| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.01.2013, 18:30
| #1 |
| |  GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte? Hallo Trojaner-Board Team, es ist vollbracht, er auch meinen wohl nicht ganz sicheren, PC befallen. Ich habe es nach langem hin und her geschafft im Abges.Modus mit Eingabeaufforderung eine Systemwiederherstellung zu machen. Nun läuft erstmal wieder alles. Was muss ich jetzt alles machen im Anhang sind die Log´s |
|
27.01.2013, 00:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte? Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
27.01.2013, 10:44
| #3 |
| | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte? Sry hatte das bei anderen so gesehn
__________________Jetzt nochmal hoffentlich richtig Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:37 on 26/01/2013 (Pascal)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 27.01.2013 10:18:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pascal\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,88 Gb Total Physical Memory | 13,69 Gb Available Physical Memory | 86,19% Memory free 31,76 Gb Paging File | 29,40 Gb Available in Paging File | 92,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,96 Gb Total Space | 10,95 Gb Free Space | 18,26% Space Free | Partition Type: NTFS Drive D: | 59,18 Gb Total Space | 40,34 Gb Free Space | 68,17% Space Free | Partition Type: NTFS Drive E: | 58,59 Gb Total Space | 23,68 Gb Free Space | 40,41% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 97,43 Gb Free Space | 99,77% Space Free | Partition Type: NTFS Drive G: | 76,63 Gb Total Space | 76,44 Gb Free Space | 99,76% Space Free | Partition Type: NTFS Drive H: | 255,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Y: | 1842,86 Gb Total Space | 160,71 Gb Free Space | 8,72% Space Free | Partition Type: NTFS Drive Z: | 1842,86 Gb Total Space | 160,71 Gb Free Space | 8,72% Space Free | Partition Type: NTFS Computer Name: DÖRFLER | User Name: Pascal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.26 17:33:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe PRC - [2013.01.15 11:13:44 | 001,973,232 | ---- | M] (Micro-Star International) -- C:\Program Files (x86)\MSI\Live Update 5\LU5.exe PRC - [2012.12.20 18:44:32 | 000,844,296 | ---- | M] (Samsung) -- D:\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.12.20 18:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Kies\KiesTrayAgent.exe PRC - [2012.12.20 18:44:26 | 001,476,104 | ---- | M] (Samsung) -- D:\Kies\Kies.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.12 20:29:24 | 002,495,944 | ---- | M] (EMC) -- C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe PRC - [2012.12.12 01:42:42 | 000,221,048 | ---- | M] (LenovoEMC Ltd.) -- C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe PRC - [2012.12.10 17:05:34 | 000,853,048 | ---- | M] (Micro-Star INT'L CO.,LTD.) -- C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.07 15:52:26 | 000,363,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.11.07 15:52:24 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.11.07 15:52:12 | 000,164,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.10.30 11:56:40 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe PRC - [2012.10.30 11:55:30 | 000,218,144 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe PRC - [2012.10.26 11:23:12 | 000,122,936 | ---- | M] (MSI) -- C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe PRC - [2012.10.26 10:18:44 | 000,105,016 | ---- | M] (MSI) -- C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe PRC - [2012.10.26 10:07:34 | 000,103,992 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe PRC - [2012.10.25 20:30:38 | 000,143,416 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe PRC - [2012.10.23 09:54:10 | 000,502,328 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe PRC - [2012.07.12 13:21:30 | 002,083,640 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro SafeSync\HrfsClient.exe PRC - [2012.05.21 00:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.04.23 09:36:32 | 000,010,752 | ---- | M] () -- C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe PRC - [2012.04.17 14:01:42 | 000,075,280 | ---- | M] (MSI) -- C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe PRC - [2012.04.12 19:59:42 | 000,252,432 | ---- | M] () -- C:\Program Files (x86)\MSI\OTPService\OTPService.exe PRC - [2012.01.05 06:35:30 | 002,325,096 | R--- | M] (Realtek Semiconductor) -- C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe PRC - [2011.09.20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe PRC - [2011.08.30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2011.08.29 16:37:02 | 001,517,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ========== Modules (No Company Name) ========== MOD - [2013.01.25 13:50:45 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll MOD - [2013.01.25 13:50:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.25 13:50:28 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.24 20:05:19 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.24 20:05:12 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.24 20:05:11 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll MOD - [2013.01.24 20:05:08 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.24 20:05:07 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.24 20:05:06 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.24 20:05:06 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.24 20:05:05 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.24 20:05:05 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013.01.24 20:05:04 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.24 20:05:01 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2013.01.22 17:03:20 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll MOD - [2013.01.21 18:22:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.21 18:22:47 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5f3769db958cc666dc98cb7748a84ac9\PresentationFramework.ni.dll MOD - [2013.01.21 18:22:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.21 18:22:36 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.21 18:22:35 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\45e239d35a2c14b841dd4ef2c186ff2f\PresentationCore.ni.dll MOD - [2013.01.21 18:22:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.21 18:22:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.21 18:22:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.21 18:22:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.21 18:22:23 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.12.12 20:30:10 | 006,302,208 | ---- | M] () -- C:\Program Files (x86)\LenovoEMC Storage Manager\wxmsw28u_vc_custom.dll MOD - [2012.07.05 09:58:00 | 001,195,022 | ---- | M] () -- C:\Programme\Trend Micro SafeSync\avcodec-54.dll MOD - [2012.07.05 09:58:00 | 000,217,614 | ---- | M] () -- C:\Programme\Trend Micro SafeSync\avformat-54.dll MOD - [2012.07.05 09:58:00 | 000,138,766 | ---- | M] () -- C:\Programme\Trend Micro SafeSync\avutil-51.dll MOD - [2011.11.04 12:24:20 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll MOD - [2011.10.21 06:42:14 | 000,140,800 | R--- | M] () -- C:\Program Files (x86)\MSI\NetworkGenie\gep.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.25 14:07:57 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.12 01:42:42 | 000,221,048 | ---- | M] (LenovoEMC Ltd.) [Auto | Running] -- C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe -- (PCloudd) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.07 15:52:26 | 000,363,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.11.07 15:52:24 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.11.07 15:52:12 | 000,164,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.10.26 11:23:12 | 000,122,936 | ---- | M] (MSI) [Auto | Running] -- C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe -- (MSI_SuiteCharger) SRV - [2012.10.26 10:18:44 | 000,105,016 | ---- | M] (MSI) [Auto | Running] -- C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe -- (MSI_SuiteFastBoot) SRV - [2012.10.26 10:07:34 | 000,103,992 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe -- (MSI_FastBoot) SRV - [2012.10.25 20:30:38 | 000,143,416 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger) SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.27 10:54:18 | 000,636,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.07.12 13:21:14 | 007,908,664 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService) SRV - [2012.05.15 09:47:34 | 000,119,424 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.04.23 09:36:32 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe -- (MSIFileSyncMonitor) SRV - [2012.04.17 14:01:42 | 000,075,280 | ---- | M] (MSI) [Auto | Running] -- C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe -- (MSI_ComCenService) SRV - [2012.04.12 19:59:42 | 000,252,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MSI\OTPService\OTPService.exe -- (MSI_OTPService) SRV - [2011.08.30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.09 01:46:40 | 000,020,048 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv) DRV:64bit: - [2012.07.12 18:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.21 00:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.21 00:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.21 00:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.05.15 09:57:52 | 000,290,944 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.05.15 09:56:58 | 000,283,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.05.15 09:56:16 | 000,166,528 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.05.15 09:55:58 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.05.15 09:55:40 | 000,029,824 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.05.15 09:55:22 | 000,109,696 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.05.15 09:55:04 | 000,260,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.05.15 09:54:28 | 000,052,352 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2012.03.25 17:55:22 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 06:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.21 16:09:36 | 000,217,088 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc) DRV:64bit: - [2011.11.21 16:09:34 | 000,101,376 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub) DRV:64bit: - [2011.09.14 11:16:12 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) DRV:64bit: - [2010.04.10 15:05:30 | 000,050,720 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2010.01.05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.20 10:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.10.26 10:12:24 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys -- (NTIOLib_SuiteFB) DRV - [2012.10.26 09:56:46 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys -- (NTIOLib_FastBoot) DRV - [2012.10.25 19:51:34 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_1_S) DRV - [2012.10.25 19:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3) DRV - [2012.03.30 15:26:30 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\MSI\MSI SUITE\NTIOLib_X64.sys -- (NTIOLib_1_0_C) DRV - [2011.09.20 11:10:48 | 000,011,080 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys -- (NTIOLib_1_0_D) DRV - [2011.01.06 11:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7751vH60\NTIOLib_X64.sys -- (NTIOLib_1_0_6) DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4) DRV - [2009.10.06 00:10:14 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys -- (NTIOLib_1_0_T) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - Extension: Docs = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe (MSI CO.,LTD.) O4 - HKLM..\Run: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe () O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe () O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] D:\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24A35A1A-EDFA-4609-8991-839864433C03}: DhcpNameServer = 192.168.2.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.05 12:47:18 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{23242766-626f-11e2-8642-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{23242766-626f-11e2-8642-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.27 10:11:56 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.01.26 18:24:02 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.26 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.26 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2013.01.26 18:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.01.26 18:22:56 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Optimizer Pro [2013.01.26 18:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro [2013.01.26 18:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2013.01.26 18:12:54 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe [2013.01.26 18:12:54 | 000,700,783 | ---- | C] (Swearware) -- C:\Users\Pascal\Desktop\dds+.exe [2013.01.26 18:06:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes [2013.01.26 18:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.26 18:05:55 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.26 18:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.26 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.26 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs [2013.01.26 17:33:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe [2013.01.26 17:31:32 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Pascal\Desktop\aswMBR.exe [2013.01.25 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.25 14:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.01.25 14:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2013.01.25 14:07:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Google [2013.01.25 14:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.01.24 20:20:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.01.24 20:11:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013.01.24 20:11:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Samsung [2013.01.24 20:11:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Samsung [2013.01.24 20:11:16 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\samsung [2013.01.24 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\Neuer Ordner [2013.01.24 20:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013.01.24 20:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.01.24 20:06:16 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2013.01.24 20:06:14 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2013.01.24 20:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.01.24 20:04:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.24 20:03:31 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Downloaded Installations [2013.01.21 18:27:22 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe [2013.01.20 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Bluetooth Folder [2013.01.20 17:11:05 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\ElevatedDiagnostics [2013.01.20 17:04:55 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LenovoEMCStorageManager [2013.01.20 17:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\LenovoEMCStorageManager [2013.01.20 17:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoEMC [2013.01.20 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LenovoEMC Storage Manager [2013.01.20 16:39:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR [2013.01.20 16:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.01.20 16:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.01.20 13:51:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\MSI [2013.01.20 13:48:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\SafeSync [2013.01.20 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Trend Micro [2013.01.20 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Trend Micro [2013.01.20 13:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2013.01.20 13:36:29 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Avira [2013.01.20 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.20 13:31:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.20 13:31:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.20 13:31:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.20 13:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.20 13:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.20 13:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.01.20 13:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro SafeSync [2013.01.20 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro SafeSync [2013.01.20 13:18:18 | 000,000,000 | -H-D | C] -- C:\SuperChargerProfile [2013.01.20 13:13:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.01.20 13:04:41 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.01.20 13:04:38 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013.01.20 13:04:38 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.01.20 13:04:35 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.20 13:04:35 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013.01.20 12:51:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.01.20 12:51:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.01.20 12:48:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.01.20 12:48:07 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.01.20 12:21:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.01.20 12:10:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.01.19 20:33:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.01.19 20:33:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.01.19 20:33:26 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.01.19 15:48:57 | 000,000,000 | -H-D | C] -- C:\msiFastBoot [2013.01.19 15:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.01.19 15:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files [2013.01.19 15:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2013.01.19 14:30:53 | 000,011,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\acpimof.dll [2013.01.19 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\BMExplorer [2013.01.19 14:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2013.01.19 14:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.01.19 14:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2013.01.19 14:20:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield [2013.01.19 14:20:03 | 000,171,808 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysNative\appinit_dll.dll [2013.01.19 14:20:03 | 000,147,744 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysWow64\appinit_dll.dll [2013.01.19 14:20:03 | 000,066,336 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys [2013.01.19 14:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTU MVP [2013.01.19 14:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lucidlogix Technologies [2013.01.19 14:20:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Lucidlogix [2013.01.19 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.01.19 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia [2013.01.19 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe [2013.01.19 14:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.19 14:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.01.19 14:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.01.19 14:19:23 | 000,032,360 | R--- | C] (NT Kernel Resources) -- C:\Windows\SysNative\drivers\ndisrd.sys [2013.01.19 14:18:54 | 000,050,720 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys [2013.01.19 14:18:54 | 000,027,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys [2013.01.19 14:18:54 | 000,000,000 | ---D | C] -- C:\IM [2013.01.19 14:18:00 | 000,000,000 | -H-D | C] -- C:\ControlCenterCount [2013.01.19 14:17:08 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404 [2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401 [2013.01.19 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.01.19 14:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.01.19 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.01.19 14:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.01.19 14:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI [2013.01.19 14:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI [2013.01.19 14:06:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.19 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.19 14:06:00 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.01.19 14:06:00 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.19 14:06:00 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.19 14:06:00 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.19 14:06:00 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.19 14:05:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.19 14:05:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.19 14:05:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.19 14:05:55 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.19 14:05:55 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.19 14:05:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.19 14:05:45 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.01.19 14:05:32 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.19 14:05:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.19 14:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.19 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Atheros [2013.01.19 13:57:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program [2013.01.19 13:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2013.01.19 13:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite [2013.01.19 13:57:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.01.19 13:56:22 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.01.19 13:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.19 13:56:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.01.19 13:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.01.19 13:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013.01.19 13:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013.01.19 13:54:49 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.19 13:54:49 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.19 13:53:45 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.01.19 13:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.01.19 13:53:39 | 000,000,000 | ---D | C] -- C:\Intel [2013.01.19 13:53:26 | 000,000,000 | ---D | C] -- C:\MSI [2013.01.19 13:36:45 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.19 13:36:45 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches [2013.01.19 13:36:45 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.19 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities [2013.01.19 13:36:39 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts [2013.01.19 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore [2013.01.19 13:36:36 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft [2013.01.19 13:36:36 | 000,000,000 | RHSD | C] -- C:\Users\Pascal\Documents\Eigene Videos [2013.01.19 13:36:36 | 000,000,000 | RHSD | C] -- C:\Users\Pascal\Documents\Eigene Musik [2013.01.19 13:36:36 | 000,000,000 | RHSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop [2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten [2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten [2013.01.19 13:36:36 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData [2013.01.19 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp [2013.01.19 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft [2013.01.19 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.19 13:36:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2013.01.27 10:19:51 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.27 10:19:51 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.27 10:19:51 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.27 10:19:51 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.27 10:19:51 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.27 10:18:44 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 10:18:44 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 10:11:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.27 10:11:41 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RtlNetworkGenieVistaStart.job [2013.01.27 10:11:40 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.01.27 10:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.27 10:11:34 | 4199,632,894 | -HS- | M] () -- C:\hiberfil.sys [2013.01.26 18:26:25 | 000,039,590 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer.rar [2013.01.26 18:26:04 | 000,000,333 | ---- | M] () -- C:\Users\Pascal\Desktop\defogger_disable.rar [2013.01.26 18:25:35 | 000,014,708 | ---- | M] () -- C:\Users\Pascal\Desktop\OTL.rar [2013.01.26 18:22:56 | 000,001,062 | ---- | M] () -- C:\Users\Pascal\Desktop\Optimizer Pro.lnk [2013.01.26 18:10:06 | 000,700,783 | ---- | M] (Swearware) -- C:\Users\Pascal\Desktop\dds+.exe [2013.01.26 18:09:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe [2013.01.26 18:05:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.26 18:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.26 17:37:02 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable [2013.01.26 17:36:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.26 17:34:43 | 000,365,568 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer-2.0.18444.exe [2013.01.26 17:33:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe [2013.01.26 17:33:49 | 000,050,477 | ---- | M] () -- C:\Users\Pascal\Desktop\Defogger.exe [2013.01.26 17:32:37 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Pascal\Desktop\aswMBR.exe [2013.01.26 17:19:41 | 095,023,320 | ---- | M] () -- C:\ProgramData\648993.pad [2013.01.25 14:08:28 | 000,002,289 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.01.24 20:11:16 | 000,000,579 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.01.24 20:11:16 | 000,000,569 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.01.24 20:05:55 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.21 17:37:11 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Live Update 5.lnk [2013.01.20 17:04:55 | 000,001,225 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk [2013.01.20 17:04:55 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk [2013.01.20 16:39:56 | 000,000,676 | ---- | M] () -- C:\Users\Pascal\Desktop\EVEREST Ultimate Edition.lnk [2013.01.20 16:36:34 | 000,000,492 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.20 16:27:24 | 000,000,494 | ---- | M] () -- C:\Users\Pascal\Desktop\Lokaler Datenträger (D).lnk [2013.01.20 16:19:34 | 000,001,062 | ---- | M] () -- C:\Users\Pascal\Desktop\Dokumente.lnk [2013.01.20 13:51:21 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.20 13:31:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.20 13:27:48 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro SafeSync-Dateien.lnk [2013.01.20 13:27:48 | 000,001,866 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk [2013.01.19 20:35:03 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.19 20:35:03 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.19 15:52:55 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\ControlCenter.lnk [2013.01.19 15:42:01 | 000,000,036 | ---- | M] () -- C:\Users\Pascal\AppData\Local\housecall.guid.cache [2013.01.19 15:23:40 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2013.01.19 14:50:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.19 14:50:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.19 14:20:23 | 000,001,063 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk [2013.01.19 14:08:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.01.19 14:06:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2013.01.19 13:55:46 | 000,018,226 | ---- | M] () -- C:\Windows\SysNative\results.xml ========== Files Created - No Company Name ========== [2013.01.26 18:26:25 | 000,039,590 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer.rar [2013.01.26 18:26:04 | 000,000,333 | ---- | C] () -- C:\Users\Pascal\Desktop\defogger_disable.rar [2013.01.26 18:25:35 | 000,014,708 | ---- | C] () -- C:\Users\Pascal\Desktop\OTL.rar [2013.01.26 18:22:56 | 000,001,062 | ---- | C] () -- C:\Users\Pascal\Desktop\Optimizer Pro.lnk [2013.01.26 18:05:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.26 17:34:43 | 000,365,568 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer-2.0.18444.exe [2013.01.26 17:33:49 | 000,050,477 | ---- | C] () -- C:\Users\Pascal\Desktop\Defogger.exe [2013.01.26 17:31:18 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable [2013.01.26 16:50:47 | 095,023,320 | ---- | C] () -- C:\ProgramData\648993.pad [2013.01.25 14:08:28 | 000,002,289 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.01.25 14:08:01 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.25 14:08:00 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.24 20:11:16 | 000,000,579 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.01.24 20:11:16 | 000,000,569 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.01.21 17:37:11 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Live Update 5.lnk [2013.01.20 17:04:55 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk [2013.01.20 17:04:55 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk [2013.01.20 16:36:34 | 000,000,492 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.20 16:27:24 | 000,000,494 | ---- | C] () -- C:\Users\Pascal\Desktop\Lokaler Datenträger (D).lnk [2013.01.20 16:19:34 | 000,001,062 | ---- | C] () -- C:\Users\Pascal\Desktop\Dokumente.lnk [2013.01.20 13:39:21 | 000,000,676 | ---- | C] () -- C:\Users\Pascal\Desktop\EVEREST Ultimate Edition.lnk [2013.01.20 13:31:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.20 13:27:48 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro SafeSync-Dateien.lnk [2013.01.20 13:27:48 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk [2013.01.20 13:13:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.20 13:04:39 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.20 12:48:21 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2013.01.20 12:48:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.01.20 12:48:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.01.20 12:48:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.01.20 12:48:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.01.20 12:48:03 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2013.01.20 12:48:03 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.01.19 20:34:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.01.19 20:34:56 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.01.19 20:33:46 | 4199,632,894 | -HS- | C] () -- C:\hiberfil.sys [2013.01.19 15:52:55 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\ControlCenter.lnk [2013.01.19 15:47:13 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.19 15:44:06 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.01.19 15:42:01 | 000,000,036 | ---- | C] () -- C:\Users\Pascal\AppData\Local\housecall.guid.cache [2013.01.19 15:23:43 | 000,007,195 | ---- | C] () -- C:\Windows\SysWow64\THXCfgUninstall32.ini [2013.01.19 15:23:43 | 000,006,925 | ---- | C] () -- C:\Windows\SysWow64\THXCfg32.ini [2013.01.19 14:59:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.19 14:50:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.01.19 14:50:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.19 14:45:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.19 14:21:03 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini [2013.01.19 14:21:03 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini [2013.01.19 14:21:03 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2013.01.19 14:21:03 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2013.01.19 14:21:03 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2013.01.19 14:21:01 | 000,237,056 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2013.01.19 14:21:01 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.01.19 14:21:01 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2013.01.19 14:21:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.01.19 14:21:01 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2013.01.19 14:20:24 | 000,001,063 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk [2013.01.19 14:19:56 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk [2013.01.19 14:19:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.01.19 14:19:27 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\RtlNetworkGenieVistaStart.job [2013.01.19 14:08:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.01.19 14:06:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2013.01.19 13:55:46 | 000,018,226 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013.01.19 13:54:49 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2013.01.19 13:54:49 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.01.19 13:54:49 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin [2013.01.19 13:54:49 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.01.19 13:54:49 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin [2013.01.19 13:54:49 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2013.01.19 13:54:49 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2013.01.19 13:54:49 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2013.01.19 13:54:49 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2013.01.19 13:54:48 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2013.01.19 13:54:48 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2013.01.19 13:54:48 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2013.01.19 13:36:47 | 000,001,405 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.19 13:36:46 | 000,001,439 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.03.07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.26 18:22:56 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Optimizer Pro [2013.01.24 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Samsung ========== Purity Check ========== < End of report > [/CODE] |
|
27.01.2013, 11:01
| #4 |
| | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte? Die GMER Datei ist zu lang es sind über 1500000 Zeichen und es dürfen aber nur 12000 deshalb die leider im anhang OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.01.2013 17:38:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,88 Gb Total Physical Memory | 13,78 Gb Available Physical Memory | 86,77% Memory free
31,76 Gb Paging File | 29,51 Gb Available in Paging File | 92,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,96 Gb Total Space | 11,14 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive D: | 59,18 Gb Total Space | 40,34 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 23,68 Gb Free Space | 40,41% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 97,43 Gb Free Space | 99,77% Space Free | Partition Type: NTFS
Drive G: | 76,63 Gb Total Space | 76,44 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive H: | 255,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DÖRFLER | User Name: Pascal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23C854C3-A04A-4C6C-996A-C2A536FE409B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{4A7F7E6C-8252-46A1-8C82-5A5589AAAA2C}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe |
"TCP Query User{A82F32CD-5666-4904-A5B8-13C2DA121459}D:\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=d:\iomega storage manager\iomegastoragemanager.exe |
"TCP Query User{EFDF74A3-2CF2-4658-85DB-165EB48EF030}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe |
"UDP Query User{2A780DCC-5F8F-4F2D-8BA3-2ECB14DD01A7}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe |
"UDP Query User{96A33D7C-5BF6-4190-AB4D-4542DA711DBE}D:\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=d:\iomega storage manager\iomegastoragemanager.exe |
"UDP Query User{9CC50A20-A120-40FE-B0E0-460315DD0EE0}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HFRS_is1" = Trend Micro SafeSync
"LenovoEMC Storage Manager" = LenovoEMC Storage Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VIRTU MVP_is1" = VIRTU MVP 2.1.112
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1" = Fast Boot
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F025E3A-3074-48A3-A8F3-78E735739491}_is1" = MSI SUITE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1" = ControlCenter
"{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1" = TeamingGenie
"{B05F7750-8800-4520-9732-9C841246C8E2}_is1" = OTPService
"{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}" = NetworkGenie
"{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1" = CLICKBIOSII
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudioGenie_is1" = AudioGenie
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Google Chrome" = Google Chrome
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.01.2013 11:44:30 | Computer Name = Dörfler | Source = .NET Runtime | ID = 1026
Description =
Error - 26.01.2013 11:44:32 | Computer Name = Dörfler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
Zeitstempel: 0x50c5c348 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x1290 Startzeit der fehlerhaften Anwendung: 0x01cdfbdc0796ec1a Pfad der
fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4678fdeb-67cf-11e2-9336-00268339f3cb
Error - 26.01.2013 11:52:07 | Computer Name = ***** | Source = .NET Runtime | ID = 1026
Description =
Error - 26.01.2013 11:52:09 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
Zeitstempel: 0x50c5c348 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0xd18 Startzeit der fehlerhaften Anwendung: 0x01cdfbdd15c84dbc Pfad der
fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 56dcb119-67d0-11e2-8127-000000c00000
Error - 26.01.2013 11:55:47 | Computer Name = ***** | Source = .NET Runtime | ID = 1026
Description =
Error - 26.01.2013 11:55:48 | Computer Name = *****| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
Zeitstempel: 0x50c5c348 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x13d8 Startzeit der fehlerhaften Anwendung: 0x01cdfbdd9b06ea15 Pfad der
fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: d96d3a67-67d0-11e2-9253-000000b20000
Error - 26.01.2013 11:56:21 | Computer Name = Dörfler | Source = .NET Runtime | ID = 1026
Description =
Error - 26.01.2013 11:56:21 | Computer Name = Dörfler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
Zeitstempel: 0x50c5c348 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x1414 Startzeit der fehlerhaften Anwendung: 0x01cdfbddaf7e2046 Pfad der
fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: ed53c739-67d0-11e2-9253-000000b20000
Error - 26.01.2013 12:23:00 | Computer Name = Dörfler | Source = .NET Runtime | ID = 1026
Description =
Error - 26.01.2013 12:23:02 | Computer Name = Dörfler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
Zeitstempel: 0x50c5c348 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x11c8 Startzeit der fehlerhaften Anwendung: 0x01cdfbe1686a5390 Pfad der
fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: a759ac03-67d4-11e2-8db1-000000b20000
[ System Events ]
Error - 26.01.2013 11:52:00 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 26.01.2013 11:55:30 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 26.01.2013 12:20:08 | Computer Name = Dörfler | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr discache spldr Wanarpv6
Error - 26.01.2013 12:20:08 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:20:13 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:20:14 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:20:15 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:20:36 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 21
Error - 26.01.2013 12:22:00 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:22:56 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.26.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: [Administrator] Schutz: Aktiviert 26.01.2013 18:15:04 mbam-log-2013-01-26 (18-15-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206630 Laufzeit: 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Pascal at 10:24:23 on 2013-01-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16263.13820 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\MSI\OTPService\OTPService.exe
C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
D:\Kies\Kies.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files\Trend Micro SafeSync\hrfscore.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\Kies\KiesTrayAgent.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [KiesPreload] D:\Kies\Kies.exe /preload
uRun: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup
uRun: [] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
mRun: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe
StartupFolder: C:\Users\Pascal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BERWAC~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRENDM~1.LNK - C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{24A35A1A-EDFA-4609-8991-839864433C03} : DHCPNameServer = 192.168.2.1
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-20 19264]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-1-20 27800]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-1-19 32360]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-20 85280]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-20 109344]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-5-15 119424]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-1-20 99912]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-19 164736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-26 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-26 682344]
R2 MSI_ComCenService;MSI_ComCenService;C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [2013-1-20 75280]
R2 MSI_FastBoot;MSI_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [2013-1-19 103992]
R2 MSI_OTPService;MSI_OTPService;C:\Program Files (x86)\MSI\OTPService\OTPService.exe [2013-1-19 252432]
R2 MSI_SuiteCharger;MSI_SuiteCharger;C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [2013-1-20 122936]
R2 MSI_SuiteFastBoot;MSI_SuiteFastBoot;C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [2013-1-20 105016]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-1-19 143416]
R2 MSIFileSyncMonitor;MSI FileSync Monitor;C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [2013-1-20 10752]
R2 PCloudd;PCloudd;C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2012-12-12 221048]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2013-1-19 27136]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-19 363904]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-5-15 36480]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-5-15 260224]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-5-15 109696]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-5-15 29824]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-5-15 166528]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-5-15 283776]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-5-15 290944]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-1-19 160256]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-19 331264]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-20 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-20 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-26 24176]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-1-19 32344]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-1-19 13368]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-1-21 14136]
R3 NTIOLib_1_0_D;NTIOLib_1_0_D;C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [2013-1-20 11080]
R3 NTIOLib_1_0_T;NTIOLib_1_0_T;C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [2013-1-19 14136]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [2013-1-20 13368]
R3 NTIOLib_FastBoot;NTIOLib_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [2013-1-19 13368]
R3 NTIOLib_SuiteFB;NTIOLib_SuiteFB;C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys [2013-1-20 13368]
R3 OnlineStorageService;OnlineStorageService;C:\Program Files\Trend Micro SafeSync\hrfscore.exe [2013-1-20 7908664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-19 676968]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2011-11-21 101376]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2011-11-21 217088]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-1-19 66336]
R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2012-9-9 20048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-5-15 52352]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7751vH60\NTIOLib_X64.sys [2011-1-6 11888]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;C:\MSI\MSI SUITE\NTIOLib_X64.sys [2013-1-20 11888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-19 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2013-1-19 50720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-20 59392]
.
=============== Created Last 30 ================
.
2013-01-26 17:22:56 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Optimizer Pro
2013-01-26 17:22:55 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-01-26 17:06:01 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Malwarebytes
2013-01-26 17:05:55 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-26 17:05:55 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-26 17:05:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 17:05:45 -------- d-----w- C:\Users\Pascal\AppData\Local\Programs
2013-01-26 16:26:21 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{584F40A4-1BE2-4A2A-81E7-9C2A3631C7A9}\mpengine.dll
2013-01-25 13:07:59 -------- d-----w- C:\Users\Pascal\AppData\Local\Google
2013-01-24 19:11:17 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Samsung
2013-01-24 19:11:17 -------- d-----w- C:\Users\Pascal\AppData\Local\Samsung
2013-01-24 19:06:16 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-01-24 19:06:14 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-01-24 19:06:08 -------- d-----w- C:\ProgramData\Samsung
2013-01-24 19:03:31 -------- d-----w- C:\Users\Pascal\AppData\Local\Downloaded Installations
2013-01-22 15:59:10 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-21 17:27:22 -------- d-----w- C:\Users\Pascal\AppData\Local\Adobe
2013-01-21 16:17:02 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-01-21 16:17:02 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-01-21 16:17:02 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-01-21 16:17:02 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-01-21 16:17:01 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-01-21 16:17:01 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-01-21 16:13:56 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-20 16:11:05 -------- d-----w- C:\Users\Pascal\AppData\Local\ElevatedDiagnostics
2013-01-20 16:04:55 -------- d-----w- C:\Users\Pascal\AppData\Local\LenovoEMCStorageManager
2013-01-20 16:04:55 -------- d-----w- C:\ProgramData\LenovoEMCStorageManager
2013-01-20 16:04:27 -------- d-----w- C:\Program Files (x86)\LenovoEMC Storage Manager
2013-01-20 12:48:25 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Trend Micro
2013-01-20 12:48:25 -------- d-----w- C:\Users\Pascal\AppData\Local\Trend Micro
2013-01-20 12:48:25 -------- d-----r- C:\Users\Pascal\SafeSync
2013-01-20 12:36:29 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Avira
2013-01-20 12:31:17 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-01-20 12:31:17 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-01-20 12:31:16 -------- d-----w- C:\ProgramData\Avira
2013-01-20 12:31:16 -------- d-----w- C:\Program Files (x86)\Avira
2013-01-20 12:27:48 -------- d-----w- C:\ProgramData\boost_interprocess
2013-01-20 12:27:43 -------- d-----w- C:\Program Files\Trend Micro SafeSync
2013-01-20 12:18:18 -------- d--h--w- C:\SuperChargerProfile
2013-01-20 12:13:20 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-20 12:13:20 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-20 12:05:32 789824 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2013-01-20 12:05:32 357184 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2013-01-20 12:05:32 19264 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2013-01-20 11:51:18 -------- d-----w- C:\Windows\System32\SPReview
2013-01-20 11:51:11 -------- d-----w- C:\Windows\System32\EventProviders
2013-01-20 11:47:58 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-01-20 11:47:58 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-01-20 11:47:58 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-01-20 11:38:18 279656 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 11:21:06 -------- d-----w- C:\Windows\System32\appmgmt
2013-01-19 19:33:26 -------- d-----w- C:\Windows\Panther
2013-01-19 15:11:13 62784 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-01-19 14:55:50 902656 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-19 14:55:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-19 14:55:50 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-19 14:48:57 -------- d--h--w- C:\msiFastBoot
2013-01-19 14:35:39 -------- d-----w- C:\Program Files (x86)\Setup Files
2013-01-19 14:28:37 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2013-01-19 14:28:36 -------- d-----w- C:\Windows\System32\wbem\en-US
2013-01-19 14:23:50 -------- d-----w- C:\ProgramData\Trend Micro
2013-01-19 14:23:43 24576 ------w- C:\Windows\SysWow64\THXCfg32.dll
2013-01-19 14:23:43 132096 ------w- C:\Windows\SysWow64\THXCfg32.exe
2013-01-19 13:59:01 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-19 13:59:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-19 13:59:01 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-19 13:59:01 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-01-19 13:51:55 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-01-19 13:46:18 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-01-19 13:46:18 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-19 13:46:18 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-19 13:46:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-19 13:46:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-19 13:46:18 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-01-19 13:45:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-01-19 13:45:56 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-01-19 13:45:56 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-01-19 13:45:56 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-01-19 13:45:56 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-01-19 13:45:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-01-19 13:45:56 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-01-19 13:44:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-19 13:44:00 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-19 13:44:00 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-19 13:44:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-19 13:44:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-19 13:42:09 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-19 13:42:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-19 13:42:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-19 13:42:06 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-19 13:42:06 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-19 13:40:48 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-01-19 13:40:48 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-01-19 13:37:32 77312 ----a-w- C:\Windows\System32\packager.dll
2013-01-19 13:37:32 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-01-19 13:30:53 11832 ----a-w- C:\Windows\acpimof.dll
2013-01-19 13:29:41 -------- d-----w- C:\Users\Pascal\AppData\Local\BMExplorer
2013-01-19 13:29:31 -------- d-----w- C:\ProgramData\Atheros
2013-01-19 13:21:07 90112 ------w- C:\Windows\Updreg.EXE
2013-01-19 13:21:03 26624 ------w- C:\Windows\System32\THXCfg64.dll
2013-01-19 13:21:03 141312 ------w- C:\Windows\System32\THXCfg64.exe
2013-01-19 13:21:03 11264 ------w- C:\Windows\SysWow64\ResDefA.exe
2013-01-19 13:21:01 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2013-01-19 13:21:01 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2013-01-19 13:21:01 237056 ----a-w- C:\Windows\System32\APOMgr64.DLL
2013-01-19 13:21:01 182272 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2013-01-19 13:21:00 -------- d-----w- C:\Program Files (x86)\Creative
2013-01-19 13:19:23 32360 ----a-r- C:\Windows\System32\drivers\ndisrd.sys
2013-01-19 13:18:54 50720 ----a-w- C:\Windows\System32\drivers\RtTeam60.sys
2013-01-19 13:18:54 27136 ----a-w- C:\Windows\System32\drivers\RtNdPt60.sys
2013-01-19 13:18:54 -------- d-----w- C:\IM
2013-01-19 13:18:00 -------- d--h--w- C:\ControlCenterCount
2013-01-19 13:17:08 -------- d-----w- C:\Users\Pascal\AppData\Local\CrashDumps
2013-01-19 13:07:34 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-01-19 13:07:10 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-01-19 13:06:33 -------- d-----w- C:\Program Files (x86)\MSI
2013-01-19 13:06:08 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-01-19 13:06:08 -------- d-----w- C:\Program Files\Realtek
2013-01-19 13:06:01 32344 ----a-w- C:\Windows\System32\drivers\MBfilt64.sys
2013-01-19 13:06:00 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll
2013-01-19 13:06:00 2605400 ----a-w- C:\Windows\System32\WavesGUILib.dll
2013-01-19 13:06:00 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll
2013-01-19 13:06:00 198896 ----a-w- C:\Windows\System32\SRSHP64.dll
2013-01-19 13:06:00 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll
2013-01-19 13:01:33 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-01-19 13:01:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-01-19 13:01:33 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-01-19 13:01:33 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2013-01-19 13:01:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-01-19 12:59:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-01-19 12:59:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-01-19 12:59:49 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-01-19 12:59:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-01-19 12:57:23 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Atheros
2013-01-19 12:57:19 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2013-01-19 12:57:18 -------- d-----w- C:\Program Files (x86)\Bluetooth Suite
2013-01-19 12:57:10 -------- d-sh--w- C:\Windows\Installer
2013-01-19 12:56:22 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-01-19 12:56:22 676968 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-01-19 12:56:22 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-01-19 12:56:17 -------- d-----w- C:\Program Files (x86)\Realtek
2013-01-19 12:55:01 -------- d-----w- C:\Program Files\Common Files\Intel
2013-01-19 12:53:45 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-01-19 12:53:39 -------- d-----w- C:\Intel
2013-01-19 12:53:26 -------- d-----w- C:\MSI
.
==================== Find3M ====================
.
2013-01-20 12:24:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-01-20 12:24:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-12-18 09:06:10 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 18:13:10 4213904 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-11-20 16:32:44 118928 ----a-w- C:\Windows\System32\RCoInstII64.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-19 17:18:06 2714720 ----a-w- C:\Windows\System32\FMAPO64.dll
2012-11-15 13:07:20 628064 ----a-w- C:\Windows\System32\MBTHX64.dll
2012-11-15 13:07:18 563552 ----a-w- C:\Windows\SysWow64\MBTHX32.dll
2012-11-13 17:56:22 3673232 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 10:24:31,06 ===============
--- --- --- Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 19.01.2013 13:36:34
System Uptime: 27.01.2013 10:11:31 (0 hours ago)
.
Motherboard: MSI | | Z77 MPower (MS-7751)
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | SOCKET 0 | 2485/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 10,947 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 40,344 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 23,677 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 97,434 GiB free.
G: is FIXED (NTFS) - 77 GiB total, 76,44 GiB free.
H: is CDROM (CDFS)
Y: is NetworkDisk (NTFS) - 1843 GiB total, 160,712 GiB free.
Z: is NetworkDisk (NTFS) - 1843 GiB total, 160,712 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2-Maus
Device ID: ACPI\MSFT0003\4&34A1A1BF&0
Manufacturer: Microsoft
Name: Microsoft PS/2-Maus
PNP Device ID: ACPI\MSFT0003\4&34A1A1BF&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP19: 26.01.2013 17:26:17 - Windows Update
.
==== Installed Programs ======================
.
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9
AudioGenie
Avira Free Antivirus
Bluetooth Win7 Suite (64)
CLICKBIOSII
ControlCenter
EasyViewer
EVEREST Ultimate Edition v5.50
Fast Boot
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
LenovoEMC Storage Manager
Live Update 5
Malwarebytes Anti-Malware Version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSI SUITE
MyFreeCodec
NetworkGenie
Optimizer Pro v3.0
OTPService
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Super-Charger
TeamingGenie
THX TruStudio Pro
Trend Micro SafeSync
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VideoGenie
VIRTU MVP 2.1.112
VLC media player 2.0.5
Winki
WinRAR 4.20 (32-bit)
WinRAR 4.20 (64-Bit)
.
==== End Of File ===========================
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-27 10:25:14
-----------------------------
10:25:14.086 OS Version: Windows x64 6.1.7601 Service Pack 1
10:25:14.086 Number of processors: 8 586 0x3A09
10:25:14.086 ComputerName: DÖRFLER UserName: Pascal
10:25:14.197 Initialize success
10:25:26.850 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:25:26.852 Disk 0 Vendor: Samsung_SSD_840_PRO_Series DXM03B0Q Size: 122104MB BusType: 11
10:25:26.855 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:26.857 Disk 1 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238475MB BusType: 11
10:25:26.862 Disk 0 MBR read successfully
10:25:26.865 Disk 0 MBR scan
10:25:26.869 Disk 0 Windows 7 default MBR code
10:25:26.872 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:25:26.876 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 61400 MB offset 206848
10:25:26.879 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60602 MB offset 125954048
10:25:26.882 Disk 0 scanning C:\Windows\system32\drivers
10:25:27.564 Service scanning
10:25:29.391 Modules scanning
10:25:29.401 Disk 0 trace - called modules:
10:25:29.408 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:25:29.415 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cfbd790]
10:25:29.421 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ca33060]
10:25:29.428 Scan finished successfully
10:25:35.894 Disk 0 MBR has been saved successfully to "C:\Users\Pascal\Desktop\MBR.dat"
10:25:35.901 The log file has been saved successfully to "C:\Users\Pascal\Desktop\aswMBR.txt"
|
|
27.01.2013, 13:58
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.01.2013, 14:38
| #6 |
| | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte? War drauf habe ihn komplett gekauft. Könnte ich auch einfach den pc komplett formatiren? Müsste ich dann nichts weiter machen? Was für Programe gibt es als Schutz für solche Angriffe. Mfg |
|
28.01.2013, 10:36
| #7 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 17:11
| #8 |
| | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte? Hallo ich habe jetzt einfach den PC komplett formatiert. Somit ist bestimmt sicherzustellen das alles weg ist. Da ich keine wichtigen Daten auf dem PC hatte ist es nicht schlimm gewesen. Zum Thema Software gibt es Programme die man empfehlen könnte? |
|
28.01.2013, 17:18
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?Zitat:
Ein Programm ist Software  Kannst du deine Frage mal konkretisieren?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte? |
| anhang, eingabeaufforderung, ellung, guv trojaner/systemwiederherstellung geschafft/restliche entfernung, schritte, sichere, sicheren, systemwiederherstellung, troja, trojaner-board |
Linear-Darstellung
