GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?

mazda-89 · 26.01.2013, 18:30

Hallo Trojaner-Board Team,

es ist vollbracht, er auch meinen wohl nicht ganz sicheren, PC befallen.
Ich habe es nach langem hin und her geschafft im Abges.Modus mit Eingabeaufforderung eine Systemwiederherstellung zu machen.

Nun läuft erstmal wieder alles.
Was muss ich jetzt alles machen im Anhang sind die Log´s

cosinus · 27.01.2013, 00:07

Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

mazda-89 · 27.01.2013, 10:44

Sry hatte das bei anderen so gesehn
Jetzt nochmal hoffentlich richtig

Code:

ATTFilter

 defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:37 on 26/01/2013 (Pascal)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.01.2013 10:18:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pascal\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,88 Gb Total Physical Memory | 13,69 Gb Available Physical Memory | 86,19% Memory free
31,76 Gb Paging File | 29,40 Gb Available in Paging File | 92,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,96 Gb Total Space | 10,95 Gb Free Space | 18,26% Space Free | Partition Type: NTFS
Drive D: | 59,18 Gb Total Space | 40,34 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 23,68 Gb Free Space | 40,41% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 97,43 Gb Free Space | 99,77% Space Free | Partition Type: NTFS
Drive G: | 76,63 Gb Total Space | 76,44 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive H: | 255,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Y: | 1842,86 Gb Total Space | 160,71 Gb Free Space | 8,72% Space Free | Partition Type: NTFS
Drive Z: | 1842,86 Gb Total Space | 160,71 Gb Free Space | 8,72% Space Free | Partition Type: NTFS
 
Computer Name: DÖRFLER | User Name: Pascal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.26 17:33:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
PRC - [2013.01.15 11:13:44 | 001,973,232 | ---- | M] (Micro-Star International) -- C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
PRC - [2012.12.20 18:44:32 | 000,844,296 | ---- | M] (Samsung) -- D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.12.20 18:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Kies\KiesTrayAgent.exe
PRC - [2012.12.20 18:44:26 | 001,476,104 | ---- | M] (Samsung) -- D:\Kies\Kies.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.12 20:29:24 | 002,495,944 | ---- | M] (EMC) -- C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
PRC - [2012.12.12 01:42:42 | 000,221,048 | ---- | M] (LenovoEMC Ltd.) -- C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
PRC - [2012.12.10 17:05:34 | 000,853,048 | ---- | M] (Micro-Star INT'L CO.,LTD.) -- C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.07 15:52:26 | 000,363,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.11.07 15:52:24 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.11.07 15:52:12 | 000,164,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.10.30 11:56:40 | 000,197,152 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2012.10.30 11:55:30 | 000,218,144 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012.10.26 11:23:12 | 000,122,936 | ---- | M] (MSI) -- C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
PRC - [2012.10.26 10:18:44 | 000,105,016 | ---- | M] (MSI) -- C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe
PRC - [2012.10.26 10:07:34 | 000,103,992 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
PRC - [2012.10.25 20:30:38 | 000,143,416 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2012.10.23 09:54:10 | 000,502,328 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2012.07.12 13:21:30 | 002,083,640 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro SafeSync\HrfsClient.exe
PRC - [2012.05.21 00:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.04.23 09:36:32 | 000,010,752 | ---- | M] () -- C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
PRC - [2012.04.17 14:01:42 | 000,075,280 | ---- | M] (MSI) -- C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
PRC - [2012.04.12 19:59:42 | 000,252,432 | ---- | M] () -- C:\Program Files (x86)\MSI\OTPService\OTPService.exe
PRC - [2012.01.05 06:35:30 | 002,325,096 | R--- | M] (Realtek Semiconductor) -- C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
PRC - [2011.09.20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2011.08.30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011.08.29 16:37:02 | 001,517,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.25 13:50:45 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
MOD - [2013.01.25 13:50:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.25 13:50:28 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.24 20:05:19 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.24 20:05:12 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.24 20:05:11 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll
MOD - [2013.01.24 20:05:08 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.24 20:05:07 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.24 20:05:06 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.24 20:05:06 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.01.24 20:05:05 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.24 20:05:05 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
MOD - [2013.01.24 20:05:04 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.24 20:05:01 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013.01.22 17:03:20 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013.01.21 18:22:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.21 18:22:47 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5f3769db958cc666dc98cb7748a84ac9\PresentationFramework.ni.dll
MOD - [2013.01.21 18:22:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.21 18:22:36 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.21 18:22:35 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\45e239d35a2c14b841dd4ef2c186ff2f\PresentationCore.ni.dll
MOD - [2013.01.21 18:22:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.21 18:22:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.21 18:22:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.21 18:22:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.21 18:22:23 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.12 20:30:10 | 006,302,208 | ---- | M] () -- C:\Program Files (x86)\LenovoEMC Storage Manager\wxmsw28u_vc_custom.dll
MOD - [2012.07.05 09:58:00 | 001,195,022 | ---- | M] () -- C:\Programme\Trend Micro SafeSync\avcodec-54.dll
MOD - [2012.07.05 09:58:00 | 000,217,614 | ---- | M] () -- C:\Programme\Trend Micro SafeSync\avformat-54.dll
MOD - [2012.07.05 09:58:00 | 000,138,766 | ---- | M] () -- C:\Programme\Trend Micro SafeSync\avutil-51.dll
MOD - [2011.11.04 12:24:20 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll
MOD - [2011.10.21 06:42:14 | 000,140,800 | R--- | M] () -- C:\Program Files (x86)\MSI\NetworkGenie\gep.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.25 14:07:57 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.12 01:42:42 | 000,221,048 | ---- | M] (LenovoEMC Ltd.) [Auto | Running] -- C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe -- (PCloudd)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.07 15:52:26 | 000,363,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.11.07 15:52:24 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.11.07 15:52:12 | 000,164,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.10.26 11:23:12 | 000,122,936 | ---- | M] (MSI) [Auto | Running] -- C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe -- (MSI_SuiteCharger)
SRV - [2012.10.26 10:18:44 | 000,105,016 | ---- | M] (MSI) [Auto | Running] -- C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe -- (MSI_SuiteFastBoot)
SRV - [2012.10.26 10:07:34 | 000,103,992 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe -- (MSI_FastBoot)
SRV - [2012.10.25 20:30:38 | 000,143,416 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.27 10:54:18 | 000,636,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.07.12 13:21:14 | 007,908,664 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2012.05.15 09:47:34 | 000,119,424 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.04.23 09:36:32 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe -- (MSIFileSyncMonitor)
SRV - [2012.04.17 14:01:42 | 000,075,280 | ---- | M] (MSI) [Auto | Running] -- C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe -- (MSI_ComCenService)
SRV - [2012.04.12 19:59:42 | 000,252,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MSI\OTPService\OTPService.exe -- (MSI_OTPService)
SRV - [2011.08.30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.09 01:46:40 | 000,020,048 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv)
DRV:64bit: - [2012.07.12 18:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.05.21 00:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 00:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 00:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.05.15 09:57:52 | 000,290,944 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.05.15 09:56:58 | 000,283,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.05.15 09:56:16 | 000,166,528 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.05.15 09:55:58 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.05.15 09:55:40 | 000,029,824 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.05.15 09:55:22 | 000,109,696 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.05.15 09:55:04 | 000,260,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.05.15 09:54:28 | 000,052,352 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2012.03.25 17:55:22 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.16 06:42:00 | 000,676,968 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.21 16:09:36 | 000,217,088 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2011.11.21 16:09:34 | 000,101,376 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2011.09.14 11:16:12 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2010.04.10 15:05:30 | 000,050,720 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010.01.05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.20 10:27:34 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.10.26 10:12:24 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys -- (NTIOLib_SuiteFB)
DRV - [2012.10.26 09:56:46 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys -- (NTIOLib_FastBoot)
DRV - [2012.10.25 19:51:34 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_1_S)
DRV - [2012.10.25 19:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2012.03.30 15:26:30 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\MSI\MSI SUITE\NTIOLib_X64.sys -- (NTIOLib_1_0_C)
DRV - [2011.09.20 11:10:48 | 000,011,080 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys -- (NTIOLib_1_0_D)
DRV - [2011.01.06 11:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7751vH60\NTIOLib_X64.sys -- (NTIOLib_1_0_6)
DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2009.10.06 00:10:14 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys -- (NTIOLib_1_0_T)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Docs = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe (MSI CO.,LTD.)
O4 - HKLM..\Run: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe ()
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] D:\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24A35A1A-EDFA-4609-8991-839864433C03}: DhcpNameServer = 192.168.2.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.05 12:47:18 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23242766-626f-11e2-8642-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23242766-626f-11e2-8642-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.27 10:11:56 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.01.26 18:24:02 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.26 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.26 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013.01.26 18:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.01.26 18:22:56 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Optimizer Pro
[2013.01.26 18:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013.01.26 18:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013.01.26 18:12:54 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe
[2013.01.26 18:12:54 | 000,700,783 | ---- | C] (Swearware) -- C:\Users\Pascal\Desktop\dds+.exe
[2013.01.26 18:06:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes
[2013.01.26 18:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.26 18:05:55 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.26 18:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.26 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.26 18:05:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs
[2013.01.26 17:33:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
[2013.01.26 17:31:32 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Pascal\Desktop\aswMBR.exe
[2013.01.25 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.25 14:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.01.25 14:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.01.25 14:07:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Google
[2013.01.25 14:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.24 20:20:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.01.24 20:11:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.01.24 20:11:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Samsung
[2013.01.24 20:11:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Samsung
[2013.01.24 20:11:16 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\samsung
[2013.01.24 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\Neuer Ordner
[2013.01.24 20:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.01.24 20:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.01.24 20:06:16 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013.01.24 20:06:14 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.01.24 20:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.24 20:04:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.24 20:03:31 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Downloaded Installations
[2013.01.21 18:27:22 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe
[2013.01.20 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Bluetooth Folder
[2013.01.20 17:11:05 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\ElevatedDiagnostics
[2013.01.20 17:04:55 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LenovoEMCStorageManager
[2013.01.20 17:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\LenovoEMCStorageManager
[2013.01.20 17:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoEMC
[2013.01.20 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LenovoEMC Storage Manager
[2013.01.20 16:39:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR
[2013.01.20 16:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.20 16:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.20 13:51:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\MSI
[2013.01.20 13:48:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\SafeSync
[2013.01.20 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Trend Micro
[2013.01.20 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Trend Micro
[2013.01.20 13:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.01.20 13:36:29 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Avira
[2013.01.20 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.01.20 13:31:17 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.01.20 13:31:17 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.01.20 13:31:17 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.01.20 13:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.01.20 13:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.01.20 13:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.01.20 13:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro SafeSync
[2013.01.20 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro SafeSync
[2013.01.20 13:18:18 | 000,000,000 | -H-D | C] -- C:\SuperChargerProfile
[2013.01.20 13:13:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.20 13:04:41 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.01.20 13:04:38 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.01.20 13:04:38 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.20 13:04:35 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.20 13:04:35 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.01.20 12:51:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.01.20 12:51:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.01.20 12:48:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.01.20 12:48:07 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.01.20 12:21:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.01.20 12:10:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.19 20:33:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.19 20:33:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.19 20:33:26 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.01.19 15:48:57 | 000,000,000 | -H-D | C] -- C:\msiFastBoot
[2013.01.19 15:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.19 15:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files
[2013.01.19 15:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.01.19 14:30:53 | 000,011,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\acpimof.dll
[2013.01.19 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\BMExplorer
[2013.01.19 14:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013.01.19 14:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.01.19 14:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.01.19 14:20:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield
[2013.01.19 14:20:03 | 000,171,808 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysNative\appinit_dll.dll
[2013.01.19 14:20:03 | 000,147,744 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysWow64\appinit_dll.dll
[2013.01.19 14:20:03 | 000,066,336 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys
[2013.01.19 14:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTU MVP
[2013.01.19 14:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lucidlogix Technologies
[2013.01.19 14:20:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Lucidlogix
[2013.01.19 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.19 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia
[2013.01.19 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe
[2013.01.19 14:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.19 14:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.19 14:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.19 14:19:23 | 000,032,360 | R--- | C] (NT Kernel Resources) -- C:\Windows\SysNative\drivers\ndisrd.sys
[2013.01.19 14:18:54 | 000,050,720 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2013.01.19 14:18:54 | 000,027,136 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2013.01.19 14:18:54 | 000,000,000 | ---D | C] -- C:\IM
[2013.01.19 14:18:00 | 000,000,000 | -H-D | C] -- C:\ControlCenterCount
[2013.01.19 14:17:08 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2013.01.19 14:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2013.01.19 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.01.19 14:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.01.19 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.01.19 14:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.01.19 14:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[2013.01.19 14:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI
[2013.01.19 14:06:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.19 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.19 14:06:00 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.01.19 14:06:00 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.19 14:06:00 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.19 14:06:00 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.19 14:06:00 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.19 14:05:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.19 14:05:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.19 14:05:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.19 14:05:55 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.19 14:05:55 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.19 14:05:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.19 14:05:45 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.01.19 14:05:32 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.19 14:05:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.19 14:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.19 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Atheros
[2013.01.19 13:57:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2013.01.19 13:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2013.01.19 13:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2013.01.19 13:57:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.19 13:56:22 | 000,676,968 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.01.19 13:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.19 13:56:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.19 13:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.01.19 13:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.01.19 13:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.01.19 13:54:49 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.01.19 13:54:49 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.01.19 13:53:45 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.01.19 13:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.19 13:53:39 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.19 13:53:26 | 000,000,000 | ---D | C] -- C:\MSI
[2013.01.19 13:36:45 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.19 13:36:45 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches
[2013.01.19 13:36:45 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.19 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities
[2013.01.19 13:36:39 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts
[2013.01.19 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore
[2013.01.19 13:36:36 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft
[2013.01.19 13:36:36 | 000,000,000 | RHSD | C] -- C:\Users\Pascal\Documents\Eigene Videos
[2013.01.19 13:36:36 | 000,000,000 | RHSD | C] -- C:\Users\Pascal\Documents\Eigene Musik
[2013.01.19 13:36:36 | 000,000,000 | RHSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop
[2013.01.19 13:36:36 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten
[2013.01.19 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten
[2013.01.19 13:36:36 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData
[2013.01.19 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp
[2013.01.19 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft
[2013.01.19 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.19 13:36:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.19 13:36:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.27 10:19:51 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.27 10:19:51 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.27 10:19:51 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.27 10:19:51 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.27 10:19:51 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.27 10:18:44 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 10:18:44 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.27 10:11:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.27 10:11:41 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RtlNetworkGenieVistaStart.job
[2013.01.27 10:11:40 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.01.27 10:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.27 10:11:34 | 4199,632,894 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.26 18:26:25 | 000,039,590 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer.rar
[2013.01.26 18:26:04 | 000,000,333 | ---- | M] () -- C:\Users\Pascal\Desktop\defogger_disable.rar
[2013.01.26 18:25:35 | 000,014,708 | ---- | M] () -- C:\Users\Pascal\Desktop\OTL.rar
[2013.01.26 18:22:56 | 000,001,062 | ---- | M] () -- C:\Users\Pascal\Desktop\Optimizer Pro.lnk
[2013.01.26 18:10:06 | 000,700,783 | ---- | M] (Swearware) -- C:\Users\Pascal\Desktop\dds+.exe
[2013.01.26 18:09:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe
[2013.01.26 18:05:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.26 18:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.26 17:37:02 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable
[2013.01.26 17:36:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.26 17:34:43 | 000,365,568 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer-2.0.18444.exe
[2013.01.26 17:33:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe
[2013.01.26 17:33:49 | 000,050,477 | ---- | M] () -- C:\Users\Pascal\Desktop\Defogger.exe
[2013.01.26 17:32:37 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Pascal\Desktop\aswMBR.exe
[2013.01.26 17:19:41 | 095,023,320 | ---- | M] () -- C:\ProgramData\648993.pad
[2013.01.25 14:08:28 | 000,002,289 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.24 20:11:16 | 000,000,579 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.24 20:11:16 | 000,000,569 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.24 20:05:55 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.21 17:37:11 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Live Update 5.lnk
[2013.01.20 17:04:55 | 000,001,225 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk
[2013.01.20 17:04:55 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
[2013.01.20 16:39:56 | 000,000,676 | ---- | M] () -- C:\Users\Pascal\Desktop\EVEREST Ultimate Edition.lnk
[2013.01.20 16:36:34 | 000,000,492 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.20 16:27:24 | 000,000,494 | ---- | M] () -- C:\Users\Pascal\Desktop\Lokaler Datenträger (D).lnk
[2013.01.20 16:19:34 | 000,001,062 | ---- | M] () -- C:\Users\Pascal\Desktop\Dokumente.lnk
[2013.01.20 13:51:21 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.20 13:31:19 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.20 13:27:48 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro SafeSync-Dateien.lnk
[2013.01.20 13:27:48 | 000,001,866 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk
[2013.01.19 20:35:03 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.19 20:35:03 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.19 15:52:55 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\ControlCenter.lnk
[2013.01.19 15:42:01 | 000,000,036 | ---- | M] () -- C:\Users\Pascal\AppData\Local\housecall.guid.cache
[2013.01.19 15:23:40 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.01.19 14:50:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.19 14:50:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.19 14:20:23 | 000,001,063 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
[2013.01.19 14:08:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.19 14:06:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2013.01.19 13:55:46 | 000,018,226 | ---- | M] () -- C:\Windows\SysNative\results.xml
 
========== Files Created - No Company Name ==========
 
[2013.01.26 18:26:25 | 000,039,590 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer.rar
[2013.01.26 18:26:04 | 000,000,333 | ---- | C] () -- C:\Users\Pascal\Desktop\defogger_disable.rar
[2013.01.26 18:25:35 | 000,014,708 | ---- | C] () -- C:\Users\Pascal\Desktop\OTL.rar
[2013.01.26 18:22:56 | 000,001,062 | ---- | C] () -- C:\Users\Pascal\Desktop\Optimizer Pro.lnk
[2013.01.26 18:05:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.26 17:34:43 | 000,365,568 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer-2.0.18444.exe
[2013.01.26 17:33:49 | 000,050,477 | ---- | C] () -- C:\Users\Pascal\Desktop\Defogger.exe
[2013.01.26 17:31:18 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable
[2013.01.26 16:50:47 | 095,023,320 | ---- | C] () -- C:\ProgramData\648993.pad
[2013.01.25 14:08:28 | 000,002,289 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.25 14:08:01 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.25 14:08:00 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 20:11:16 | 000,000,579 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.24 20:11:16 | 000,000,569 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.21 17:37:11 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Live Update 5.lnk
[2013.01.20 17:04:55 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk
[2013.01.20 17:04:55 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\LenovoEMC Storage Manager.lnk
[2013.01.20 16:36:34 | 000,000,492 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.20 16:27:24 | 000,000,494 | ---- | C] () -- C:\Users\Pascal\Desktop\Lokaler Datenträger (D).lnk
[2013.01.20 16:19:34 | 000,001,062 | ---- | C] () -- C:\Users\Pascal\Desktop\Dokumente.lnk
[2013.01.20 13:39:21 | 000,000,676 | ---- | C] () -- C:\Users\Pascal\Desktop\EVEREST Ultimate Edition.lnk
[2013.01.20 13:31:19 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.20 13:27:48 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro SafeSync-Dateien.lnk
[2013.01.20 13:27:48 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk
[2013.01.20 13:13:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.20 13:04:39 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.20 12:48:21 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2013.01.20 12:48:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.01.20 12:48:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.01.20 12:48:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.01.20 12:48:05 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.01.20 12:48:03 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013.01.20 12:48:03 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.01.19 20:34:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.19 20:34:56 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.19 20:33:46 | 4199,632,894 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.19 15:52:55 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\ControlCenter.lnk
[2013.01.19 15:47:13 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.19 15:44:06 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.01.19 15:42:01 | 000,000,036 | ---- | C] () -- C:\Users\Pascal\AppData\Local\housecall.guid.cache
[2013.01.19 15:23:43 | 000,007,195 | ---- | C] () -- C:\Windows\SysWow64\THXCfgUninstall32.ini
[2013.01.19 15:23:43 | 000,006,925 | ---- | C] () -- C:\Windows\SysWow64\THXCfg32.ini
[2013.01.19 14:59:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.01.19 14:50:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.19 14:50:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.19 14:45:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.19 14:21:03 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini
[2013.01.19 14:21:03 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini
[2013.01.19 14:21:03 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013.01.19 14:21:03 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013.01.19 14:21:03 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013.01.19 14:21:01 | 000,237,056 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.01.19 14:21:01 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.01.19 14:21:01 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.01.19 14:21:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.01.19 14:21:01 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.01.19 14:20:24 | 000,001,063 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
[2013.01.19 14:19:56 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2013.01.19 14:19:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013.01.19 14:19:27 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\RtlNetworkGenieVistaStart.job
[2013.01.19 14:08:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.19 14:06:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2013.01.19 13:55:46 | 000,018,226 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.01.19 13:54:49 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013.01.19 13:54:49 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013.01.19 13:54:49 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin
[2013.01.19 13:54:49 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013.01.19 13:54:49 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin
[2013.01.19 13:54:49 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2013.01.19 13:54:49 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2013.01.19 13:54:49 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2013.01.19 13:54:49 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2013.01.19 13:54:48 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013.01.19 13:54:48 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013.01.19 13:54:48 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013.01.19 13:36:47 | 000,001,405 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.19 13:36:46 | 000,001,439 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.03.07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.26 18:22:56 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Optimizer Pro
[2013.01.24 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Samsung
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
[/CODE]

mazda-89 · 27.01.2013, 11:01

Die GMER Datei ist zu lang es sind über 1500000 Zeichen und es dürfen aber nur 12000 deshalb die leider im anhang

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.01.2013 17:38:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,88 Gb Total Physical Memory | 13,78 Gb Available Physical Memory | 86,77% Memory free
31,76 Gb Paging File | 29,51 Gb Available in Paging File | 92,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,96 Gb Total Space | 11,14 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive D: | 59,18 Gb Total Space | 40,34 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 23,68 Gb Free Space | 40,41% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 97,43 Gb Free Space | 99,77% Space Free | Partition Type: NTFS
Drive G: | 76,63 Gb Total Space | 76,44 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive H: | 255,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DÖRFLER | User Name: Pascal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23C854C3-A04A-4C6C-996A-C2A536FE409B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{4A7F7E6C-8252-46A1-8C82-5A5589AAAA2C}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe | 
"TCP Query User{A82F32CD-5666-4904-A5B8-13C2DA121459}D:\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=d:\iomega storage manager\iomegastoragemanager.exe | 
"TCP Query User{EFDF74A3-2CF2-4658-85DB-165EB48EF030}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe | 
"UDP Query User{2A780DCC-5F8F-4F2D-8BA3-2ECB14DD01A7}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe | 
"UDP Query User{96A33D7C-5BF6-4190-AB4D-4542DA711DBE}D:\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=d:\iomega storage manager\iomegastoragemanager.exe | 
"UDP Query User{9CC50A20-A120-40FE-B0E0-460315DD0EE0}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HFRS_is1" = Trend Micro SafeSync
"LenovoEMC Storage Manager" = LenovoEMC Storage Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VIRTU MVP_is1" = VIRTU MVP 2.1.112
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1" = Fast Boot
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F025E3A-3074-48A3-A8F3-78E735739491}_is1" = MSI SUITE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1" = ControlCenter
"{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1" = TeamingGenie
"{B05F7750-8800-4520-9732-9C841246C8E2}_is1" = OTPService
"{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}" = NetworkGenie
"{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1" = CLICKBIOSII
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudioGenie_is1" = AudioGenie
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Google Chrome" = Google Chrome
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.01.2013 11:44:30 | Computer Name = Dörfler | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 26.01.2013 11:44:32 | Computer Name = Dörfler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
 Zeitstempel: 0x50c5c348  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x1290  Startzeit der fehlerhaften Anwendung: 0x01cdfbdc0796ec1a  Pfad der
 fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 4678fdeb-67cf-11e2-9336-00268339f3cb
 
Error - 26.01.2013 11:52:07 | Computer Name = ***** | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 26.01.2013 11:52:09 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
 Zeitstempel: 0x50c5c348  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0xd18  Startzeit der fehlerhaften Anwendung: 0x01cdfbdd15c84dbc  Pfad der
 fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 56dcb119-67d0-11e2-8127-000000c00000
 
Error - 26.01.2013 11:55:47 | Computer Name = ***** | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 26.01.2013 11:55:48 | Computer Name = *****| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
 Zeitstempel: 0x50c5c348  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x13d8  Startzeit der fehlerhaften Anwendung: 0x01cdfbdd9b06ea15  Pfad der
 fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: d96d3a67-67d0-11e2-9253-000000b20000
 
Error - 26.01.2013 11:56:21 | Computer Name = Dörfler | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 26.01.2013 11:56:21 | Computer Name = Dörfler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
 Zeitstempel: 0x50c5c348  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x1414  Startzeit der fehlerhaften Anwendung: 0x01cdfbddaf7e2046  Pfad der
 fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: ed53c739-67d0-11e2-9253-000000b20000
 
Error - 26.01.2013 12:23:00 | Computer Name = Dörfler | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 26.01.2013 12:23:02 | Computer Name = Dörfler | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSI SUITE.exe, Version: 1.0.27.0,
 Zeitstempel: 0x50c5c348  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x11c8  Startzeit der fehlerhaften Anwendung: 0x01cdfbe1686a5390  Pfad der
 fehlerhaften Anwendung: C:\MSI\MSI SUITE\MSI SUITE.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a759ac03-67d4-11e2-8db1-000000b20000
 
[ System Events ]
Error - 26.01.2013 11:52:00 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 26.01.2013 11:55:30 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 26.01.2013 12:20:08 | Computer Name = Dörfler | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avipbb  avkmgr  discache  spldr  Wanarpv6
 
Error - 26.01.2013 12:20:08 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 12:20:13 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 12:20:14 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 12:20:15 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 12:20:36 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 21  
 
Error - 26.01.2013 12:22:00 | Computer Name = Dörfler | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2013 12:22:56 | Computer Name = Dörfler | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
 
< End of report >

--- --- ---

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** ::  [Administrator]

Schutz: Aktiviert

26.01.2013 18:15:04
mbam-log-2013-01-26 (18-15-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206630
Laufzeit: 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

DDS Logfile:
DDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Pascal at 10:24:23 on 2013-01-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16263.13820 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\MSI\OTPService\OTPService.exe
C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe
C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
D:\Kies\Kies.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files\Trend Micro SafeSync\hrfscore.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\Kies\KiesTrayAgent.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [KiesPreload] D:\Kies\Kies.exe /preload
uRun: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup
uRun: [] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
mRun: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [MSI Suite] C:\MSI\MSI SUITE\StartMSISuite.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe
StartupFolder: C:\Users\Pascal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BERWAC~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRENDM~1.LNK - C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{24A35A1A-EDFA-4609-8991-839864433C03} : DHCPNameServer = 192.168.2.1
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-20 19264]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-1-20 27800]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-1-19 32360]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-20 85280]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-20 109344]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-5-15 119424]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-1-20 99912]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-19 164736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-26 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-26 682344]
R2 MSI_ComCenService;MSI_ComCenService;C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [2013-1-20 75280]
R2 MSI_FastBoot;MSI_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [2013-1-19 103992]
R2 MSI_OTPService;MSI_OTPService;C:\Program Files (x86)\MSI\OTPService\OTPService.exe [2013-1-19 252432]
R2 MSI_SuiteCharger;MSI_SuiteCharger;C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [2013-1-20 122936]
R2 MSI_SuiteFastBoot;MSI_SuiteFastBoot;C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [2013-1-20 105016]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-1-19 143416]
R2 MSIFileSyncMonitor;MSI FileSync Monitor;C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [2013-1-20 10752]
R2 PCloudd;PCloudd;C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2012-12-12 221048]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2013-1-19 27136]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-19 363904]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-5-15 36480]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-5-15 260224]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-5-15 109696]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-5-15 29824]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-5-15 166528]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-5-15 283776]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-5-15 290944]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-1-19 160256]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-19 331264]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-20 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-20 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-26 24176]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-1-19 32344]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-1-19 13368]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-1-21 14136]
R3 NTIOLib_1_0_D;NTIOLib_1_0_D;C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [2013-1-20 11080]
R3 NTIOLib_1_0_T;NTIOLib_1_0_T;C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [2013-1-19 14136]
R3 NTIOLib_1_1_S;NTIOLib_1_1_S;C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [2013-1-20 13368]
R3 NTIOLib_FastBoot;NTIOLib_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [2013-1-19 13368]
R3 NTIOLib_SuiteFB;NTIOLib_SuiteFB;C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys [2013-1-20 13368]
R3 OnlineStorageService;OnlineStorageService;C:\Program Files\Trend Micro SafeSync\hrfscore.exe [2013-1-20 7908664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-19 676968]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2011-11-21 101376]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2011-11-21 217088]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-1-19 66336]
R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2012-9-9 20048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-5-15 52352]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7751vH60\NTIOLib_X64.sys [2011-1-6 11888]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;C:\MSI\MSI SUITE\NTIOLib_X64.sys [2013-1-20 11888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-19 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2013-1-19 50720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-20 59392]
.
=============== Created Last 30 ================
.
2013-01-26 17:22:56	--------	d-----w-	C:\Users\Pascal\AppData\Roaming\Optimizer Pro
2013-01-26 17:22:55	--------	d-----w-	C:\Program Files (x86)\Optimizer Pro
2013-01-26 17:06:01	--------	d-----w-	C:\Users\Pascal\AppData\Roaming\Malwarebytes
2013-01-26 17:05:55	24176	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-01-26 17:05:55	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-01-26 17:05:55	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 17:05:45	--------	d-----w-	C:\Users\Pascal\AppData\Local\Programs
2013-01-26 16:26:21	9161176	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{584F40A4-1BE2-4A2A-81E7-9C2A3631C7A9}\mpengine.dll
2013-01-25 13:07:59	--------	d-----w-	C:\Users\Pascal\AppData\Local\Google
2013-01-24 19:11:17	--------	d-----w-	C:\Users\Pascal\AppData\Roaming\Samsung
2013-01-24 19:11:17	--------	d-----w-	C:\Users\Pascal\AppData\Local\Samsung
2013-01-24 19:06:16	4659712	----a-w-	C:\Windows\SysWow64\Redemption.dll
2013-01-24 19:06:14	821824	----a-w-	C:\Windows\SysWow64\dgderapi.dll
2013-01-24 19:06:08	--------	d-----w-	C:\ProgramData\Samsung
2013-01-24 19:03:31	--------	d-----w-	C:\Users\Pascal\AppData\Local\Downloaded Installations
2013-01-22 15:59:10	9161176	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-21 17:27:22	--------	d-----w-	C:\Users\Pascal\AppData\Local\Adobe
2013-01-21 16:17:02	55296	----a-w-	C:\Windows\System32\dhcpcsvc6.dll
2013-01-21 16:17:02	44032	----a-w-	C:\Windows\SysWow64\dhcpcsvc6.dll
2013-01-21 16:17:02	226816	----a-w-	C:\Windows\System32\dhcpcore6.dll
2013-01-21 16:17:02	193536	----a-w-	C:\Windows\SysWow64\dhcpcore6.dll
2013-01-21 16:17:01	950128	----a-w-	C:\Windows\System32\drivers\ndis.sys
2013-01-21 16:17:01	41472	----a-w-	C:\Windows\System32\drivers\RNDISMP.sys
2013-01-21 16:13:56	68608	----a-w-	C:\Windows\System32\taskhost.exe
2013-01-20 16:11:05	--------	d-----w-	C:\Users\Pascal\AppData\Local\ElevatedDiagnostics
2013-01-20 16:04:55	--------	d-----w-	C:\Users\Pascal\AppData\Local\LenovoEMCStorageManager
2013-01-20 16:04:55	--------	d-----w-	C:\ProgramData\LenovoEMCStorageManager
2013-01-20 16:04:27	--------	d-----w-	C:\Program Files (x86)\LenovoEMC Storage Manager
2013-01-20 12:48:25	--------	d-----w-	C:\Users\Pascal\AppData\Roaming\Trend Micro
2013-01-20 12:48:25	--------	d-----w-	C:\Users\Pascal\AppData\Local\Trend Micro
2013-01-20 12:48:25	--------	d-----r-	C:\Users\Pascal\SafeSync
2013-01-20 12:36:29	--------	d-----w-	C:\Users\Pascal\AppData\Roaming\Avira
2013-01-20 12:31:17	99912	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
2013-01-20 12:31:17	27800	----a-w-	C:\Windows\System32\drivers\avkmgr.sys
2013-01-20 12:31:16	--------	d-----w-	C:\ProgramData\Avira
2013-01-20 12:31:16	--------	d-----w-	C:\Program Files (x86)\Avira
2013-01-20 12:27:48	--------	d-----w-	C:\ProgramData\boost_interprocess
2013-01-20 12:27:43	--------	d-----w-	C:\Program Files\Trend Micro SafeSync
2013-01-20 12:18:18	--------	d--h--w-	C:\SuperChargerProfile
2013-01-20 12:13:20	74248	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-20 12:13:20	697864	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-20 12:05:32	789824	----a-w-	C:\Windows\System32\drivers\iusb3xhc.sys
2013-01-20 12:05:32	357184	----a-w-	C:\Windows\System32\drivers\iusb3hub.sys
2013-01-20 12:05:32	19264	----a-w-	C:\Windows\System32\drivers\iusb3hcs.sys
2013-01-20 11:51:18	--------	d-----w-	C:\Windows\System32\SPReview
2013-01-20 11:51:11	--------	d-----w-	C:\Windows\System32\EventProviders
2013-01-20 11:47:58	529408	----a-w-	C:\Windows\System32\wbemcomn.dll
2013-01-20 11:47:58	244736	----a-w-	C:\Windows\System32\sqmapi.dll
2013-01-20 11:47:58	244736	----a-w-	C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-01-20 11:38:18	279656	------w-	C:\Windows\System32\MpSigStub.exe
2013-01-20 11:21:06	--------	d-----w-	C:\Windows\System32\appmgmt
2013-01-19 19:33:26	--------	d-----w-	C:\Windows\Panther
2013-01-19 15:11:13	62784	----a-w-	C:\Windows\System32\drivers\HECIx64.sys
2013-01-19 14:55:50	902656	----a-w-	C:\Windows\System32\d2d1.dll
2013-01-19 14:55:50	739840	----a-w-	C:\Windows\SysWow64\d2d1.dll
2013-01-19 14:55:50	1139200	----a-w-	C:\Windows\System32\FntCache.dll
2013-01-19 14:48:57	--------	d--h--w-	C:\msiFastBoot
2013-01-19 14:35:39	--------	d-----w-	C:\Program Files (x86)\Setup Files
2013-01-19 14:28:37	--------	d-----w-	C:\Windows\SysWow64\wbem\en-US
2013-01-19 14:28:36	--------	d-----w-	C:\Windows\System32\wbem\en-US
2013-01-19 14:23:50	--------	d-----w-	C:\ProgramData\Trend Micro
2013-01-19 14:23:43	24576	------w-	C:\Windows\SysWow64\THXCfg32.dll
2013-01-19 14:23:43	132096	------w-	C:\Windows\SysWow64\THXCfg32.exe
2013-01-19 13:59:01	9728	----a-w-	C:\Windows\System32\Wdfres.dll
2013-01-19 13:59:01	785512	----a-w-	C:\Windows\System32\drivers\Wdf01000.sys
2013-01-19 13:59:01	54376	----a-w-	C:\Windows\System32\drivers\WdfLdr.sys
2013-01-19 13:59:01	2560	----a-w-	C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-01-19 13:51:55	294912	----a-w-	C:\Windows\System32\browserchoice.exe
2013-01-19 13:46:18	70656	----a-w-	C:\Windows\SysWow64\fontsub.dll
2013-01-19 13:46:18	46080	----a-w-	C:\Windows\System32\atmlib.dll
2013-01-19 13:46:18	367616	----a-w-	C:\Windows\System32\atmfd.dll
2013-01-19 13:46:18	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2013-01-19 13:46:18	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2013-01-19 13:46:18	100864	----a-w-	C:\Windows\System32\fontsub.dll
2013-01-19 13:45:56	87040	----a-w-	C:\Windows\System32\drivers\WUDFPf.sys
2013-01-19 13:45:56	84992	----a-w-	C:\Windows\System32\WUDFSvc.dll
2013-01-19 13:45:56	744448	----a-w-	C:\Windows\System32\WUDFx.dll
2013-01-19 13:45:56	45056	----a-w-	C:\Windows\System32\WUDFCoinstaller.dll
2013-01-19 13:45:56	229888	----a-w-	C:\Windows\System32\WUDFHost.exe
2013-01-19 13:45:56	198656	----a-w-	C:\Windows\System32\drivers\WUDFRd.sys
2013-01-19 13:45:56	194048	----a-w-	C:\Windows\System32\WUDFPlatform.dll
2013-01-19 13:44:00	81408	----a-w-	C:\Windows\System32\imagehlp.dll
2013-01-19 13:44:00	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2013-01-19 13:44:00	5120	----a-w-	C:\Windows\System32\wmi.dll
2013-01-19 13:44:00	23408	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2013-01-19 13:44:00	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2013-01-19 13:42:09	1544704	----a-w-	C:\Windows\System32\DWrite.dll
2013-01-19 13:42:09	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2013-01-19 13:42:07	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-01-19 13:42:06	3968880	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-19 13:42:06	3914096	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-01-19 13:40:48	1731920	----a-w-	C:\Windows\System32\ntdll.dll
2013-01-19 13:40:48	1292080	----a-w-	C:\Windows\SysWow64\ntdll.dll
2013-01-19 13:37:32	77312	----a-w-	C:\Windows\System32\packager.dll
2013-01-19 13:37:32	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2013-01-19 13:30:53	11832	----a-w-	C:\Windows\acpimof.dll
2013-01-19 13:29:41	--------	d-----w-	C:\Users\Pascal\AppData\Local\BMExplorer
2013-01-19 13:29:31	--------	d-----w-	C:\ProgramData\Atheros
2013-01-19 13:21:07	90112	------w-	C:\Windows\Updreg.EXE
2013-01-19 13:21:03	26624	------w-	C:\Windows\System32\THXCfg64.dll
2013-01-19 13:21:03	141312	------w-	C:\Windows\System32\THXCfg64.exe
2013-01-19 13:21:03	11264	------w-	C:\Windows\SysWow64\ResDefA.exe
2013-01-19 13:21:01	89088	----a-w-	C:\Windows\System32\CmdRtr64.DLL
2013-01-19 13:21:01	73728	----a-w-	C:\Windows\SysWow64\CmdRtr.DLL
2013-01-19 13:21:01	237056	----a-w-	C:\Windows\System32\APOMgr64.DLL
2013-01-19 13:21:01	182272	----a-w-	C:\Windows\SysWow64\APOMngr.DLL
2013-01-19 13:21:00	--------	d-----w-	C:\Program Files (x86)\Creative
2013-01-19 13:19:23	32360	----a-r-	C:\Windows\System32\drivers\ndisrd.sys
2013-01-19 13:18:54	50720	----a-w-	C:\Windows\System32\drivers\RtTeam60.sys
2013-01-19 13:18:54	27136	----a-w-	C:\Windows\System32\drivers\RtNdPt60.sys
2013-01-19 13:18:54	--------	d-----w-	C:\IM
2013-01-19 13:18:00	--------	d--h--w-	C:\ControlCenterCount
2013-01-19 13:17:08	--------	d-----w-	C:\Users\Pascal\AppData\Local\CrashDumps
2013-01-19 13:07:34	8192	----a-w-	C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-01-19 13:07:10	--------	d-----w-	C:\Program Files (x86)\Common Files\postureAgent
2013-01-19 13:06:33	--------	d-----w-	C:\Program Files (x86)\MSI
2013-01-19 13:06:08	--------	d-----w-	C:\Windows\SysWow64\RTCOM
2013-01-19 13:06:08	--------	d-----w-	C:\Program Files\Realtek
2013-01-19 13:06:01	32344	----a-w-	C:\Windows\System32\drivers\MBfilt64.sys
2013-01-19 13:06:00	518896	----a-w-	C:\Windows\System32\SRSTSX64.dll
2013-01-19 13:06:00	2605400	----a-w-	C:\Windows\System32\WavesGUILib.dll
2013-01-19 13:06:00	211184	----a-w-	C:\Windows\System32\SRSTSH64.dll
2013-01-19 13:06:00	198896	----a-w-	C:\Windows\System32\SRSHP64.dll
2013-01-19 13:06:00	155888	----a-w-	C:\Windows\System32\SRSWOW64.dll
2013-01-19 13:01:33	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2013-01-19 13:01:33	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2013-01-19 13:01:33	20992	----a-w-	C:\Windows\System32\drivers\rdpvideominiport.sys
2013-01-19 13:01:33	162816	----a-w-	C:\Windows\System32\rdpudd.dll
2013-01-19 13:01:33	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2013-01-19 12:59:50	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2013-01-19 12:59:49	99840	----a-w-	C:\Windows\System32\wudriver.dll
2013-01-19 12:59:49	36864	----a-w-	C:\Windows\System32\wuapp.exe
2013-01-19 12:59:49	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2013-01-19 12:57:23	--------	d-----w-	C:\Users\Pascal\AppData\Roaming\Atheros
2013-01-19 12:57:19	--------	d-----w-	C:\Program Files (x86)\Common Files\Atheros
2013-01-19 12:57:18	--------	d-----w-	C:\Program Files (x86)\Bluetooth Suite
2013-01-19 12:57:10	--------	d-sh--w-	C:\Windows\Installer
2013-01-19 12:56:22	74344	----a-w-	C:\Windows\System32\RtNicProp64.dll
2013-01-19 12:56:22	676968	----a-w-	C:\Windows\System32\drivers\Rt64win7.sys
2013-01-19 12:56:22	107624	----a-w-	C:\Windows\System32\RTNUninst64.dll
2013-01-19 12:56:17	--------	d-----w-	C:\Program Files (x86)\Realtek
2013-01-19 12:55:01	--------	d-----w-	C:\Program Files\Common Files\Intel
2013-01-19 12:53:45	53248	----a-w-	C:\Windows\SysWow64\CSVer.dll
2013-01-19 12:53:39	--------	d-----w-	C:\Intel
2013-01-19 12:53:26	--------	d-----w-	C:\MSI
.
==================== Find3M  ====================
.
2013-01-20 12:24:54	175616	----a-w-	C:\Windows\System32\msclmd.dll
2013-01-20 12:24:54	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2012-12-18 09:06:10	90112	----a-w-	C:\Windows\MAMCityDownload.ocx
2012-12-07 13:20:16	441856	----a-w-	C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31	2746368	----a-w-	C:\Windows\System32\gameux.dll
2012-12-07 12:26:17	308736	----a-w-	C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43	2576384	----a-w-	C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04	30720	----a-w-	C:\Windows\System32\usk.rs
2012-12-07 11:20:03	43520	----a-w-	C:\Windows\System32\csrr.rs
2012-12-07 11:20:03	23552	----a-w-	C:\Windows\System32\oflc.rs
2012-12-07 11:20:01	45568	----a-w-	C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01	44544	----a-w-	C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01	20480	----a-w-	C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00	20480	----a-w-	C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59	20480	----a-w-	C:\Windows\System32\pegi.rs
2012-12-07 11:19:58	46592	----a-w-	C:\Windows\System32\fpb.rs
2012-12-07 11:19:57	40960	----a-w-	C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57	21504	----a-w-	C:\Windows\System32\grb.rs
2012-12-07 11:19:57	15360	----a-w-	C:\Windows\System32\djctq.rs
2012-12-07 11:19:56	55296	----a-w-	C:\Windows\System32\cero.rs
2012-12-07 11:19:55	51712	----a-w-	C:\Windows\System32\esrb.rs
2012-11-30 05:45:35	362496	----a-w-	C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35	243200	----a-w-	C:\Windows\System32\wow64.dll
2012-11-30 05:45:35	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14	215040	----a-w-	C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48	338432	----a-w-	C:\Windows\System32\conhost.exe
2012-11-30 02:44:06	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03	2048	----a-w-	C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31	3149824	----a-w-	C:\Windows\System32\win32k.sys
2012-11-22 05:44:23	800768	----a-w-	C:\Windows\System32\usp10.dll
2012-11-22 04:45:03	626688	----a-w-	C:\Windows\SysWow64\usp10.dll
2012-11-20 18:13:10	4213904	----a-w-	C:\Windows\System32\drivers\RTKVHD64.sys
2012-11-20 16:32:44	118928	----a-w-	C:\Windows\System32\RCoInstII64.dll
2012-11-20 05:48:49	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09	220160	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-11-19 17:18:06	2714720	----a-w-	C:\Windows\System32\FMAPO64.dll
2012-11-15 13:07:20	628064	----a-w-	C:\Windows\System32\MBTHX64.dll
2012-11-15 13:07:18	563552	----a-w-	C:\Windows\SysWow64\MBTHX32.dll
2012-11-13 17:56:22	3673232	----a-w-	C:\Windows\System32\RtkAPO64.dll
2012-11-09 05:45:32	750592	----a-w-	C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-11-09 04:43:04	492032	----a-w-	C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11	478208	----a-w-	C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31	376832	----a-w-	C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42	2002432	----a-w-	C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42	1882624	----a-w-	C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54	1389568	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 10:24:31,06 ===============

--- --- ---

--- --- ---

Code:

ATTFilter

 .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 19.01.2013 13:36:34
System Uptime: 27.01.2013 10:11:31 (0 hours ago)
.
Motherboard: MSI |  | Z77 MPower (MS-7751)
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | SOCKET 0 | 2485/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 10,947 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 40,344 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 23,677 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 97,434 GiB free.
G: is FIXED (NTFS) - 77 GiB total, 76,44 GiB free.
H: is CDROM (CDFS)
Y: is NetworkDisk (NTFS) - 1843 GiB total, 160,712 GiB free.
Z: is NetworkDisk (NTFS) - 1843 GiB total, 160,712 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2-Maus
Device ID: ACPI\MSFT0003\4&34A1A1BF&0
Manufacturer: Microsoft
Name: Microsoft PS/2-Maus
PNP Device ID: ACPI\MSFT0003\4&34A1A1BF&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP19: 26.01.2013 17:26:17 - Windows Update
.
==== Installed Programs ======================
.
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9
AudioGenie
Avira Free Antivirus
Bluetooth Win7 Suite (64)
CLICKBIOSII
ControlCenter
EasyViewer
EVEREST Ultimate Edition v5.50
Fast Boot
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
LenovoEMC Storage Manager
Live Update 5
Malwarebytes Anti-Malware Version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSI SUITE
MyFreeCodec
NetworkGenie
Optimizer Pro v3.0
OTPService
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Super-Charger
TeamingGenie
THX TruStudio Pro
Trend Micro SafeSync
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VideoGenie
VIRTU MVP 2.1.112
VLC media player 2.0.5
Winki
WinRAR 4.20 (32-bit)
WinRAR 4.20 (64-Bit)
.
==== End Of File ===========================

Code:

ATTFilter

 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-27 10:25:14
-----------------------------
10:25:14.086    OS Version: Windows x64 6.1.7601 Service Pack 1
10:25:14.086    Number of processors: 8 586 0x3A09
10:25:14.086    ComputerName: DÖRFLER  UserName: Pascal
10:25:14.197    Initialize success
10:25:26.850    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:25:26.852    Disk 0 Vendor: Samsung_SSD_840_PRO_Series DXM03B0Q Size: 122104MB BusType: 11
10:25:26.855    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:26.857    Disk 1 Vendor: SAMSUNG_SP2504C VT100-50 Size: 238475MB BusType: 11
10:25:26.862    Disk 0 MBR read successfully
10:25:26.865    Disk 0 MBR scan
10:25:26.869    Disk 0 Windows 7 default MBR code
10:25:26.872    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:25:26.876    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        61400 MB offset 206848
10:25:26.879    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        60602 MB offset 125954048
10:25:26.882    Disk 0 scanning C:\Windows\system32\drivers
10:25:27.564    Service scanning
10:25:29.391    Modules scanning
10:25:29.401    Disk 0 trace - called modules:
10:25:29.408    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
10:25:29.415    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cfbd790]
10:25:29.421    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ca33060]
10:25:29.428    Scan finished successfully
10:25:35.894    Disk 0 MBR has been saved successfully to "C:\Users\Pascal\Desktop\MBR.dat"
10:25:35.901    The log file has been saved successfully to "C:\Users\Pascal\Desktop\aswMBR.txt"

cosinus · 27.01.2013, 13:58

Zitat:

Microsoft Windows 7 Ultimate

Wo zu hast du denn ein Win7 Ultimate?

mazda-89 · 27.01.2013, 14:38

War drauf habe ihn komplett gekauft.

Könnte ich auch einfach den pc komplett formatiren? Müsste ich dann nichts weiter machen? Was für Programe gibt es als Schutz für solche Angriffe. Mfg

cosinus · 28.01.2013, 10:36

Zitat:

Könnte ich auch einfach den pc komplett formatiren?

Ja aber was denn jetzt? Bereinigung oder Neuinstallation? Beides geht nicht!

Zitat:

Was für Programe gibt es als Schutz für solche Angriffe. Mfg

Du solltest dich von dem Irrtum verabschieden, dass man komplett alles an Sicherheit an einer Software delegieren kann!

mazda-89 · 28.01.2013, 17:11

Hallo ich habe jetzt einfach den PC komplett formatiert.
Somit ist bestimmt sicherzustellen das alles weg ist.
Da ich keine wichtigen Daten auf dem PC hatte ist es nicht schlimm gewesen.
Zum Thema Software gibt es Programme die man empfehlen könnte?

cosinus · 28.01.2013, 17:18

Zitat:

Zum Thema Software gibt es Programme die man empfehlen könnte?

Thema Software - Programme?!

Ein Programm ist Software

Kannst du deine Frage mal konkretisieren?

GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?

Plagegeister aller Art und deren Bekämpfung: GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?