Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: w32/patched.uc - logfiles

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.04.2013, 13:07   #1
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Hallo,

habe die Schritte zur Entfernung wie in einem anderen thread (http://www.trojaner-board.de/132262-w32-patched-uc.html) beschrieben durchgeführt.

Kann mir jemand sagen, ob ich clean bin?

Code:
ATTFilter
12:16:24.0645 3532  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:16:24.0941 3532  ============================================================
12:16:24.0941 3532  Current date / time: 2013/04/09 12:16:24.0941
12:16:24.0941 3532  SystemInfo:
12:16:24.0941 3532  
12:16:24.0941 3532  OS Version: 6.1.7601 ServicePack: 1.0
12:16:24.0941 3532  Product type: Workstation
12:16:24.0941 3532  ComputerName: INHAMBANE
12:16:24.0941 3532  UserName: kiwi
12:16:24.0941 3532  Windows directory: C:\Windows
12:16:24.0941 3532  System windows directory: C:\Windows
12:16:24.0941 3532  Running under WOW64
12:16:24.0941 3532  Processor architecture: Intel x64
12:16:24.0941 3532  Number of processors: 4
12:16:24.0941 3532  Page size: 0x1000
12:16:24.0941 3532  Boot type: Normal boot
12:16:24.0957 3532  ============================================================
12:16:26.0985 3532  BG loaded
12:16:29.0855 3532  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:16:29.0871 3532  ============================================================
12:16:29.0871 3532  \Device\Harddisk0\DR0:
12:16:29.0871 3532  MBR partitions:
12:16:29.0871 3532  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:16:29.0871 3532  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x50F12800
12:16:29.0887 3532  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50F45800, BlocksNum 0x5FFE000
12:16:29.0965 3532  ============================================================
12:16:30.0043 3532  C: <-> \Device\Harddisk0\DR0\Partition2
12:16:30.0089 3532  D: <-> \Device\Harddisk0\DR0\Partition3
12:16:30.0089 3532  ============================================================
12:16:30.0089 3532  Initialize success
12:16:30.0089 3532  ============================================================
12:16:43.0989 3236  ============================================================
12:16:43.0989 3236  Scan started
12:16:43.0989 3236  Mode: Manual; 
12:16:43.0989 3236  ============================================================
12:16:45.0689 3236  ================ Scan system memory ========================
12:16:45.0689 3236  System memory - ok
12:16:45.0689 3236  ================ Scan services =============================
12:16:46.0329 3236  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:16:46.0532 3236  1394ohci - ok
12:16:46.0625 3236  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:16:46.0891 3236  ACPI - ok
12:16:46.0953 3236  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:16:47.0031 3236  AcpiPmi - ok
12:16:47.0187 3236  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:16:47.0374 3236  AdobeARMservice - ok
12:16:47.0655 3236  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:16:47.0764 3236  AdobeFlashPlayerUpdateSvc - ok
12:16:47.0827 3236  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:16:47.0889 3236  adp94xx - ok
12:16:47.0983 3236  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:16:48.0014 3236  adpahci - ok
12:16:48.0185 3236  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:16:48.0232 3236  adpu320 - ok
12:16:48.0279 3236  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:16:48.0326 3236  AeLookupSvc - ok
12:16:48.0435 3236  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:16:48.0466 3236  AFD - ok
12:16:48.0497 3236  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:16:48.0529 3236  agp440 - ok
12:16:48.0607 3236  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:16:48.0622 3236  ALG - ok
12:16:48.0685 3236  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:16:48.0794 3236  aliide - ok
12:16:48.0872 3236  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:16:48.0934 3236  amdide - ok
12:16:48.0965 3236  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:16:49.0028 3236  AmdK8 - ok
12:16:49.0075 3236  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:16:49.0121 3236  AmdPPM - ok
12:16:49.0168 3236  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:16:49.0215 3236  amdsata - ok
12:16:49.0262 3236  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:16:49.0418 3236  amdsbs - ok
12:16:49.0465 3236  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:16:49.0496 3236  amdxata - ok
12:16:49.0574 3236  [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
12:16:49.0699 3236  AMPPAL - ok
12:16:49.0730 3236  [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
12:16:49.0745 3236  AMPPALP - ok
12:16:49.0870 3236  [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:16:50.0042 3236  AMPPALR3 - ok
12:16:50.0276 3236  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:16:50.0541 3236  AntiVirSchedulerService - ok
12:16:50.0681 3236  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:16:50.0869 3236  AntiVirService - ok
12:16:50.0947 3236  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:16:50.0978 3236  AppID - ok
12:16:51.0009 3236  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:16:51.0071 3236  AppIDSvc - ok
12:16:51.0118 3236  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:16:51.0181 3236  Appinfo - ok
12:16:51.0243 3236  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:16:51.0259 3236  arc - ok
12:16:51.0274 3236  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:16:51.0290 3236  arcsas - ok
12:16:51.0352 3236  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:16:51.0383 3236  AsyncMac - ok
12:16:51.0430 3236  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:16:51.0461 3236  atapi - ok
12:16:51.0524 3236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:16:51.0945 3236  AudioEndpointBuilder - ok
12:16:51.0961 3236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:16:51.0976 3236  AudioSrv - ok
12:16:52.0054 3236  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:16:52.0085 3236  avgntflt - ok
12:16:52.0163 3236  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:16:52.0210 3236  avipbb - ok
12:16:52.0241 3236  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:16:52.0257 3236  avkmgr - ok
12:16:52.0351 3236  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:16:52.0429 3236  AxInstSV - ok
12:16:52.0663 3236  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:16:52.0975 3236  b06bdrv - ok
12:16:53.0084 3236  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:16:53.0131 3236  b57nd60a - ok
12:16:53.0193 3236  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:16:53.0209 3236  BDESVC - ok
12:16:53.0287 3236  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:16:53.0458 3236  Beep - ok
12:16:53.0521 3236  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:16:53.0723 3236  BITS - ok
12:16:53.0801 3236  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:16:53.0848 3236  blbdrive - ok
12:16:54.0020 3236  [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
12:16:54.0035 3236  Bluetooth Device Monitor - ok
12:16:54.0145 3236  [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
12:16:54.0925 3236  Bluetooth Media Service - ok
12:16:54.0987 3236  [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
12:16:58.0294 3236  Bluetooth OBEX Service - ok
12:16:58.0388 3236  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:16:59.0308 3236  bowser - ok
12:16:59.0402 3236  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:16:59.0605 3236  BrFiltLo - ok
12:16:59.0698 3236  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:17:00.0322 3236  BrFiltUp - ok
12:17:00.0353 3236  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:17:02.0459 3236  BridgeMP - ok
12:17:02.0537 3236  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:17:04.0768 3236  Browser - ok
12:17:04.0815 3236  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:17:04.0955 3236  Brserid - ok
12:17:05.0049 3236  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:17:05.0377 3236  BrSerWdm - ok
12:17:05.0423 3236  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:17:05.0611 3236  BrUsbMdm - ok
12:17:05.0689 3236  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:17:05.0860 3236  BrUsbSer - ok
12:17:05.0954 3236  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:17:06.0063 3236  BthEnum - ok
12:17:06.0157 3236  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:17:06.0297 3236  BTHMODEM - ok
12:17:06.0344 3236  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:17:06.0734 3236  BthPan - ok
12:17:06.0905 3236  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:17:07.0233 3236  BTHPORT - ok
12:17:07.0295 3236  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:17:07.0436 3236  bthserv - ok
12:17:07.0483 3236  [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:17:07.0514 3236  BTHSSecurityMgr - ok
12:17:07.0576 3236  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:17:07.0623 3236  BTHUSB - ok
12:17:07.0670 3236  [ 270FBA230E78E25726D065A924589A72 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
12:17:08.0419 3236  btmaux - ok
12:17:08.0512 3236  [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
12:17:08.0715 3236  btmhsf - ok
12:17:08.0762 3236  catchme - ok
12:17:08.0918 3236  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:17:08.0933 3236  cdfs - ok
12:17:09.0105 3236  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:17:09.0261 3236  cdrom - ok
12:17:09.0401 3236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:17:09.0932 3236  CertPropSvc - ok
12:17:10.0057 3236  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:17:10.0493 3236  circlass - ok
12:17:10.0571 3236  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:17:10.0665 3236  CLFS - ok
12:17:11.0055 3236  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:11.0320 3236  clr_optimization_v2.0.50727_32 - ok
12:17:11.0492 3236  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:17:12.0381 3236  clr_optimization_v2.0.50727_64 - ok
12:17:12.0709 3236  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:13.0551 3236  clr_optimization_v4.0.30319_32 - ok
12:17:13.0816 3236  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:17:14.0003 3236  clr_optimization_v4.0.30319_64 - ok
12:17:14.0378 3236  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
12:17:14.0674 3236  clwvd - ok
12:17:14.0752 3236  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:17:14.0783 3236  CmBatt - ok
12:17:14.0830 3236  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:17:14.0893 3236  cmdide - ok
12:17:15.0002 3236  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:17:15.0314 3236  CNG - ok
12:17:15.0470 3236  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:17:15.0485 3236  Compbatt - ok
12:17:15.0563 3236  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:17:15.0595 3236  CompositeBus - ok
12:17:15.0641 3236  COMSysApp - ok
12:17:15.0688 3236  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:17:16.0297 3236  crcdisk - ok
12:17:16.0390 3236  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:17:16.0562 3236  CryptSvc - ok
12:17:16.0624 3236  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
12:17:16.0796 3236  CVirtA - ok
12:17:17.0030 3236  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
12:17:17.0420 3236  CVPND - ok
12:17:17.0607 3236  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
12:17:17.0779 3236  CVPNDRVA - ok
12:17:17.0935 3236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:17:17.0935 3236  DcomLaunch - ok
12:17:18.0075 3236  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:17:18.0434 3236  defragsvc - ok
12:17:18.0481 3236  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:17:18.0886 3236  DfsC - ok
12:17:19.0027 3236  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:17:19.0385 3236  Dhcp - ok
12:17:19.0417 3236  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:17:19.0526 3236  discache - ok
12:17:19.0635 3236  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:17:19.0666 3236  Disk - ok
12:17:19.0838 3236  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
12:17:20.0025 3236  DNE - ok
12:17:20.0134 3236  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:17:20.0165 3236  Dnscache - ok
12:17:20.0228 3236  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:17:20.0665 3236  dot3svc - ok
12:17:20.0711 3236  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:17:20.0727 3236  DPS - ok
12:17:20.0836 3236  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:17:20.0867 3236  drmkaud - ok
12:17:21.0086 3236  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:17:21.0226 3236  DXGKrnl - ok
12:17:21.0320 3236  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:17:22.0037 3236  EapHost - ok
12:17:22.0271 3236  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:17:22.0942 3236  ebdrv - ok
12:17:23.0005 3236  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:17:23.0223 3236  EFS - ok
12:17:23.0348 3236  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:17:23.0909 3236  ehRecvr - ok
12:17:23.0987 3236  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:17:24.0065 3236  ehSched - ok
12:17:24.0175 3236  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:17:24.0455 3236  elxstor - ok
12:17:24.0533 3236  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:17:24.0752 3236  ErrDev - ok
12:17:24.0908 3236  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:17:25.0173 3236  EventSystem - ok
12:17:25.0579 3236  [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:17:26.0390 3236  EvtEng - ok
12:17:26.0515 3236  [ CE526B76F30A4795EBF8421C6C0B48C3 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
12:17:26.0593 3236  ewusbnet - ok
12:17:26.0671 3236  [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
12:17:26.0717 3236  ew_usbenumfilter - ok
12:17:26.0764 3236  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:17:27.0014 3236  exfat - ok
12:17:27.0061 3236  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:17:27.0217 3236  fastfat - ok
12:17:27.0310 3236  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:17:27.0326 3236  Fax - ok
12:17:27.0388 3236  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
12:17:27.0482 3236  fdc - ok
12:17:27.0529 3236  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:17:27.0653 3236  fdPHost - ok
12:17:27.0716 3236  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:17:28.0246 3236  FDResPub - ok
12:17:28.0293 3236  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:17:28.0527 3236  FileInfo - ok
12:17:28.0558 3236  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:17:28.0605 3236  Filetrace - ok
12:17:28.0667 3236  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:17:28.0855 3236  flpydisk - ok
12:17:28.0948 3236  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:17:28.0964 3236  FltMgr - ok
12:17:29.0167 3236  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:17:29.0198 3236  FontCache - ok
12:17:29.0338 3236  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:17:29.0401 3236  FontCache3.0.0.0 - ok
12:17:29.0479 3236  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:17:29.0510 3236  FsDepends - ok
12:17:29.0541 3236  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:17:29.0588 3236  Fs_Rec - ok
12:17:29.0713 3236  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:17:29.0791 3236  fvevol - ok
12:17:29.0869 3236  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:17:29.0884 3236  gagp30kx - ok
12:17:29.0978 3236  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:17:30.0009 3236  gpsvc - ok
12:17:30.0149 3236  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:30.0165 3236  gupdate - ok
12:17:30.0259 3236  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:30.0259 3236  gupdatem - ok
12:17:30.0415 3236  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:17:30.0571 3236  gusvc - ok
12:17:30.0664 3236  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:17:30.0695 3236  hcw85cir - ok
12:17:30.0820 3236  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:17:31.0023 3236  HdAudAddService - ok
12:17:31.0085 3236  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:17:31.0163 3236  HDAudBus - ok
12:17:31.0319 3236  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:17:31.0335 3236  HidBatt - ok
12:17:31.0382 3236  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:17:31.0429 3236  HidBth - ok
12:17:31.0460 3236  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:17:31.0507 3236  HidIr - ok
12:17:31.0538 3236  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:17:31.0553 3236  hidserv - ok
12:17:31.0631 3236  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:17:31.0647 3236  HidUsb - ok
12:17:32.0474 3236  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:17:32.0521 3236  hkmsvc - ok
12:17:32.0552 3236  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:17:32.0599 3236  HomeGroupListener - ok
12:17:32.0708 3236  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:17:32.0786 3236  HomeGroupProvider - ok
12:17:32.0879 3236  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:17:32.0895 3236  HpSAMD - ok
12:17:33.0035 3236  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:17:33.0067 3236  HTTP - ok
12:17:33.0176 3236  [ BAFE6B0B92BE69144D59907550A07678 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:17:33.0176 3236  huawei_enumerator - ok
12:17:33.0223 3236  [ F47F112DC883F7A9E4618A006CC6DE1B ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:17:33.0269 3236  hwdatacard - ok
12:17:33.0285 3236  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:17:33.0301 3236  hwpolicy - ok
12:17:33.0347 3236  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:17:33.0363 3236  i8042prt - ok
12:17:33.0488 3236  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
12:17:33.0488 3236  iaStor - ok
12:17:33.0644 3236  [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:17:33.0737 3236  IAStorDataMgrSvc - ok
12:17:33.0956 3236  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:17:34.0049 3236  iaStorV - ok
12:17:34.0221 3236  [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
12:17:34.0283 3236  iBtFltCoex - ok
12:17:34.0424 3236  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:17:34.0923 3236  idsvc - ok
12:17:36.0623 3236  [ 10BB0DC3361C9420CC1B0B2128BB89DB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:17:37.0903 3236  igfx - ok
12:17:37.0949 3236  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:17:38.0043 3236  iirsp - ok
12:17:38.0215 3236  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:17:38.0324 3236  IKEEXT - ok
12:17:38.0480 3236  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
12:17:38.0495 3236  intaud_WaveExtensible - ok
12:17:38.0807 3236  [ 5205DE9BD47F633E06EF3EF3DE11EF99 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:17:38.0870 3236  IntcAzAudAddService - ok
12:17:38.0917 3236  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:17:38.0932 3236  IntcDAud - ok
12:17:38.0979 3236  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:17:38.0979 3236  intelide - ok
12:17:39.0010 3236  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:17:39.0166 3236  intelppm - ok
12:17:39.0229 3236  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:17:39.0291 3236  IPBusEnum - ok
12:17:39.0369 3236  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:39.0400 3236  IpFilterDriver - ok
12:17:39.0447 3236  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:17:39.0478 3236  IPMIDRV - ok
12:17:39.0541 3236  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:17:39.0587 3236  IPNAT - ok
12:17:39.0665 3236  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:17:39.0712 3236  IRENUM - ok
12:17:39.0743 3236  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:17:39.0775 3236  isapnp - ok
12:17:39.0915 3236  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:17:39.0977 3236  iScsiPrt - ok
12:17:40.0055 3236  [ C85A3CA3ED24DD7336FBAC1112C3D831 ] IT9135BDA       C:\Windows\system32\Drivers\IT9135BDA.sys
12:17:40.0102 3236  IT9135BDA - ok
12:17:40.0211 3236  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\drivers\iwdbus.sys
12:17:40.0243 3236  iwdbus - ok
12:17:40.0305 3236  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:17:40.0321 3236  kbdclass - ok
12:17:40.0352 3236  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:17:40.0461 3236  kbdhid - ok
12:17:40.0492 3236  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:17:40.0492 3236  KeyIso - ok
12:17:40.0601 3236  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:17:40.0617 3236  KSecDD - ok
12:17:40.0679 3236  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:17:40.0695 3236  KSecPkg - ok
12:17:40.0742 3236  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:17:40.0742 3236  ksthunk - ok
12:17:40.0867 3236  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:17:40.0991 3236  KtmRm - ok
12:17:41.0054 3236  [ 6DD5383C9413AAE3113FAF89E345663D ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
12:17:41.0069 3236  L1C - ok
12:17:41.0163 3236  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:17:41.0179 3236  LanmanServer - ok
12:17:41.0241 3236  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:17:41.0272 3236  LanmanWorkstation - ok
12:17:41.0350 3236  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:17:41.0366 3236  lltdio - ok
12:17:41.0459 3236  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:17:41.0506 3236  lltdsvc - ok
12:17:41.0537 3236  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:17:41.0537 3236  lmhosts - ok
12:17:41.0631 3236  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:17:41.0709 3236  LMS - ok
12:17:41.0803 3236  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:17:41.0834 3236  LSI_FC - ok
12:17:41.0912 3236  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:17:41.0927 3236  LSI_SAS - ok
12:17:41.0959 3236  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:17:42.0021 3236  LSI_SAS2 - ok
12:17:42.0068 3236  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:17:42.0099 3236  LSI_SCSI - ok
12:17:42.0177 3236  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:17:42.0193 3236  luafv - ok
12:17:42.0489 3236  [ 1B4DBCAA0321BBB76255983148051F09 ] massfilter      C:\Windows\system32\drivers\massfilter.sys
12:17:42.0567 3236  massfilter - ok
12:17:42.0661 3236  [ 7AD627CDB12F5F451F24C8A97CA6E175 ] massfilter_hs   C:\Windows\system32\drivers\massfilter_hs.sys
12:17:42.0754 3236  massfilter_hs - ok
12:17:42.0801 3236  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:17:43.0004 3236  Mcx2Svc - ok
12:17:43.0066 3236  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:17:43.0238 3236  megasas - ok
12:17:43.0285 3236  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:17:43.0425 3236  MegaSR - ok
12:17:43.0487 3236  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
12:17:43.0565 3236  MEIx64 - ok
12:17:43.0721 3236  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:17:43.0737 3236  MMCSS - ok
12:17:44.0174 3236  [ 97B041BB78636EDC0A7B0AB68C98EB9B ] mod7764         C:\Windows\system32\DRIVERS\mod77-64.sys
12:17:44.0486 3236  mod7764 - ok
12:17:44.0533 3236  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:17:44.0579 3236  Modem - ok
12:17:44.0611 3236  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:17:44.0626 3236  monitor - ok
12:17:44.0704 3236  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:17:44.0813 3236  mouclass - ok
12:17:44.0845 3236  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:17:44.0891 3236  mouhid - ok
12:17:45.0079 3236  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:17:45.0125 3236  mountmgr - ok
12:17:45.0609 3236  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:17:45.0827 3236  MozillaMaintenance - ok
12:17:45.0874 3236  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:17:45.0905 3236  mpio - ok
12:17:45.0921 3236  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:17:45.0937 3236  mpsdrv - ok
12:17:45.0999 3236  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:17:46.0093 3236  MRxDAV - ok
12:17:46.0155 3236  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:17:46.0155 3236  mrxsmb - ok
12:17:46.0249 3236  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:17:46.0280 3236  mrxsmb10 - ok
12:17:46.0373 3236  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:17:46.0373 3236  mrxsmb20 - ok
12:17:46.0436 3236  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:17:46.0467 3236  msahci - ok
12:17:46.0545 3236  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:17:46.0576 3236  msdsm - ok
12:17:46.0607 3236  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:17:46.0639 3236  MSDTC - ok
12:17:46.0685 3236  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:17:46.0701 3236  Msfs - ok
12:17:46.0779 3236  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:17:46.0795 3236  mshidkmdf - ok
12:17:46.0826 3236  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:17:46.0857 3236  msisadrv - ok
12:17:46.0935 3236  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:17:46.0982 3236  MSiSCSI - ok
12:17:46.0982 3236  msiserver - ok
12:17:47.0075 3236  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:17:47.0091 3236  MSKSSRV - ok
12:17:47.0153 3236  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:17:47.0185 3236  MSPCLOCK - ok
12:17:47.0231 3236  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:17:47.0231 3236  MSPQM - ok
12:17:47.0325 3236  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:17:47.0387 3236  MsRPC - ok
12:17:47.0497 3236  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:17:47.0512 3236  mssmbios - ok
12:17:47.0559 3236  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:17:47.0575 3236  MSTEE - ok
12:17:47.0637 3236  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:17:47.0653 3236  MTConfig - ok
12:17:47.0699 3236  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:17:47.0715 3236  Mup - ok
12:17:47.0809 3236  [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:17:47.0918 3236  MyWiFiDHCPDNS - ok
12:17:47.0996 3236  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:17:48.0074 3236  napagent - ok
12:17:48.0136 3236  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:17:48.0152 3236  NativeWifiP - ok
12:17:48.0308 3236  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:17:48.0542 3236  NDIS - ok
12:17:48.0589 3236  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:17:48.0604 3236  NdisCap - ok
12:17:48.0667 3236  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:17:48.0682 3236  NdisTapi - ok
12:17:48.0932 3236  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:17:49.0010 3236  Ndisuio - ok
12:17:49.0057 3236  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:17:49.0072 3236  NdisWan - ok
12:17:49.0103 3236  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:17:49.0119 3236  NDProxy - ok
12:17:49.0197 3236  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:17:49.0197 3236  NetBIOS - ok
12:17:49.0244 3236  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:17:49.0275 3236  NetBT - ok
12:17:49.0337 3236  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:17:49.0353 3236  Netlogon - ok
12:17:49.0431 3236  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:17:49.0431 3236  Netman - ok
12:17:49.0462 3236  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:17:49.0493 3236  netprofm - ok
12:17:49.0540 3236  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:49.0571 3236  NetTcpPortSharing - ok
12:17:49.0961 3236  [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
12:17:50.0086 3236  NETwNs64 - ok
12:17:50.0133 3236  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:17:50.0149 3236  nfrd960 - ok
12:17:50.0211 3236  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:17:50.0227 3236  NlaSvc - ok
12:17:50.0258 3236  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:17:50.0258 3236  Npfs - ok
12:17:50.0305 3236  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:17:50.0320 3236  nsi - ok
12:17:50.0351 3236  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:17:50.0351 3236  nsiproxy - ok
12:17:50.0492 3236  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:17:50.0554 3236  Ntfs - ok
12:17:50.0617 3236  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:17:50.0617 3236  Null - ok
12:17:52.0036 3236  [ 78B41FA4E5D84DBE0A45AADD9A5F6B21 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:17:52.0255 3236  nvlddmkm - ok
12:17:52.0286 3236  [ 5FC0F23E4ABB83F2C54B78993742979F ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
12:17:52.0301 3236  nvpciflt - ok
12:17:52.0317 3236  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:17:52.0333 3236  nvraid - ok
12:17:52.0364 3236  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:17:52.0379 3236  nvstor - ok
12:17:52.0457 3236  [ 50AE09926B79DB1A29700021AFD442BE ] NVSvc           C:\Windows\system32\nvvsvc.exe
12:17:52.0473 3236  NVSvc - ok
12:17:52.0676 3236  [ 700794925C9590FCF5235995895E2BAF ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:17:52.0738 3236  nvUpdatusService - ok
12:17:52.0769 3236  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:17:52.0785 3236  nv_agp - ok
12:17:52.0816 3236  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:17:52.0832 3236  ohci1394 - ok
12:17:52.0941 3236  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:52.0957 3236  ose - ok
12:17:53.0378 3236  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:17:53.0612 3236  osppsvc - ok
12:17:53.0643 3236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:17:53.0674 3236  p2pimsvc - ok
12:17:53.0705 3236  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:17:53.0737 3236  p2psvc - ok
12:17:53.0752 3236  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:17:53.0768 3236  Parport - ok
12:17:53.0799 3236  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:17:53.0815 3236  partmgr - ok
12:17:53.0846 3236  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:17:53.0861 3236  PcaSvc - ok
12:17:53.0893 3236  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:17:53.0908 3236  pci - ok
12:17:53.0924 3236  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:17:53.0939 3236  pciide - ok
12:17:53.0971 3236  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:17:54.0002 3236  pcmcia - ok
12:17:54.0017 3236  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:17:54.0033 3236  pcw - ok
12:17:54.0095 3236  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:17:54.0127 3236  PEAUTH - ok
12:17:54.0610 3236  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:17:54.0673 3236  PerfHost - ok
12:17:54.0735 3236  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:17:54.0813 3236  pla - ok
12:17:54.0891 3236  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:17:54.0938 3236  PlugPlay - ok
12:17:55.0000 3236  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:17:55.0031 3236  PNRPAutoReg - ok
12:17:55.0094 3236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:17:55.0109 3236  PNRPsvc - ok
12:17:55.0156 3236  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:17:55.0187 3236  PolicyAgent - ok
12:17:55.0219 3236  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:17:55.0234 3236  Power - ok
12:17:55.0281 3236  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:17:55.0297 3236  PptpMiniport - ok
12:17:55.0359 3236  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:17:55.0375 3236  Processor - ok
12:17:55.0406 3236  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:17:55.0421 3236  ProfSvc - ok
12:17:55.0453 3236  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:17:55.0453 3236  ProtectedStorage - ok
12:17:55.0484 3236  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:17:55.0499 3236  Psched - ok
12:17:55.0577 3236  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:17:55.0609 3236  PSI_SVC_2 - ok
12:17:55.0671 3236  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:17:55.0718 3236  ql2300 - ok
12:17:55.0749 3236  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:17:55.0765 3236  ql40xx - ok
12:17:55.0811 3236  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:17:55.0827 3236  QWAVE - ok
12:17:55.0889 3236  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:17:55.0905 3236  QWAVEdrv - ok
12:17:55.0921 3236  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:17:55.0936 3236  RasAcd - ok
12:17:55.0983 3236  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:17:55.0999 3236  RasAgileVpn - ok
12:17:56.0030 3236  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:17:56.0077 3236  RasAuto - ok
12:17:56.0123 3236  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:17:56.0139 3236  Rasl2tp - ok
12:17:56.0233 3236  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:17:56.0264 3236  RasMan - ok
12:17:56.0279 3236  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:17:56.0295 3236  RasPppoe - ok
12:17:56.0342 3236  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:17:56.0357 3236  RasSstp - ok
12:17:56.0389 3236  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:17:56.0420 3236  rdbss - ok
12:17:56.0451 3236  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:17:56.0467 3236  rdpbus - ok
12:17:56.0498 3236  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:17:56.0498 3236  RDPCDD - ok
12:17:56.0529 3236  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:17:56.0545 3236  RDPENCDD - ok
12:17:56.0545 3236  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:17:56.0560 3236  RDPREFMP - ok
12:17:56.0591 3236  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:17:56.0638 3236  RDPWD - ok
12:17:56.0701 3236  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:17:56.0716 3236  rdyboost - ok
12:17:56.0825 3236  [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:17:56.0857 3236  RegSrvc - ok
12:17:56.0903 3236  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:17:56.0919 3236  RemoteAccess - ok
12:17:56.0981 3236  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:17:56.0997 3236  RemoteRegistry - ok
12:17:57.0028 3236  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:17:57.0044 3236  RFCOMM - ok
12:17:57.0137 3236  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
12:17:57.0153 3236  RichVideo - ok
12:17:57.0184 3236  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:17:57.0200 3236  RpcEptMapper - ok
12:17:57.0231 3236  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:17:57.0231 3236  RpcLocator - ok
12:17:57.0278 3236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:17:57.0278 3236  RpcSs - ok
12:17:57.0325 3236  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:17:57.0325 3236  rspndr - ok
12:17:57.0371 3236  [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR      C:\Windows\System32\Drivers\RtsUVStor.sys
12:17:57.0387 3236  RSUSBVSTOR - ok
12:17:57.0403 3236  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:17:57.0403 3236  SamSs - ok
12:17:57.0434 3236  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:17:57.0449 3236  sbp2port - ok
12:17:57.0465 3236  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:17:57.0527 3236  SCardSvr - ok
12:17:57.0559 3236  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:17:57.0590 3236  scfilter - ok
12:17:57.0637 3236  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:17:57.0668 3236  Schedule - ok
12:17:57.0699 3236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:17:57.0699 3236  SCPolicySvc - ok
12:17:57.0730 3236  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:17:57.0777 3236  SDRSVC - ok
12:17:57.0871 3236  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:17:57.0871 3236  secdrv - ok
12:17:57.0902 3236  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:17:57.0902 3236  seclogon - ok
12:17:57.0917 3236  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:17:57.0933 3236  SENS - ok
12:17:57.0949 3236  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:17:57.0949 3236  SensrSvc - ok
12:17:57.0995 3236  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:17:58.0042 3236  Serenum - ok
12:17:58.0073 3236  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
12:17:58.0105 3236  Serial - ok
12:17:58.0151 3236  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:17:58.0167 3236  sermouse - ok
12:17:58.0229 3236  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:17:58.0245 3236  SessionEnv - ok
12:17:58.0323 3236  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:17:58.0354 3236  sffdisk - ok
12:17:58.0401 3236  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:17:58.0448 3236  sffp_mmc - ok
12:17:58.0479 3236  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:17:58.0495 3236  sffp_sd - ok
12:17:58.0541 3236  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:17:58.0604 3236  sfloppy - ok
12:17:58.0697 3236  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:17:58.0775 3236  ShellHWDetection - ok
12:17:58.0853 3236  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:17:58.0947 3236  SiSRaid2 - ok
12:17:59.0009 3236  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:17:59.0041 3236  SiSRaid4 - ok
12:17:59.0087 3236  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:17:59.0228 3236  SkypeUpdate - ok
12:17:59.0290 3236  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:17:59.0321 3236  Smb - ok
12:17:59.0384 3236  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:17:59.0399 3236  SNMPTRAP - ok
12:17:59.0431 3236  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:17:59.0446 3236  spldr - ok
12:17:59.0587 3236  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:17:59.0665 3236  Spooler - ok
12:17:59.0883 3236  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:17:59.0914 3236  sppsvc - ok
12:17:59.0945 3236  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:18:00.0023 3236  sppuinotify - ok
12:18:00.0055 3236  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:18:00.0086 3236  srv - ok
12:18:00.0133 3236  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:18:00.0179 3236  srv2 - ok
12:18:00.0211 3236  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:18:00.0242 3236  srvnet - ok
12:18:00.0289 3236  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:18:00.0725 3236  SSDPSRV - ok
12:18:00.0757 3236  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:18:00.0819 3236  SstpSvc - ok
12:18:00.0897 3236  [ 2BFFFC1BEE0B5624248BE4F0A461A921 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:18:00.0991 3236  Stereo Service - ok
12:18:01.0022 3236  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:18:01.0037 3236  stexstor - ok
12:18:01.0131 3236  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:18:01.0178 3236  stisvc - ok
12:18:01.0209 3236  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:18:01.0240 3236  swenum - ok
12:18:01.0303 3236  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:18:01.0412 3236  swprv - ok
12:18:01.0474 3236  [ B3AD15FA10EBEAFC1275F34050E4E230 ] SynTP           C:\Windows\system32\drivers\SynTP.sys
12:18:01.0599 3236  SynTP - ok
12:18:02.0098 3236  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:18:02.0129 3236  SysMain - ok
12:18:02.0161 3236  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:18:02.0192 3236  TabletInputService - ok
12:18:02.0239 3236  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:18:02.0317 3236  TapiSrv - ok
12:18:02.0348 3236  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:18:02.0379 3236  TBS - ok
12:18:02.0551 3236  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:18:02.0785 3236  Tcpip - ok
12:18:02.0894 3236  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:18:02.0941 3236  TCPIP6 - ok
12:18:03.0050 3236  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:18:03.0081 3236  tcpipreg - ok
12:18:03.0128 3236  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:18:03.0128 3236  TDPIPE - ok
12:18:03.0159 3236  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:18:03.0175 3236  TDTCP - ok
12:18:03.0190 3236  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:18:03.0206 3236  tdx - ok
12:18:03.0221 3236  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:18:03.0237 3236  TermDD - ok
12:18:03.0268 3236  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:18:03.0299 3236  TermService - ok
12:18:03.0455 3236  [ 8F14DE79EBE73D6D717B8455E64DDA86 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
12:18:03.0471 3236  TGCM_ImportWiFiSvc - ok
12:18:03.0487 3236  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:18:03.0502 3236  Themes - ok
12:18:03.0533 3236  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:18:03.0533 3236  THREADORDER - ok
12:18:03.0627 3236  [ 68FE3D89829E27D4FD5EEA7BD2C41985 ] tihub3          C:\Windows\system32\drivers\tihub3.sys
12:18:03.0658 3236  tihub3 - ok
12:18:03.0689 3236  [ 0102C9633CE1F18A6AC021F28B734DB5 ] tixhci          C:\Windows\system32\drivers\tixhci.sys
12:18:03.0705 3236  tixhci - ok
12:18:03.0783 3236  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:18:03.0814 3236  TrkWks - ok
12:18:03.0877 3236  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:18:03.0892 3236  TrustedInstaller - ok
12:18:03.0923 3236  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:03.0970 3236  tssecsrv - ok
12:18:04.0001 3236  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:18:04.0048 3236  TsUsbFlt - ok
12:18:04.0079 3236  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:18:04.0142 3236  TsUsbGD - ok
12:18:04.0173 3236  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:18:04.0189 3236  tunnel - ok
12:18:04.0220 3236  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:18:04.0235 3236  uagp35 - ok
12:18:04.0298 3236  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:18:04.0313 3236  udfs - ok
12:18:04.0376 3236  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:18:04.0391 3236  UI0Detect - ok
12:18:04.0438 3236  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:18:04.0469 3236  uliagpkx - ok
12:18:04.0501 3236  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:18:04.0516 3236  umbus - ok
12:18:04.0547 3236  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:18:04.0547 3236  UmPass - ok
12:18:04.0688 3236  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:18:04.0828 3236  UNS - ok
12:18:04.0891 3236  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:18:04.0922 3236  upnphost - ok
12:18:04.0969 3236  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:04.0984 3236  usbccgp - ok
12:18:05.0031 3236  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:18:05.0047 3236  usbcir - ok
12:18:05.0093 3236  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:18:05.0109 3236  usbehci - ok
12:18:05.0171 3236  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
12:18:05.0187 3236  usbhub - ok
12:18:05.0234 3236  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:18:05.0249 3236  usbohci - ok
12:18:05.0281 3236  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:18:05.0296 3236  usbprint - ok
12:18:05.0327 3236  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:18:05.0359 3236  usbscan - ok
12:18:05.0374 3236  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:05.0390 3236  USBSTOR - ok
12:18:05.0421 3236  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:18:05.0437 3236  usbuhci - ok
12:18:05.0468 3236  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:18:05.0483 3236  usbvideo - ok
12:18:05.0515 3236  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:18:05.0530 3236  UxSms - ok
12:18:05.0546 3236  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:18:05.0546 3236  VaultSvc - ok
12:18:05.0593 3236  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:18:05.0608 3236  vdrvroot - ok
12:18:05.0639 3236  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:18:05.0671 3236  vds - ok
12:18:05.0702 3236  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:05.0764 3236  vga - ok
12:18:05.0780 3236  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:18:05.0795 3236  VgaSave - ok
12:18:05.0827 3236  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:18:05.0858 3236  vhdmp - ok
12:18:05.0920 3236  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:18:05.0920 3236  viaide - ok
12:18:05.0967 3236  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:18:05.0983 3236  volmgr - ok
12:18:06.0014 3236  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:18:06.0045 3236  volmgrx - ok
12:18:06.0154 3236  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:18:06.0170 3236  volsnap - ok
12:18:06.0201 3236  vpnva - ok
12:18:06.0232 3236  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:18:06.0248 3236  vsmraid - ok
12:18:06.0310 3236  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:18:06.0404 3236  VSS - ok
12:18:06.0466 3236  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:18:06.0466 3236  vwifibus - ok
12:18:06.0513 3236  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:18:06.0513 3236  vwififlt - ok
12:18:06.0544 3236  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:18:06.0544 3236  vwifimp - ok
12:18:06.0575 3236  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:18:06.0653 3236  W32Time - ok
12:18:06.0747 3236  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:18:06.0763 3236  WacomPen - ok
12:18:06.0856 3236  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:18:06.0872 3236  WANARP - ok
12:18:06.0887 3236  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:18:06.0903 3236  Wanarpv6 - ok
12:18:07.0075 3236  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:18:07.0262 3236  WatAdminSvc - ok
12:18:07.0355 3236  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:18:07.0511 3236  wbengine - ok
12:18:07.0543 3236  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:18:07.0558 3236  WbioSrvc - ok
12:18:07.0589 3236  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:18:07.0605 3236  wcncsvc - ok
12:18:07.0636 3236  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:18:07.0652 3236  WcsPlugInService - ok
12:18:07.0683 3236  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:18:07.0699 3236  Wd - ok
12:18:07.0745 3236  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:18:07.0777 3236  Wdf01000 - ok
12:18:07.0808 3236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:18:07.0823 3236  WdiServiceHost - ok
12:18:07.0839 3236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:18:07.0839 3236  WdiSystemHost - ok
12:18:07.0870 3236  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:18:07.0917 3236  WebClient - ok
12:18:07.0933 3236  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:18:07.0948 3236  Wecsvc - ok
12:18:07.0979 3236  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:18:07.0995 3236  wercplsupport - ok
12:18:08.0011 3236  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:18:08.0026 3236  WerSvc - ok
12:18:08.0057 3236  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:18:08.0073 3236  WfpLwf - ok
12:18:08.0104 3236  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:18:08.0104 3236  WIMMount - ok
12:18:08.0120 3236  WinHttpAutoProxySvc - ok
12:18:08.0198 3236  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:18:08.0213 3236  Winmgmt - ok
12:18:08.0307 3236  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:18:08.0369 3236  WinRM - ok
12:18:08.0432 3236  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
12:18:08.0432 3236  WisLMSvc - ok
12:18:08.0479 3236  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:18:08.0510 3236  Wlansvc - ok
12:18:08.0572 3236  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:18:08.0603 3236  wlcrasvc - ok
12:18:08.0713 3236  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:18:08.0759 3236  wlidsvc - ok
12:18:08.0806 3236  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:18:08.0806 3236  WmiAcpi - ok
12:18:08.0837 3236  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:18:08.0869 3236  wmiApSrv - ok
12:18:08.0900 3236  WMPNetworkSvc - ok
12:18:08.0947 3236  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:18:08.0947 3236  WPCSvc - ok
12:18:08.0962 3236  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:18:08.0993 3236  WPDBusEnum - ok
12:18:09.0025 3236  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:18:09.0025 3236  ws2ifsl - ok
12:18:09.0040 3236  WSearch - ok
12:18:09.0134 3236  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:18:09.0212 3236  wuauserv - ok
12:18:09.0243 3236  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:18:09.0259 3236  WudfPf - ok
12:18:09.0274 3236  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:09.0290 3236  WUDFRd - ok
12:18:09.0321 3236  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:18:09.0337 3236  wudfsvc - ok
12:18:09.0383 3236  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:18:09.0415 3236  WwanSvc - ok
12:18:09.0461 3236  [ AD6558FBC66691959BA4AC55A57C3921 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:18:09.0477 3236  ZTEusbmdm6k - ok
12:18:09.0493 3236  [ AD6558FBC66691959BA4AC55A57C3921 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:18:09.0508 3236  ZTEusbnmea - ok
12:18:09.0524 3236  [ AD6558FBC66691959BA4AC55A57C3921 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:18:09.0539 3236  ZTEusbser6k - ok
12:18:09.0602 3236  ================ Scan global ===============================
12:18:09.0617 3236  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:18:09.0680 3236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:18:09.0727 3236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:18:09.0758 3236  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:18:09.0820 3236  [ 2F46C1760C531EB2B181F9076E552E8A ] C:\Windows\system32\services.exe
12:18:09.0820 3236  [Global] - ok
12:18:09.0820 3236  ================ Scan MBR ==================================
12:18:09.0836 3236  [ 01C6AE8EADD5F5B4C22DD5848D9CB4B9 ] \Device\Harddisk0\DR0
12:18:14.0500 3236  \Device\Harddisk0\DR0 - ok
12:18:14.0516 3236  ================ Scan VBR ==================================
12:18:14.0578 3236  [ 0893F851186EA76FBD050DBCEAD21DBA ] \Device\Harddisk0\DR0\Partition1
12:18:14.0578 3236  \Device\Harddisk0\DR0\Partition1 - ok
12:18:14.0594 3236  [ A26883EC8303B04EA25B634BCB018688 ] \Device\Harddisk0\DR0\Partition2
12:18:14.0594 3236  \Device\Harddisk0\DR0\Partition2 - ok
12:18:14.0609 3236  [ FF2E9FCD24C175364BE0CAD3C52C7ABD ] \Device\Harddisk0\DR0\Partition3
12:18:14.0609 3236  \Device\Harddisk0\DR0\Partition3 - ok
12:18:14.0625 3236  ============================================================
12:18:14.0625 3236  Scan finished
12:18:14.0625 3236  ============================================================
12:18:14.0625 3196  Detected object count: 0
12:18:14.0625 3196  Actual detected object count: 0
12:21:55.0724 3492  Deinitialize success
         
danke

Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 09/04/2013 um 12:26:06 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : kiwi - INHAMBANE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\kiwi\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\kiwi\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\kiwi\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\pb1bl2mf.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [896 octets] - [09/04/2013 12:26:06]

########## EOF - C:\AdwCleaner[S1].txt - [955 octets] ##########
         

Alt 09.04.2013, 13:09   #2
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Code:
ATTFilter
OTL logfile created on: 09.04.2013 12:31:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kiwi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 57,47% Memory free
7,81 Gb Paging File | 6,01 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 490,48 Gb Free Space | 75,74% Space Free | Partition Type: NTFS
Drive D: | 48,00 Gb Total Space | 22,11 Gb Free Space | 46,07% Space Free | Partition Type: NTFS
Drive E: | 7,68 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: INHAMBANE | User Name: kiwi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.09 12:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
PRC - [2013.03.27 12:48:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 12:47:52 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.27 12:47:51 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.08 14:48:14 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.13 05:06:20 | 000,447,016 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2011.08.06 02:20:10 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2011.08.06 02:20:10 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.08 14:48:14 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.25 03:15:40 | 000,237,160 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013.03.27 12:48:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 12:47:52 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 23:06:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 14:48:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.27 12:48:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 12:48:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 12:48:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.10 21:57:34 | 000,165,504 | ---- | M] (ITE                      ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2011.07.27 01:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.25 09:40:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.07.20 14:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 14:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.24 09:53:02 | 000,413,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011.03.24 09:53:02 | 000,219,008 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.03.24 09:53:02 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.03.24 09:53:02 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.01.25 21:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.12.28 13:47:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.16 17:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010.09.03 14:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.28 16:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 18:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes,DefaultScope = {6390AECC-1EE3-41F3-BAA6-AEC4908DFF08}
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes\{6390AECC-1EE3-41F3-BAA6-AEC4908DFF08}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xph&d=0809&m=ao751h"
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.ujf-grenoble.fr/auto-proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "176.34.218.96"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.34.218.96"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "176.34.218.96"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\kiwi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 18:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:48:09 | 000,000,000 | ---D | M]
 
[2011.10.27 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\Extensions
[2013.02.23 01:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\Firefox\Profiles\pb1bl2mf.default\extensions
[2013.02.23 01:38:34 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.02.09 20:41:08 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\stealthyextension@gmail.com.xpi
[2013.02.15 00:42:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.02.16 18:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.03.08 14:48:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 19:34:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.27 18:05:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03825670-E143-4A1C-9D66-6B83C604CAAB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F94867C-659B-42A6-8637-881C199FBCCF}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.09 12:30:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
[2013.04.09 12:07:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.04.09 11:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fugawi
[2013.04.09 11:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Earth Resource Mapping
[2013.04.09 11:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Fugawi
[2013.04.09 11:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fugawi
[2013.04.03 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Local\Microsoft Games
[2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Roaming\EPSON
[2013.03.27 18:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.27 12:48:37 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:48:37 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:48:37 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.26 14:41:48 | 000,000,000 | ---D | C] -- C:\Users\kiwi\Documents\phd
[2013.03.13 23:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.04.09 12:35:19 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 12:35:19 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 12:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
[2013.04.09 12:28:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.09 12:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 12:27:32 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 12:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.09 11:55:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.09 11:08:33 | 000,000,017 | -H-- | M] () -- C:\Users\kiwi\AppData\Local\19720201.dat
[2013.04.09 11:08:32 | 000,000,036 | ---- | M] () -- C:\Windows\iltwain.ini
[2013.04.09 10:08:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.09 10:08:46 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.09 10:08:46 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.09 10:08:46 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.09 10:08:46 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 09:57:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001UA.job
[2013.04.07 15:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001Core.job
[2013.04.02 15:05:18 | 000,001,019 | ---- | M] () -- C:\Users\kiwi\Desktop\Dropbox.lnk
[2013.03.27 18:51:28 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.27 12:48:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:48:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:48:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.04.09 11:08:33 | 000,000,017 | -H-- | C] () -- C:\Users\kiwi\AppData\Local\19720201.dat
[2013.04.09 11:08:26 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2013.03.27 18:51:28 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.11.08 12:22:54 | 000,003,584 | ---- | C] () -- C:\Users\kiwi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.01 23:58:31 | 000,000,032 | ---- | C] () -- C:\Windows\Grapher.INI
[2012.01.18 00:50:11 | 000,000,020 | ---- | C] () -- C:\Users\kiwi\.geomapapp-home
[2011.07.27 01:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.27 01:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce}\L
[2013.04.09 12:14:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.08 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\2K Sports
[2012.11.13 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Ashampoo
[2011.10.27 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2013.04.08 09:30:40 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Dropbox
[2013.03.31 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\EPSON
[2012.08.01 10:06:34 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\FileZilla
[2012.07.23 09:27:40 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\GHISLER
[2012.01.16 12:03:27 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Golden Software
[2012.01.28 19:59:05 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\ICQ
[2011.10.30 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Simfy
[2012.05.24 22:59:21 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Spotify
[2012.11.15 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\SumatraPDF
[2011.11.14 19:18:24 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Telefónica
[2012.05.01 00:18:46 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\TuneUp Software
[2011.11.18 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 

< End of report >
         
__________________


Alt 10.04.2013, 02:32   #3
aharonov
/// TB-Ausbilder
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Hi,

Zitat:
habe die Schritte zur Entfernung wie in einem anderen thread (W32/Patched.UC) beschrieben durchgeführt.
Das sollte man in so einem Fall gar nie machen, wenn man nicht weiss, was man tut. Jeder Fall ist individuell zu untersuchen.

Zitat:
Kann mir jemand sagen, ob ich clean bin?
Alles andere als clean.

Was ist dein ursprüngliches Problem? Gibt es bestehende Logs von deinem Virenscanner, welche dir Malware (z.B. w32/patched.uc) angezeigt haben? Diese würde ich gerne sehen.
Mach bitte zusätzlich noch einen Gmer-Scan:


Schritt 1

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Bitte poste in deiner nächsten Antwort:
  • bestehende Logs mit Funden
  • Log von Gmer
__________________
__________________

Alt 10.04.2013, 16:54   #4
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



avira hatte den w32/patched.uc gefunden und in quarantäne verschoben

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 9. April 2013  12:09


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : INHAMBANE

Versionsinformationen:
BUILD.DAT      : 13.0.0.3499    49286 Bytes  19.03.2013 16:29:00
AVSCAN.EXE     : 13.6.0.986    639712 Bytes  27.03.2013 10:47:53
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  12.12.2012 00:13:17
LUKE.DLL       : 13.6.0.902     67808 Bytes  27.03.2013 10:48:07
AVSCPLR.DLL    : 13.6.0.986     94944 Bytes  25.03.2013 08:10:37
AVREG.DLL      : 13.6.0.940    250592 Bytes  25.03.2013 08:10:37
avlode.dll     : 13.6.2.940    434912 Bytes  27.03.2013 10:47:53
avlode.rdf     : 13.0.0.46      15591 Bytes  28.03.2013 23:40:48
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 13:19:21
VBASE001.VDF   : 7.11.70.1       2048 Bytes  04.04.2013 13:19:22
VBASE002.VDF   : 7.11.70.2       2048 Bytes  04.04.2013 13:19:22
VBASE003.VDF   : 7.11.70.3       2048 Bytes  04.04.2013 13:19:23
VBASE004.VDF   : 7.11.70.4       2048 Bytes  04.04.2013 13:19:23
VBASE005.VDF   : 7.11.70.5       2048 Bytes  04.04.2013 13:19:23
VBASE006.VDF   : 7.11.70.6       2048 Bytes  04.04.2013 13:19:23
VBASE007.VDF   : 7.11.70.7       2048 Bytes  04.04.2013 13:19:24
VBASE008.VDF   : 7.11.70.8       2048 Bytes  04.04.2013 13:19:24
VBASE009.VDF   : 7.11.70.9       2048 Bytes  04.04.2013 13:19:24
VBASE010.VDF   : 7.11.70.10      2048 Bytes  04.04.2013 13:19:24
VBASE011.VDF   : 7.11.70.11      2048 Bytes  04.04.2013 13:19:25
VBASE012.VDF   : 7.11.70.12      2048 Bytes  04.04.2013 13:19:25
VBASE013.VDF   : 7.11.70.13      2048 Bytes  04.04.2013 13:19:25
VBASE014.VDF   : 7.11.70.103   136192 Bytes  05.04.2013 15:22:36
VBASE015.VDF   : 7.11.70.183   183808 Bytes  06.04.2013 16:41:00
VBASE016.VDF   : 7.11.71.9     145920 Bytes  08.04.2013 15:20:51
VBASE017.VDF   : 7.11.71.10      2048 Bytes  08.04.2013 15:20:51
VBASE018.VDF   : 7.11.71.11      2048 Bytes  08.04.2013 15:20:51
VBASE019.VDF   : 7.11.71.12      2048 Bytes  08.04.2013 15:20:51
VBASE020.VDF   : 7.11.71.13      2048 Bytes  08.04.2013 15:20:51
VBASE021.VDF   : 7.11.71.14      2048 Bytes  08.04.2013 15:20:51
VBASE022.VDF   : 7.11.71.15      2048 Bytes  08.04.2013 15:20:51
VBASE023.VDF   : 7.11.71.16      2048 Bytes  08.04.2013 15:20:51
VBASE024.VDF   : 7.11.71.17      2048 Bytes  08.04.2013 15:20:52
VBASE025.VDF   : 7.11.71.18      2048 Bytes  08.04.2013 15:20:52
VBASE026.VDF   : 7.11.71.19      2048 Bytes  08.04.2013 15:20:52
VBASE027.VDF   : 7.11.71.20      2048 Bytes  08.04.2013 15:20:52
VBASE028.VDF   : 7.11.71.21      2048 Bytes  08.04.2013 15:20:52
VBASE029.VDF   : 7.11.71.22      2048 Bytes  08.04.2013 15:20:52
VBASE030.VDF   : 7.11.71.23      2048 Bytes  08.04.2013 15:20:52
VBASE031.VDF   : 7.11.71.78     46080 Bytes  09.04.2013 07:48:05
Engineversion  : 8.2.12.24 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL   : 8.1.4.104     475517 Bytes  04.04.2013 19:42:36
AESCN.DLL      : 8.1.10.4      131446 Bytes  27.03.2013 10:47:48
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 16:45:33
AEPACK.DLL     : 8.3.2.6       827767 Bytes  28.03.2013 23:40:47
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 15:35:31
AEHEUR.DLL     : 8.1.4.278    5828985 Bytes  04.04.2013 19:42:35
AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 15:52:32
AEGEN.DLL      : 8.1.7.2       442741 Bytes  27.03.2013 10:47:48
AEEXP.DLL      : 8.4.0.16      192886 Bytes  04.04.2013 19:42:37
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 14:42:55
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 16:56:33
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 15:32:18
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  12.02.2013 16:51:09
AVPREF.DLL     : 13.6.0.480     51056 Bytes  12.02.2013 16:52:30
AVREP.DLL      : 13.6.0.480    178544 Bytes  05.02.2013 14:59:15
AVARKT.DLL     : 13.6.0.902    260832 Bytes  27.03.2013 10:47:49
AVEVTLOG.DLL   : 13.6.0.902    167648 Bytes  27.03.2013 10:47:51
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  12.02.2013 16:52:40
NETNT.DLL      : 13.6.0.480     16240 Bytes  12.02.2013 16:57:54
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  12.12.2012 00:13:11
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  27.03.2013 10:47:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5163c669\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Dienstag, 9. April 2013  12:09

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '164' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSAmpPalService.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSSecurityMgr.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ImpWiFiSvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '180' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'iFrmewrk.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyApp.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSD.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'WButton.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'pcee4.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WisLMSvc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'tdsskiller.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht
  Modul ist infiziert -> <C:\Windows\system32\services.exe>
  [FUND]      Enthält Code des Windows-Virus W32/Patched.UC
  [WARNUNG]   Die Datei wurde auf Nachfrage nicht repariert!
Durchsuche Prozess 'lsass.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht


Ende des Suchlaufs: Dienstag, 9. April 2013  12:13
Benötigte Zeit: 03:49 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   3923 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   3922 Dateien ohne Befall
     29 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise
         

Alt 10.04.2013, 17:20   #5
aharonov
/// TB-Ausbilder
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Ok, dann noch der Gmer-Scan und dann schauen wir, was man da tun kann..

__________________
cheers,
Leo

Alt 10.04.2013, 20:10   #6
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 19:16:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: hwznsbqc.exe; Driver: C:\Users\kiwi\AppData\Local\Temp\fwdcapow.sys


---- User code sections - GMER 2.1 ----

.reloc  C:\Windows\system32\services.exe [640] section is executable [0x4A8, 0xA0000020]                                                     0000000100052000
.text   C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000075381465 2 bytes [38, 75]
.text   C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000753814bb 2 bytes [38, 75]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000075381465 2 bytes [38, 75]
.text   C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000753814bb 2 bytes [38, 75]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075381465 2 bytes [38, 75]
.text   C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000753814bb 2 bytes [38, 75]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075381465 2 bytes [38, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753814bb 2 bytes [38, 75]
.text   ...                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\ntdll.dll [3592:3596]                                                                                            0000000000a03fe1
Thread  C:\Windows\SysWOW64\ntdll.dll [3592:3836]                                                                                            0000000074328c3c
Thread  C:\Windows\SysWOW64\ntdll.dll [3592:3840]                                                                                            0000000074328f11
Thread  C:\Windows\SysWOW64\ntdll.dll [3592:3844]                                                                                            000000007432882e
Thread  C:\Windows\SysWOW64\ntdll.dll [3592:3848]                                                                                            000000007442786a

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77379f27fb                                                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77379f27fb (not active ControlSet)                                      

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 10.04.2013, 20:17   #7
aharonov
/// TB-Ausbilder
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Hallo,

gut, genug Vorgeplänkel, wir schlagen jetzt zu:


Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 10.04.2013, 21:19   #8
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Code:
ATTFilter
ComboFix 13-04-10.02 - kiwi 10.04.2013  20:42:57.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4002.1822 [GMT 2:00]
ausgeführt von:: c:\users\kiwi\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\erdnt\cache64\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-10 bis 2013-04-10  ))))))))))))))))))))))))))))))
.
.
2013-04-10 18:56 . 2013-04-10 18:56	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-10 18:56 . 2013-04-10 18:56	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-10 18:56 . 2013-04-10 18:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-09 11:15 . 2013-04-09 11:16	--------	d-----w-	c:\users\kiwi\AppData\Roaming\Fugawi
2013-04-09 11:14 . 2013-04-09 14:58	--------	d-----w-	c:\programdata\Fugawi
2013-04-09 10:07 . 2013-04-09 10:07	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-04-09 09:08 . 2002-01-05 02:48	974848	----a-w-	c:\windows\SysWow64\mfc70.dll
2013-04-09 09:08 . 2002-01-05 02:36	964608	----a-w-	c:\windows\SysWow64\mfc70u.dll
2013-04-09 09:08 . 2002-01-05 01:37	344064	----a-w-	c:\windows\SysWow64\msvcr70.dll
2013-04-09 09:08 . 2013-04-09 14:58	--------	d-----w-	c:\program files (x86)\Common Files\Fugawi
2013-04-03 17:52 . 2013-04-03 17:58	--------	d-----w-	c:\users\kiwi\AppData\Local\Microsoft Games
2013-03-31 18:06 . 2013-03-31 18:06	--------	d-----w-	c:\users\kiwi\AppData\Roaming\EPSON
2013-03-27 10:48 . 2013-03-27 10:48	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-27 10:48 . 2013-03-27 10:48	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-27 10:48 . 2013-03-27 10:48	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-26 10:40 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-13 21:45 . 2013-03-13 21:45	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-03-13 21:45 . 2013-03-13 21:45	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 13:49 . 2011-11-19 09:06	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-05 13:49 . 2011-11-22 10:31	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-03-13 21:49 . 2011-08-10 15:28	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 21:06 . 2012-05-01 23:12	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 21:06 . 2011-08-10 19:00	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 22:55 . 2013-03-06 22:55	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 22:55 . 2012-06-11 20:48	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 22:55 . 2011-08-10 19:01	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 21:15	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 21:15	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 21:15	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 21:15	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 21:15	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 21:15	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-07 23:11 . 2011-08-17 12:30	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2013-02-07 23:11 . 2013-02-07 23:11	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-02-07 23:11 . 2013-02-07 23:11	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-02-03 04:28 . 2011-11-22 10:41	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-03 04:28 . 2011-11-19 08:56	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-13 21:17 . 2013-02-27 19:00	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 19:00	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 19:00	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 19:00	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 19:00	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 19:00	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 19:00	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 19:00	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 19:00	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 19:00	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 19:00	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 19:00	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 19:00	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 19:00	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 19:00	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 19:00	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 19:00	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 19:00	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 19:00	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 19:00	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 19:00	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 19:00	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 19:00	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 19:00	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 19:00	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 19:00	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 19:00	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 19:00	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 19:00	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 19:00	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 19:00	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 19:00	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 19:00	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 19:00	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 19:00	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 19:00	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 19:00	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 19:00	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 19:00	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 19:00	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 19:00	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 19:00	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 19:00	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 19:00	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 19:00	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 19:00	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 19:00	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 19:00	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 19:00	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 19:00	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 19:00	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="c:\program files (x86)\AviraSpeedup\AviraSpeedup.exe" [2012-11-05 4856296]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2011-08-06 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2011-08-06 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2011-08-13 447016]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-02-03 506712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-24 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-24 413696]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-12-28 12800]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2009-02-03 12800]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys [2010-09-16 1077416]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-07-25 25960]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-27 28600]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-07-25 378472]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-28 2656280]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-24 85504]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2011-08-10 165504]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-06-21 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-07-20 406336]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2011-08-06 118560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:06]
.
2013-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001Core.job
- c:\users\kiwi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28 13:52]
.
2013-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001UA.job
- c:\users\kiwi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28 13:52]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 09:58]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-27 09:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\kiwi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\kiwi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\kiwi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\kiwi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aldi.com
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5F94867C-659B-42A6-8637-881C199FBCCF}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\kiwi\AppData\Roaming\Mozilla\Firefox\Profiles\pb1bl2mf.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xph&d=0809&m=ao751h
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\kiwi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\kiwi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\kiwi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
SafeBoot-57899952.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-GeoMapApp - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-10  21:06:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-10 19:06
.
Vor Suchlauf: 12 Verzeichnis(se), 526.106.984.448 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 529.701.122.048 Bytes frei
.
- - End Of File - - 58FA031D8EEBA104106C5961AB09A3CE
         
Code:
ATTFilter
OTL logfile created on: 10.04.2013 21:08:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kiwi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 50,61% Memory free
7,81 Gb Paging File | 5,83 Gb Available in Paging File | 74,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 493,42 Gb Free Space | 76,20% Space Free | Partition Type: NTFS
Drive D: | 48,00 Gb Total Space | 22,11 Gb Free Space | 46,07% Space Free | Partition Type: NTFS
Drive E: | 7,68 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: INHAMBANE | User Name: kiwi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.09 12:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
PRC - [2013.03.27 12:48:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 12:47:52 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.27 12:47:51 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.08 14:48:14 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.13 05:06:20 | 000,447,016 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2011.08.06 02:20:10 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2011.08.06 02:20:10 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.08 14:48:14 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.25 03:15:40 | 000,237,160 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.27 12:48:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 12:47:52 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 23:06:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 14:48:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.27 12:48:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 12:48:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 12:48:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.10 21:57:34 | 000,165,504 | ---- | M] (ITE                      ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2011.07.27 01:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.25 09:40:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.07.20 14:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 14:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.24 09:53:02 | 000,413,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011.03.24 09:53:02 | 000,219,008 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.03.24 09:53:02 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.03.24 09:53:02 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.01.25 21:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.12.28 13:47:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.16 17:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010.09.03 14:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.28 16:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 18:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes,DefaultScope = {6390AECC-1EE3-41F3-BAA6-AEC4908DFF08}
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes\{6390AECC-1EE3-41F3-BAA6-AEC4908DFF08}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xph&d=0809&m=ao751h"
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.ujf-grenoble.fr/auto-proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "176.34.218.96"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.34.218.96"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "176.34.218.96"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\kiwi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 18:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:48:09 | 000,000,000 | ---D | M]
 
[2011.10.27 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\Extensions
[2013.02.23 01:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\Firefox\Profiles\pb1bl2mf.default\extensions
[2013.02.23 01:38:34 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.02.09 20:41:08 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\stealthyextension@gmail.com.xpi
[2013.02.15 00:42:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.02.16 18:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.03.08 14:48:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 19:34:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.10 20:58:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03825670-E143-4A1C-9D66-6B83C604CAAB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F94867C-659B-42A6-8637-881C199FBCCF}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 21:06:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.10 20:58:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.10 20:40:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.10 20:40:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.10 20:40:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.10 20:37:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.10 20:36:14 | 005,050,592 | R--- | C] (Swearware) -- C:\Users\kiwi\Desktop\ComboFix.exe
[2013.04.09 16:50:10 | 000,000,000 | R--D | C] -- C:\Users\kiwi\Documents\Scanned Documents
[2013.04.09 16:50:09 | 000,000,000 | ---D | C] -- C:\Users\kiwi\Documents\Fax
[2013.04.09 13:15:06 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Roaming\Fugawi
[2013.04.09 13:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugawi
[2013.04.09 12:30:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
[2013.04.09 12:07:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.04.09 11:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Fugawi
[2013.04.03 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Local\Microsoft Games
[2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Roaming\EPSON
[2013.03.27 18:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.27 12:48:37 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:48:37 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:48:37 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.26 14:41:48 | 000,000,000 | ---D | C] -- C:\Users\kiwi\Documents\phd
[2013.03.13 23:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.04.10 21:08:49 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 21:08:49 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 21:00:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.10 20:58:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.10 20:58:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.10 20:58:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.10 20:58:07 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.10 20:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 20:36:24 | 005,050,592 | R--- | M] (Swearware) -- C:\Users\kiwi\Desktop\ComboFix.exe
[2013.04.10 19:16:14 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001UA.job
[2013.04.10 16:56:42 | 000,377,856 | ---- | M] () -- C:\Users\kiwi\Desktop\hwznsbqc.exe
[2013.04.10 07:26:44 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 07:26:44 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.10 07:26:44 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 07:26:44 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.10 07:26:44 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 16:57:58 | 000,000,037 | ---- | M] () -- C:\Windows\iltwain.ini
[2013.04.09 16:57:07 | 000,000,017 | -H-- | M] () -- C:\Users\kiwi\AppData\Local\19720201.dat
[2013.04.09 15:59:53 | 000,514,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 12:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
[2013.04.07 15:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001Core.job
[2013.04.02 15:05:18 | 000,001,019 | ---- | M] () -- C:\Users\kiwi\Desktop\Dropbox.lnk
[2013.03.27 18:51:28 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.27 12:48:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:48:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:48:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.04.10 20:40:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.10 20:40:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.10 20:40:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.10 20:40:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.10 20:40:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.10 16:56:40 | 000,377,856 | ---- | C] () -- C:\Users\kiwi\Desktop\hwznsbqc.exe
[2013.04.09 11:08:33 | 000,000,017 | -H-- | C] () -- C:\Users\kiwi\AppData\Local\19720201.dat
[2013.04.09 11:08:26 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2013.03.27 18:51:28 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.11.08 12:22:54 | 000,003,584 | ---- | C] () -- C:\Users\kiwi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.01 23:58:31 | 000,000,032 | ---- | C] () -- C:\Windows\Grapher.INI
[2012.01.18 00:50:11 | 000,000,020 | ---- | C] () -- C:\Users\kiwi\.geomapapp-home
[2011.07.27 01:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.27 01:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce}\L
[2013.04.09 12:14:35 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.08 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\2K Sports
[2012.11.13 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Ashampoo
[2011.10.27 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2013.04.09 16:02:09 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Dropbox
[2013.03.31 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\EPSON
[2012.08.01 10:06:34 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\FileZilla
[2013.04.09 13:16:42 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Fugawi
[2012.07.23 09:27:40 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\GHISLER
[2012.01.16 12:03:27 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Golden Software
[2012.01.28 19:59:05 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\ICQ
[2011.10.30 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Simfy
[2012.05.24 22:59:21 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Spotify
[2012.11.15 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\SumatraPDF
[2011.11.14 19:18:24 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Telefónica
[2012.05.01 00:18:46 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\TuneUp Software
[2011.11.18 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 

< End of report >
         
wie siehts aus?

Alt 10.04.2013, 21:20   #9
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles




Alt 11.04.2013, 01:19   #10
aharonov
/// TB-Ausbilder
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Hi,

das war schon mal ein Anfang..


Hinweis: Deaktivierte Benutzerkontensteuerung

Ich sehe, dass die Benutzerkontensteuerung (UAC) bei dir deaktiviert ist. Hast du sie bewusst selbst ausgeschaltet?
Aus der Sicherheitsperspektive her gesehen sollte man die Benutzerkontensteuerung eingeschaltet lassen, auch wenn sie manchmal etwas mühsam ist.

Ich empfehle dir, sie gemäss dieser Anleitung wieder zu aktivieren.



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
[2013.04.09 11:08:33 | 000,000,017 | -H-- | C] () -- C:\Users\kiwi\AppData\Local\19720201.dat
[2013.04.09 11:08:26 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini

:files
C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce}

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
  • Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.
Falls Funde angezeigt werden:
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
  • Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.
Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAR
  • Log von OTL
__________________
cheers,
Leo

Alt 11.04.2013, 16:13   #11
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\kiwi\AppData\Local\19720201.dat moved successfully.
C:\Windows\iltwain.ini moved successfully.
========== FILES ==========
C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce}\U folder moved successfully.
C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce}\L folder moved successfully.
C:\Windows\Installer\{3ff37d06-1ee5-a505-6ea7-5a5e6172b6ce} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: kiwi
->Temp folder emptied: 183512917 bytes
->Temporary Internet Files folder emptied: 3793506 bytes
->Java cache emptied: 33502 bytes
->FireFox cache emptied: 89244585 bytes
->Flash cache emptied: 25142 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2682 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 264,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_145647

Files\Folders moved on Reboot...
C:\Users\kiwi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kiwi :: INHAMBANE [administrator]

11.04.2013 15:29:02
mbar-log-2013-04-11 (15-29-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31011
Time elapsed: 22 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
OTL logfile created on: 11.04.2013 15:59:35 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kiwi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 55,79% Memory free
7,81 Gb Paging File | 5,86 Gb Available in Paging File | 75,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 493,20 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
Drive D: | 48,00 Gb Total Space | 22,11 Gb Free Space | 46,07% Space Free | Partition Type: NTFS
 
Computer Name: INHAMBANE | User Name: kiwi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.09 12:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
PRC - [2013.03.27 12:48:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 12:47:52 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.27 12:47:51 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.08 14:48:14 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.13 05:06:20 | 000,447,016 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2011.08.06 02:20:10 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2011.08.06 02:20:10 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.03.30 23:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.08 14:48:14 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.25 03:15:40 | 000,237,160 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.03.27 12:48:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 12:47:52 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 23:06:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 14:48:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.06 02:20:10 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2011.07.25 09:40:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.25 03:15:54 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.30 23:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.30 23:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.03.30 23:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.12.28 13:47:06 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.28 13:47:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.27 12:48:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 12:48:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 12:48:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.10 21:57:34 | 000,165,504 | ---- | M] (ITE                      ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2011.07.27 01:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.25 09:40:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.07.20 14:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 14:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.03.24 09:53:02 | 000,413,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011.03.24 09:53:02 | 000,219,008 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.03.24 09:53:02 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.03.24 09:53:02 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2011.03.23 03:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.03.15 18:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.08 23:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.03.08 23:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.01.25 21:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.12.28 13:47:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.16 17:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010.09.03 14:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 18:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.28 16:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 18:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes,DefaultScope = {6390AECC-1EE3-41F3-BAA6-AEC4908DFF08}
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes\{6390AECC-1EE3-41F3-BAA6-AEC4908DFF08}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xph&d=0809&m=ao751h"
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.ujf-grenoble.fr/auto-proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "176.34.218.96"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "176.34.218.96"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "176.34.218.96"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\kiwi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 18:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:48:09 | 000,000,000 | ---D | M]
 
[2011.10.27 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\Extensions
[2013.02.23 01:38:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\Firefox\Profiles\pb1bl2mf.default\extensions
[2013.02.23 01:38:34 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.02.09 20:41:08 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\stealthyextension@gmail.com.xpi
[2013.02.15 00:42:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\kiwi\AppData\Roaming\mozilla\firefox\profiles\pb1bl2mf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013.03.08 14:48:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
[2013.02.16 18:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.03.08 14:48:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 19:34:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.10 20:58:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1702322170-1701308514-190303339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03825670-E143-4A1C-9D66-6B83C604CAAB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F94867C-659B-42A6-8637-881C199FBCCF}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 15:05:06 | 000,000,000 | ---D | C] -- C:\Users\kiwi\Desktop\mbar-1.01.0.1022
[2013.04.11 14:56:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.10 21:06:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.10 20:58:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.10 20:40:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.10 20:40:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.10 20:40:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.10 20:37:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.10 20:36:14 | 005,050,592 | R--- | C] (Swearware) -- C:\Users\kiwi\Desktop\ComboFix.exe
[2013.04.09 16:50:10 | 000,000,000 | R--D | C] -- C:\Users\kiwi\Documents\Scanned Documents
[2013.04.09 16:50:09 | 000,000,000 | ---D | C] -- C:\Users\kiwi\Documents\Fax
[2013.04.09 13:15:06 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Roaming\Fugawi
[2013.04.09 13:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugawi
[2013.04.09 12:30:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
[2013.04.09 12:07:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.04.09 11:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Fugawi
[2013.04.03 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Local\Microsoft Games
[2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\Users\kiwi\AppData\Roaming\EPSON
[2013.03.27 18:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.27 12:48:37 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:48:37 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:48:37 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.26 14:41:48 | 000,000,000 | ---D | C] -- C:\Users\kiwi\Documents\phd
[2013.03.13 23:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013.04.11 16:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.11 16:00:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.11 15:57:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001UA.job
[2013.04.11 15:57:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702322170-1701308514-190303339-1001Core.job
[2013.04.11 15:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 15:07:25 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 15:07:25 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 15:04:25 | 012,894,739 | ---- | M] () -- C:\Users\kiwi\Desktop\mbar-1.01.0.1022.zip
[2013.04.11 14:59:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 14:58:24 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 14:50:16 | 000,514,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 20:58:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.10 20:36:24 | 005,050,592 | R--- | M] (Swearware) -- C:\Users\kiwi\Desktop\ComboFix.exe
[2013.04.10 16:56:42 | 000,377,856 | ---- | M] () -- C:\Users\kiwi\Desktop\hwznsbqc.exe
[2013.04.10 07:26:44 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 07:26:44 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.10 07:26:44 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 07:26:44 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.10 07:26:44 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 12:30:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kiwi\Desktop\OTL.exe
[2013.04.02 15:05:18 | 000,001,019 | ---- | M] () -- C:\Users\kiwi\Desktop\Dropbox.lnk
[2013.03.27 18:51:28 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.27 12:48:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.27 12:48:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.27 12:48:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013.04.11 15:04:09 | 012,894,739 | ---- | C] () -- C:\Users\kiwi\Desktop\mbar-1.01.0.1022.zip
[2013.04.10 20:40:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.10 20:40:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.10 20:40:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.10 20:40:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.10 20:40:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.10 16:56:40 | 000,377,856 | ---- | C] () -- C:\Users\kiwi\Desktop\hwznsbqc.exe
[2013.03.27 18:51:28 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.11.08 12:22:54 | 000,003,584 | ---- | C] () -- C:\Users\kiwi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.01 23:58:31 | 000,000,032 | ---- | C] () -- C:\Windows\Grapher.INI
[2012.01.18 00:50:11 | 000,000,020 | ---- | C] () -- C:\Users\kiwi\.geomapapp-home
[2011.07.27 01:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.27 01:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.08 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\2K Sports
[2012.11.13 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Ashampoo
[2011.10.27 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2013.04.09 16:02:09 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Dropbox
[2013.03.31 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\EPSON
[2012.08.01 10:06:34 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\FileZilla
[2013.04.09 13:16:42 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Fugawi
[2012.07.23 09:27:40 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\GHISLER
[2012.01.16 12:03:27 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Golden Software
[2012.01.28 19:59:05 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\ICQ
[2011.10.30 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Simfy
[2012.05.24 22:59:21 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Spotify
[2012.11.15 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\SumatraPDF
[2011.11.14 19:18:24 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Telefónica
[2012.05.01 00:18:46 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\TuneUp Software
[2011.11.18 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\kiwi\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 11.04.2013, 20:08   #12
aharonov
/// TB-Ausbilder
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Hi,

sieht schon besser aus.


Schritt 1

Downloade dir bitte Malwarebytes Anti-Malware .
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 2

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 3

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 13.04.2013, 06:32   #13
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kiwi :: INHAMBANE [Administrator]

12.04.2013 16:47:39
mbam-log-2013-04-12 (16-47-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239124
Laufzeit: 7 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
C:\TDSSKiller_Quarantine\09.04.2013_12.06.28\zasubsys0000\file0000\tsk0000.dta	Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\09.04.2013_12.06.28\zasubsys0000\zafs0000\tsk0000.dta	Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\09.04.2013_12.06.28\zasubsys0000\zafs0000\tsk0001.dta	Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\09.04.2013_12.06.28\zasubsys0000\zafs0000\tsk0003.dta	Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\09.04.2013_12.06.28\zasubsys0000\zafs0000\tsk0005.dta	Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\09.04.2013_12.06.28\zasubsys0000\zafs0000\tsk0006.dta	Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\09.04.2013_12.06.28\zasubsys0000\zafs0000\tsk0008.dta	a variant of Win64/Sirefef.AN trojan
         
security check kommt später

Alt 13.04.2013, 13:12   #14
aharonov
/// TB-Ausbilder
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Ok, ESET hat nur noch was gefunden, was bereits in Quarantäne steckt.
Noch SecurityCheck, dann schliessen wir ab.
__________________
cheers,
Leo

Alt 13.04.2013, 13:17   #15
jökull
 
w32/patched.uc - logfiles - Standard

w32/patched.uc - logfiles



Code:
ATTFilter
Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
benutzerkontensteuerung stell ich wieder an

Antwort

Themen zu w32/patched.uc - logfiles
avira, boot, browser, cdrom, clean, code, computer, desktop, detected, dxgkrnl, fontcache, google, harddisk, internet browser, live, logfile, logfiles, monitor, nvidia, object, policyagent, registrierungsdatenbank, rootkit, scan, server, system32, tdss, trustedinstaller, tunnel, windows, windows live, wlansvc, wmp, wsearch



Ähnliche Themen: w32/patched.uc - logfiles


  1. TR/Patched.Ren.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.08.2015 (7)
  2. Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (5)
  3. TR/Patched.Ren.Gen - Überfordert!
    Log-Analyse und Auswertung - 12.09.2014 (11)
  4. Patched.Ren.Gen again
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (17)
  5. TR/Patched.Ren.Gen
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (14)
  6. W32/patched.uc
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (3)
  7. W32/Patched.UC
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (15)
  8. W32/Patched.UB virus
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  9. W32/Patched.UB
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (1)
  10. Hätte gerne eine Auswertung meiner HJT-logfiles und meiner OTL+Extras-logfiles
    Log-Analyse und Auswertung - 26.07.2012 (15)
  11. w32/patched.ub
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  12. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  13. TR/Patched.GR.10 in explorer.exe & TR/Patched.KL.238 in winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  14. tr/patched.gen
    Plagegeister aller Art und deren Bekämpfung - 18.06.2009 (0)
  15. TR/Patched.DY.1
    Log-Analyse und Auswertung - 21.03.2009 (3)
  16. TR/Patched.DY.1, was nun?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2009 (4)
  17. Patched.DN
    Mülltonne - 27.12.2008 (0)

Zum Thema w32/patched.uc - logfiles - Hallo, habe die Schritte zur Entfernung wie in einem anderen thread ( http://www.trojaner-board.de/132262-w32-patched-uc.html ) beschrieben durchgeführt. Kann mir jemand sagen, ob ich clean bin? Code: Alles auswählen Aufklappen ATTFilter 12:16:24.0645 - w32/patched.uc - logfiles...
Archiv
Du betrachtest: w32/patched.uc - logfiles auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.