 19:16:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.04 18:39:08 | 000,137,691 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.02.04 18:39:08 | 000,007,756 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.02.04 18:30:36 | 000,001,404 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2013.02.04 18:29:12 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini
[2013.02.04 18:29:12 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini
[2013.02.04 18:29:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013.02.04 18:29:11 | 000,246,784 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.02.04 18:29:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.02.04 18:29:11 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.02.04 18:29:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.02.04 18:29:11 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.02.04 18:28:50 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2013.02.04 18:27:55 | 000,000,003 | ---- | C] () -- C:\Users\Pascal\AppData\Local\user_data.ini
[2013.02.04 18:27:20 | 000,034,752 | ---- | C] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.02.04 18:27:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.02.04 18:25:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.02.04 18:25:49 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.02.04 18:25:38 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.02.04 18:24:02 | 000,018,330 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.02.04 18:22:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.02.04 18:21:43 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.02.04 18:21:42 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.02.04 18:19:44 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2013.02.04 18:19:44 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2013.02.04 18:19:44 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2013.02.04 18:19:43 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin
[2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin
[2013.02.04 18:19:43 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2013.02.04 18:19:43 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013.02.04 18:19:43 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013.02.04 18:19:43 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013.02.04 18:12:29 | 000,001,409 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.02.04 18:12:26 | 000,001,443 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.09 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft
[2013.02.11 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar
[2013.02.04 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeviceVm
[2013.02.12 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0
[2013.02.10 01:12:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin
[2013.02.06 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TP-LINK
[2013.02.08 20:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 

< End of report >
         


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: GAMING-PC [Administrator]

Schutz: Aktiviert

13.02.2013 14:09:23
mbam-log-2013-02-13 (14-09-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213256
Laufzeit: 1 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Code:
ATTFilter
C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0\5hyN5qTuA0.dll	a variant of Win32/Packed.VMProtect.AAN trojan
         

Antwort

Themen zu W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)
avira, beseitigen, c:\windows, c:\windows\system32\services.exe, eingefangen, gefangen, gefunde, gen, hoffe, schei, services.exe, system, system32, titel, troja, trojaner-board, virus, virus.win64.zaccess.a, w32/patched.uc, windows, ähnliches



Ähnliche Themen: W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)


  1. Virus: Win64/Patched.A in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 23.07.2014 (19)
  2. Virus Win64/Patched.A in c:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 29.05.2013 (11)
  3. W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 23.05.2013 (54)
  4. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  5. TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (21)
  6. Avira findet W32/Patched.UC in C:\windows\system32\services.exe
    Log-Analyse und Auswertung - 08.01.2013 (19)
  7. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  8. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  9. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  10. Trojan.Patched.Sirefef.B in C:\Windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (3)
  11. W32/Patched.UB in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 02.08.2012 (7)
  12. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  13. Virusfund WR32/Patched.UA in "C:\Windows\System32\Services.exe"
    Log-Analyse und Auswertung - 11.07.2012 (4)
  14. avira antivirus premium meldet in c:\windows\system32\services.exe Virus w32/patched.ub
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (22)
  15. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  16. TR/sirefef.BP.1 mit Avira gefunden in der Datei C:\Windows\System32\rpcnet.dll
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (1)
  17. TR/Crypt.ZPACK.Gen2 Trojan wurde von Avira gefunden c:\windows\system32\sshnaS21.dll
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (1)

Zum Thema W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) - Hallo liebes Trojaner-Board Team, wie der Titel schon sagt habe ich mir anscheinend einen Virus oder ähnliches eingefangen :/. Ich hoffe ihr könnt mir helfen diesen schnellst möglich wieder zu - W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)...
Archiv
Du betrachtest: W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.