| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.02.2013, 02:51
| #1 |
 |  W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Hallo liebes Trojaner-Board Team, wie der Titel schon sagt habe ich mir anscheinend einen Virus oder ähnliches eingefangen :/. Ich hoffe ihr könnt mir helfen diesen schnellst möglich wieder zu beseitigen  . |
|
12.02.2013, 10:35
| #2 |
| /// TB-Ausbilder   | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld. Aus deinem Anhang konnte ich die OTL.txt und die Extras.txt lesen, den Rest nicht. Kannst du die übrigen vorhandenen Logfiles bitte nochmals nachreichen. Poste die Logfiles jeweils bitte direkt (innerhalb von code-tags) in den Thread und hänge sie nicht an.
__________________ |
|
12.02.2013, 13:39
| #3 |
| | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Wow das ging ja schnell! Sorry wegen den Logfiles hier nochmal alle:
__________________Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-12 13:32:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC44 931,51GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\awdiapod.sys
---- User code sections - GMER 2.0 ----
.reloc C:\Windows\system32\services.exe [660] section is executable [0x4A8, 0xA0000020] 0000000100052000
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ba1401 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ba1419 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ba1431 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ba144a 2 bytes [BA, 75]
.text ... * 9
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ba14dd 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ba14f5 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ba150d 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ba1525 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ba153d 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ba1555 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ba156d 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ba1585 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ba159d 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ba15b5 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ba15cd 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ba16b2 2 bytes [BA, 75]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[1204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ba16bd 2 bytes [BA, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000732f17fa 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000732f1860 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000732f1942 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000732f194d 2 bytes [2F, 73]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[2576] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076fb87b1 5 bytes [33, C0, C2, 04, 00]
---- Threads - GMER 2.0 ----
Thread C:\Windows\system32\services.exe [660:748] 00000000002a1e58
Thread C:\Windows\system32\services.exe [660:852] 00000000002b1808
Thread C:\Windows\system32\services.exe [660:860] 00000000002d4960
Thread C:\Windows\system32\services.exe [660:872] 00000000002d4430
Thread C:\Windows\system32\services.exe [660:876] 00000000002d8c50
Thread C:\Windows\system32\services.exe [660:880] 00000000002d4060
---- Processes - GMER 2.0 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [596] 000007fefdc10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [956] 000007fefdc10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [156] 000007fefdc10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 000007fefdc10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1164] 000007fefdc10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1408] 000007fefdc10000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1744] 0000000072d00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ D:\Hamachi\hamachi-2.exe [1812] 000007fefdc10000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2028] 0000000072d00000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ D:\Malwarebytes' Anti-Malware\mbamservice.exe [1204] 0000000072d00000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrA.exe [1580] 0000000072d00000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2108] 0000000072d00000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2576] 0000000072d00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2384] 000007fefdc10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wermgr.exe [3944] 000007fefdc10000
---- Files - GMER 2.0 ----
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_865baacafd4cdab4043d973ba2fc413d746dc3_cab_067e92dc 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.3724.dmp 0 bytes
---- EOF - GMER 2.0 ----
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.11.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: GAMING-PC [Administrator] Schutz: Aktiviert 12.02.2013 00:56:39 MBAM-log-2013-02-12 (01-32-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 395318 Laufzeit: 30 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Pascal\Desktop\Anderes Zeug\PerX\PerX.exe (HackTool.Agent) -> Keine Aktion durchgeführt. C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000032.@ (Trojan.Clicker) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 12.02.2013 01:35:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,70 Gb Total Physical Memory | 5,60 Gb Available Physical Memory | 72,73% Memory free 15,40 Gb Paging File | 13,20 Gb Available in Paging File | 85,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 8,10 Gb Free Space | 10,39% Space Free | Partition Type: NTFS Drive D: | 853,39 Gb Total Space | 794,27 Gb Free Space | 93,07% Space Free | Partition Type: NTFS Computer Name: GAMING-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.02.07 14:03:31 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.26 20:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ========== Modules (No Company Name) ========== MOD - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2013.02.08 21:10:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll MOD - [2013.02.08 21:10:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll MOD - [2013.02.08 12:02:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.08 12:02:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.02.08 12:02:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.08 12:02:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.08 12:02:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.08 12:01:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.08 12:01:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.08 12:01:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2013.02.11 23:29:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.07 16:00:55 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.06 17:34:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.12 00:55:30 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.17 19:39:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.07.08 15:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 59 68 34 FF 02 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{B53D59EC-52C9-4e86-B240-F4C3220FAFBC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java2\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.04 19:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions [2013.02.10 01:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions [2013.02.10 01:29:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com [2013.02.07 18:57:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\firefox\profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.06 17:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 17:34:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java2\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java2\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [zASRockInstantBoot] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DDA3A0-17BC-4F24-A5C0-7CAC9B5427EF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956FAE59-CBA2-402C-AD51-E75D0A27FF5E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2b42becb-6f1f-11e2-9675-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2b42becb-6f1f-11e2-9675-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 00:35:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes [2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 00:35:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.12 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs [2013.02.11 23:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2013.02.11 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0 [2013.02.11 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Gordonsys_2.0 [2013.02.11 20:00:39 | 005,570,048 | ---- | C] (Gordonsys 2.0) -- C:\Users\Pascal\Desktop\Gordonsys 2.0.exe [2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar [2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\B1E [2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Cross Fire [2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\CFLog [2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.02.10 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PMB Files [2013.02.10 23:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.02.10 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.02.10 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\SCE [2013.02.10 17:23:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\libimobiledevice [2013.02.10 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PunkBuster [2013.02.10 02:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Origin [2013.02.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Origin [2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.02.08 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net [2013.02.07 21:39:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.02.07 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.07 17:49:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps [2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks [2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.06 17:40:33 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.02.06 17:40:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.02.06 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.06 17:23:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\TP-LINK [2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK [2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK [2013.02.06 17:18:24 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.02.06 17:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.02.05 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2013.02.05 21:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2013.02.05 21:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2013.02.05 20:38:20 | 000,000,000 | ---D | C] -- C:\Download [2013.02.05 20:38:08 | 000,000,000 | ---D | C] -- C:\Nexon [2013.02.05 20:38:07 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2013.02.05 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LogMeIn Hamachi [2013.02.05 20:09:50 | 000,000,000 | ---D | C] -- C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4} [2013.02.05 19:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3 [2013.02.05 19:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2013.02.05 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Skype [2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.05 17:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.05 17:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.02.05 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.02.05 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\World of Warcraft [2013.02.05 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.05 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\.minecraft [2013.02.05 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.02.05 16:21:06 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe [2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.02.05 16:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.02.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.05 00:04:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.02.05 00:04:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.02.05 00:03:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.02.04 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\GTA San Andreas User Files [2013.02.04 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.04 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Diagnostics [2013.02.04 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Avira [2013.02.04 19:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.04 19:57:53 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.04 19:57:53 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.04 19:57:53 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Apple Computer [2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple Computer [2013.02.04 19:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.04 19:38:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.04 19:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.04 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple [2013.02.04 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.02.04 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.02.04 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Macromedia [2013.02.04 19:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.02.04 19:21:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Mozilla [2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Mozilla [2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\ASRock [2013.02.04 19:04:57 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe [2013.02.04 18:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013.02.04 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop [2013.02.04 18:39:08 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2013.02.04 18:39:08 | 001,491,456 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2013.02.04 18:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2013.02.04 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM [2013.02.04 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.02.04 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.02.04 18:30:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} [2013.02.04 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\DeviceVm [2013.02.04 18:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.02.04 18:30:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso [2013.02.04 18:30:18 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Cyberlink [2013.02.04 18:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.02.04 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2013.02.04 18:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.02.04 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia [2013.02.04 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe [2013.02.04 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.02.04 18:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.02.04 18:27:55 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2013.02.04 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock [2013.02.04 18:27:49 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.02.04 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET [2013.02.04 18:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB [2013.02.04 18:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB [2013.02.04 18:27:37 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys [2013.02.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility [2013.02.04 18:27:34 | 000,017,192 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys [2013.02.04 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [2013.02.04 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility [2013.02.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Intel Corporation [2013.02.04 18:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.02.04 18:25:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.02.04 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.02.04 18:23:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.02.04 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield [2013.02.04 18:22:14 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.04 18:21:43 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.04 18:21:43 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.04 18:21:43 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.04 18:21:43 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.04 18:21:43 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.04 18:21:42 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.04 18:21:42 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.04 18:21:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.04 18:21:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.04 18:21:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.04 18:21:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.04 18:21:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.02.04 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.04 18:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.04 18:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.02.04 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013.02.04 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013.02.04 18:19:44 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.04 18:19:43 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.04 18:14:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.02.04 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.02.04 18:14:30 | 000,000,000 | ---D | C] -- C:\Intel [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.04 18:12:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities [2013.02.04 18:12:15 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts [2013.02.04 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore [2013.02.04 18:12:06 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Videos [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Musik [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten [2013.02.04 18:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.12 01:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable [2013.02.12 01:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.12 01:03:25 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 01:03:25 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 01:02:24 | 001,618,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.12 01:02:24 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.12 01:02:24 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.12 01:02:24 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.12 01:02:24 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.12 00:55:44 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.12 00:55:30 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.12 00:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.12 00:55:20 | 1905,799,167 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 00:35:15 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 22:48:54 | 000,000,438 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.02.11 18:56:45 | 000,000,256 | ---- | M] () -- C:\aim [2013.02.11 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.11 01:30:19 | 001,391,616 | ---- | M] () -- C:\Windows\Win.dll [2013.02.10 23:58:34 | 000,000,708 | ---- | M] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk [2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 01:09:11 | 000,000,524 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.02.09 01:07:02 | 000,007,605 | ---- | M] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg [2013.02.08 17:22:11 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013.02.08 11:54:39 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.08 11:39:08 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.07 16:24:06 | 000,000,202 | ---- | M] () -- C:\Users\Pascal\Desktop\Arctic Combat.url [2013.02.07 15:58:34 | 000,000,538 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.06 17:22:42 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2013.02.06 17:18:20 | 000,000,527 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.05 21:28:22 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2013.02.05 20:38:08 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2013.02.05 20:38:07 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2013.02.05 19:12:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.02.05 17:39:56 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 17:30:23 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.02.05 16:20:58 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe [2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.02.04 19:57:54 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.04 19:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.04 19:38:35 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.04 19:16:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.04 18:29:11 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2013.02.04 18:27:55 | 000,000,003 | ---- | M] () -- C:\Users\Pascal\AppData\Local\user_data.ini [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.02.04 18:27:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.04 18:24:02 | 000,018,330 | ---- | M] () -- C:\Windows\SysNative\results.xml [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.12 01:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable [2013.02.12 00:35:15 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 01:24:55 | 001,391,616 | ---- | C] () -- C:\Windows\Win.dll [2013.02.11 00:11:12 | 000,000,256 | ---- | C] () -- C:\aim [2013.02.10 23:58:34 | 000,000,708 | ---- | C] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk [2013.02.10 02:25:34 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 02:16:22 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 02:16:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 01:09:11 | 000,000,524 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.02.09 01:07:02 | 000,007,605 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg [2013.02.08 17:22:11 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013.02.07 19:14:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.07 16:24:06 | 000,000,202 | ---- | C] () -- C:\Users\Pascal\Desktop\Arctic Combat.url [2013.02.07 15:58:34 | 000,000,538 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.06 17:40:50 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.02.06 17:40:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.02.06 17:40:19 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.02.06 17:22:42 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2013.02.05 21:55:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.05 21:41:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.05 21:28:22 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2013.02.05 20:38:08 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2013.02.05 20:26:51 | 000,000,527 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.05 19:12:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.02.05 17:39:56 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 17:30:23 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.02.05 17:05:48 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.05 00:08:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.05 00:08:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.05 00:04:08 | 1905,799,167 | -HS- | C] () -- C:\hiberfil.sys [2013.02.04 19:57:54 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.04 19:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.04 19:38:35 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.04 19:38:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.04 19:21:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 19:16:38 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.04 19:16:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.04 18:39:08 | 000,137,691 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2013.02.04 18:39:08 | 000,007,756 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2013.02.04 18:30:36 | 000,001,404 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk [2013.02.04 18:29:12 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini [2013.02.04 18:29:12 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini [2013.02.04 18:29:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2013.02.04 18:29:11 | 000,246,784 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2013.02.04 18:29:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.02.04 18:29:11 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2013.02.04 18:29:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.02.04 18:29:11 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2013.02.04 18:28:50 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk [2013.02.04 18:27:55 | 000,000,003 | ---- | C] () -- C:\Users\Pascal\AppData\Local\user_data.ini [2013.02.04 18:27:20 | 000,034,752 | ---- | C] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.04 18:27:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.04 18:25:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.04 18:25:49 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.04 18:25:38 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.02.04 18:24:02 | 000,018,330 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013.02.04 18:22:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013.02.04 18:21:43 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.02.04 18:21:42 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.04 18:19:44 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2013.02.04 18:19:44 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2013.02.04 18:19:44 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2013.02.04 18:19:43 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin [2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin [2013.02.04 18:19:43 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2013.02.04 18:19:43 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2013.02.04 18:19:43 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2013.02.04 18:19:43 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2013.02.04 18:12:29 | 000,001,409 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.04 18:12:26 | 000,001,443 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\@ [2013.02.12 00:55:23 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L [2013.02.12 01:38:33 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U [2013.02.12 00:55:23 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\00000004.@ [2013.02.12 00:54:40 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000004.@ [2013.02.12 00:54:41 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@ [2013.02.12 00:55:29 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@ [2013.02.12 00:54:40 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000000.@ [2013.02.12 00:54:41 | 000,083,456 | ---- | M] () -- C:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000064.@ [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.02.12 00:55:23 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.02.12 00:55:23 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.09 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft [2013.02.11 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar [2013.02.04 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeviceVm [2013.02.12 00:53:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0 [2013.02.10 01:12:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin [2013.02.06 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TP-LINK [2013.02.08 20:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 01:35:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,70 Gb Total Physical Memory | 5,60 Gb Available Physical Memory | 72,73% Memory free
15,40 Gb Paging File | 13,20 Gb Available in Paging File | 85,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 8,10 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive D: | 853,39 Gb Total Space | 794,27 Gb Free Space | 93,07% Space Free | Partition Type: NTFS
Computer Name: GAMING-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TP-LINK TL-WN851ND Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.248
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Avira AntiVir Desktop" = Avira Antivirus Premium
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms EU" = Combat Arms EU
"Crossfire Europe" = Crossfire Europe
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 212370" = Arctic Combat
"World of Warcraft" = World of Warcraft
"XFastUSB" = XFastUSB
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.02.2013 20:32:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0xc5c Startzeit der fehlerhaften Anwendung: 0x01ce08b872203d7f Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: afdfd361-74ab-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:33:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0xe70 Startzeit der fehlerhaften Anwendung: 0x01ce08b89608b349 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: d3ba00ea-74ab-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:34:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: 80000032.@_unloaded, Version:
0.0.0.0, Zeitstempel: 0x50cb9164 Ausnahmecode: 0xc0000005 Fehleroffset: 0x012ab690
ID
des fehlerhaften Prozesses: 0x928 Startzeit der fehlerhaften Anwendung: 0x01ce08b8b9e4b593
Pfad
der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften
Moduls: 80000032.@ Berichtskennung: f79d2755-74ab-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:35:32 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0xa38 Startzeit der fehlerhaften Anwendung: 0x01ce08b8ddc6baed Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 1b78088e-74ac-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:36:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0x3b0 Startzeit der fehlerhaften Anwendung: 0x01ce08b901a3d66e Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 3f57856f-74ac-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:37:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0x194 Startzeit der fehlerhaften Anwendung: 0x01ce08b925803e48 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 632cc928-74ac-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:38:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: 80000032.@_unloaded, Version:
0.0.0.0, Zeitstempel: 0x50cb9164 Ausnahmecode: 0xc0000005 Fehleroffset: 0x012ab690
ID
des fehlerhaften Prozesses: 0x3f4 Startzeit der fehlerhaften Anwendung: 0x01ce08b949610353
Pfad
der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften
Moduls: 80000032.@ Berichtskennung: 8714b255-74ac-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:39:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0x524 Startzeit der fehlerhaften Anwendung: 0x01ce08b96d3e1ed4 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: aaeaa9b5-74ac-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:40:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0x888 Startzeit der fehlerhaften Anwendung: 0x01ce08b99112aedc Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: cec65ddd-74ac-11e2-9ab2-8c49cb21fc6b
Error - 11.02.2013 20:41:33 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74bcc9f1 ID des fehlerhaften
Prozesses: 0x420 Startzeit der fehlerhaften Anwendung: 0x01ce08b9b4f22bbd Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: f29eb69d-74ac-11e2-9ab2-8c49cb21fc6b
[ System Events ]
Error - 11.02.2013 18:54:44 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 11.02.2013 18:54:46 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 11.02.2013 18:54:46 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 11.02.2013 18:55:02 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 11.02.2013 18:55:02 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.02.2013 19:55:28 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 11.02.2013 19:55:30 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 11.02.2013 19:55:33 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 11.02.2013 19:56:00 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 11.02.2013 19:56:00 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
12.02.2013, 14:29
| #4 |
| /// TB-Ausbilder | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Hallo Elmox und Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Da hast du dir das ZeroAccess Rootkit eingefangen.. Schritt 1 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
12.02.2013, 14:43
| #5 |
| | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)Code:
ATTFilter 14:41:52.0947 1296 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:41:53.0165 1296 ============================================================
14:41:53.0165 1296 Current date / time: 2013/02/12 14:41:53.0165
14:41:53.0165 1296 SystemInfo:
14:41:53.0165 1296
14:41:53.0165 1296 OS Version: 6.1.7601 ServicePack: 1.0
14:41:53.0165 1296 Product type: Workstation
14:41:53.0165 1296 ComputerName: GAMING-PC
14:41:53.0165 1296 UserName: Pascal
14:41:53.0165 1296 Windows directory: C:\Windows
14:41:53.0165 1296 System windows directory: C:\Windows
14:41:53.0165 1296 Running under WOW64
14:41:53.0165 1296 Processor architecture: Intel x64
14:41:53.0165 1296 Number of processors: 4
14:41:53.0165 1296 Page size: 0x1000
14:41:53.0165 1296 Boot type: Normal boot
14:41:53.0165 1296 ============================================================
14:41:53.0571 1296 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:41:53.0851 1296 ============================================================
14:41:53.0851 1296 \Device\Harddisk0\DR0:
14:41:53.0851 1296 MBR partitions:
14:41:53.0851 1296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:41:53.0851 1296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0D800
14:41:53.0851 1296 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x6AAC6000
14:41:53.0851 1296 ============================================================
14:41:54.0101 1296 C: <-> \Device\Harddisk0\DR0\Partition2
14:41:54.0117 1296 D: <-> \Device\Harddisk0\DR0\Partition3
14:41:54.0117 1296 ============================================================
14:41:54.0117 1296 Initialize success
14:41:54.0117 1296 ============================================================
14:42:10.0091 2288 ============================================================
14:42:10.0091 2288 Scan started
14:42:10.0091 2288 Mode: Manual;
14:42:10.0091 2288 ============================================================
14:42:10.0216 2288 ================ Scan system memory ========================
14:42:10.0216 2288 System memory - ok
14:42:10.0216 2288 ================ Scan services =============================
14:42:10.0309 2288 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:42:10.0309 2288 1394ohci - ok
14:42:10.0341 2288 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:42:10.0341 2288 ACPI - ok
14:42:10.0356 2288 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:42:10.0356 2288 AcpiPmi - ok
14:42:10.0403 2288 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:42:10.0419 2288 AdobeARMservice - ok
14:42:10.0497 2288 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:42:10.0512 2288 AdobeFlashPlayerUpdateSvc - ok
14:42:10.0543 2288 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:42:10.0559 2288 adp94xx - ok
14:42:10.0559 2288 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:42:10.0575 2288 adpahci - ok
14:42:10.0575 2288 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:42:10.0575 2288 adpu320 - ok
14:42:10.0606 2288 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:42:10.0606 2288 AeLookupSvc - ok
14:42:10.0637 2288 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:42:10.0653 2288 AFD - ok
14:42:10.0668 2288 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:42:10.0668 2288 agp440 - ok
14:42:10.0684 2288 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:42:10.0684 2288 ALG - ok
14:42:10.0699 2288 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:42:10.0699 2288 aliide - ok
14:42:10.0699 2288 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:42:10.0699 2288 amdide - ok
14:42:10.0715 2288 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:42:10.0715 2288 AmdK8 - ok
14:42:10.0715 2288 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:42:10.0715 2288 AmdPPM - ok
14:42:10.0731 2288 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:42:10.0731 2288 amdsata - ok
14:42:10.0746 2288 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:42:10.0746 2288 amdsbs - ok
14:42:10.0762 2288 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:42:10.0762 2288 amdxata - ok
14:42:10.0793 2288 [ B73EB5109193A4BACE8520B79DD77B25 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
14:42:10.0809 2288 AntiVirMailService - ok
14:42:10.0809 2288 [ 44E76CC89F7E38B3C31F000A4E566856 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:42:10.0824 2288 AntiVirSchedulerService - ok
14:42:10.0824 2288 [ 3FE1CDD4DCF5D42DDBD6F1A3F83B5D3A ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:42:10.0840 2288 AntiVirService - ok
14:42:10.0855 2288 [ 4B46FED191BEB6EAFED88DE90E97A7DB ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:42:10.0871 2288 AntiVirWebService - ok
14:42:10.0887 2288 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:42:10.0902 2288 AppID - ok
14:42:10.0902 2288 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:42:10.0902 2288 AppIDSvc - ok
14:42:10.0918 2288 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:42:10.0933 2288 Appinfo - ok
14:42:10.0965 2288 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:42:10.0965 2288 Apple Mobile Device - ok
14:42:10.0965 2288 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:42:10.0980 2288 arc - ok
14:42:10.0980 2288 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:42:10.0980 2288 arcsas - ok
14:42:11.0027 2288 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:42:11.0043 2288 aspnet_state - ok
14:42:11.0058 2288 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
14:42:11.0058 2288 AsrAppCharger - ok
14:42:11.0074 2288 [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk C:\Windows\system32\DRIVERS\AsrRamDisk.sys
14:42:11.0074 2288 AsrRamDisk - ok
14:42:11.0089 2288 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:11.0105 2288 AsyncMac - ok
14:42:11.0121 2288 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:42:11.0121 2288 atapi - ok
14:42:11.0167 2288 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:42:11.0183 2288 athr - ok
14:42:11.0214 2288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:42:11.0230 2288 AudioEndpointBuilder - ok
14:42:11.0230 2288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:42:11.0245 2288 AudioSrv - ok
14:42:11.0261 2288 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:42:11.0277 2288 avgntflt - ok
14:42:11.0292 2288 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:42:11.0292 2288 avipbb - ok
14:42:11.0308 2288 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:42:11.0308 2288 avkmgr - ok
14:42:11.0339 2288 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:42:11.0339 2288 AxInstSV - ok
14:42:11.0355 2288 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:42:11.0370 2288 b06bdrv - ok
14:42:11.0370 2288 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:42:11.0386 2288 b57nd60a - ok
14:42:11.0401 2288 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:42:11.0417 2288 BDESVC - ok
14:42:11.0417 2288 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:42:11.0417 2288 Beep - ok
14:42:11.0433 2288 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:11.0433 2288 blbdrive - ok
14:42:11.0448 2288 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:42:11.0448 2288 bowser - ok
14:42:11.0464 2288 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:42:11.0464 2288 BrFiltLo - ok
14:42:11.0464 2288 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:42:11.0464 2288 BrFiltUp - ok
14:42:11.0495 2288 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:42:11.0495 2288 Browser - ok
14:42:11.0511 2288 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:42:11.0526 2288 Brserid - ok
14:42:11.0526 2288 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:11.0526 2288 BrSerWdm - ok
14:42:11.0526 2288 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:11.0542 2288 BrUsbMdm - ok
14:42:11.0542 2288 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:11.0542 2288 BrUsbSer - ok
14:42:11.0542 2288 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:42:11.0557 2288 BTHMODEM - ok
14:42:11.0573 2288 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:42:11.0573 2288 bthserv - ok
14:42:11.0573 2288 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:42:11.0589 2288 cdfs - ok
14:42:11.0604 2288 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:42:11.0604 2288 cdrom - ok
14:42:11.0635 2288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:42:11.0651 2288 CertPropSvc - ok
14:42:11.0651 2288 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:42:11.0651 2288 circlass - ok
14:42:11.0667 2288 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:42:11.0682 2288 CLFS - ok
14:42:11.0729 2288 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:11.0729 2288 clr_optimization_v2.0.50727_32 - ok
14:42:11.0745 2288 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:42:11.0760 2288 clr_optimization_v2.0.50727_64 - ok
14:42:11.0807 2288 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:42:11.0807 2288 clr_optimization_v4.0.30319_32 - ok
14:42:11.0823 2288 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:42:11.0838 2288 clr_optimization_v4.0.30319_64 - ok
14:42:11.0838 2288 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:42:11.0838 2288 CmBatt - ok
14:42:11.0869 2288 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:42:11.0869 2288 cmdide - ok
14:42:11.0901 2288 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:42:11.0916 2288 CNG - ok
14:42:11.0916 2288 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:42:11.0932 2288 Compbatt - ok
14:42:11.0947 2288 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:42:11.0947 2288 CompositeBus - ok
14:42:11.0963 2288 COMSysApp - ok
14:42:12.0041 2288 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:42:12.0041 2288 cphs - ok
14:42:12.0057 2288 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:42:12.0072 2288 crcdisk - ok
14:42:12.0088 2288 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:42:12.0103 2288 CryptSvc - ok
14:42:12.0119 2288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:42:12.0135 2288 DcomLaunch - ok
14:42:12.0150 2288 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:42:12.0166 2288 defragsvc - ok
14:42:12.0181 2288 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:42:12.0181 2288 DfsC - ok
14:42:12.0197 2288 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:42:12.0213 2288 Dhcp - ok
14:42:12.0213 2288 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:42:12.0213 2288 discache - ok
14:42:12.0228 2288 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:42:12.0228 2288 Disk - ok
14:42:12.0244 2288 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:42:12.0259 2288 Dnscache - ok
14:42:12.0275 2288 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:42:12.0291 2288 dot3svc - ok
14:42:12.0306 2288 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:42:12.0306 2288 DPS - ok
14:42:12.0337 2288 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:42:12.0337 2288 drmkaud - ok
14:42:12.0369 2288 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:42:12.0384 2288 DXGKrnl - ok
14:42:12.0400 2288 EagleX64 - ok
14:42:12.0400 2288 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:42:12.0415 2288 EapHost - ok
14:42:12.0478 2288 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:42:12.0525 2288 ebdrv - ok
14:42:12.0540 2288 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:42:12.0540 2288 EFS - ok
14:42:12.0571 2288 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:42:12.0587 2288 ehRecvr - ok
14:42:12.0603 2288 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:42:12.0618 2288 ehSched - ok
14:42:12.0634 2288 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:42:12.0649 2288 elxstor - ok
14:42:12.0665 2288 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:42:12.0681 2288 ErrDev - ok
14:42:12.0696 2288 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:42:12.0712 2288 EventSystem - ok
14:42:12.0712 2288 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:42:12.0727 2288 exfat - ok
14:42:12.0790 2288 FairplayKD - ok
14:42:12.0790 2288 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:42:12.0805 2288 fastfat - ok
14:42:12.0837 2288 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:42:12.0837 2288 Fax - ok
14:42:12.0852 2288 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:42:12.0852 2288 fdc - ok
14:42:12.0868 2288 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:42:12.0868 2288 fdPHost - ok
14:42:12.0868 2288 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:42:12.0883 2288 FDResPub - ok
14:42:12.0883 2288 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:42:12.0883 2288 FileInfo - ok
14:42:12.0883 2288 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:42:12.0899 2288 Filetrace - ok
14:42:12.0899 2288 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:12.0899 2288 flpydisk - ok
14:42:12.0915 2288 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:42:12.0930 2288 FltMgr - ok
14:42:12.0946 2288 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
14:42:12.0946 2288 FNETURPX - ok
14:42:12.0977 2288 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:42:12.0993 2288 FontCache - ok
14:42:13.0039 2288 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:42:13.0039 2288 FontCache3.0.0.0 - ok
14:42:13.0039 2288 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:42:13.0055 2288 FsDepends - ok
14:42:13.0071 2288 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:42:13.0071 2288 Fs_Rec - ok
14:42:13.0086 2288 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:42:13.0102 2288 fvevol - ok
14:42:13.0102 2288 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:42:13.0102 2288 gagp30kx - ok
14:42:13.0117 2288 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:42:13.0117 2288 GEARAspiWDM - ok
14:42:13.0133 2288 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:42:13.0149 2288 gpsvc - ok
14:42:13.0180 2288 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
14:42:13.0180 2288 hamachi - ok
14:42:13.0211 2288 Hamachi2Svc - ok
14:42:13.0227 2288 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:42:13.0227 2288 hcw85cir - ok
14:42:13.0258 2288 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:42:13.0273 2288 HdAudAddService - ok
14:42:13.0289 2288 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:42:13.0289 2288 HDAudBus - ok
14:42:13.0289 2288 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:42:13.0289 2288 HidBatt - ok
14:42:13.0305 2288 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:42:13.0305 2288 HidBth - ok
14:42:13.0305 2288 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:42:13.0320 2288 HidIr - ok
14:42:13.0336 2288 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:42:13.0336 2288 hidserv - ok
14:42:13.0351 2288 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:42:13.0351 2288 HidUsb - ok
14:42:13.0367 2288 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:42:13.0383 2288 hkmsvc - ok
14:42:13.0383 2288 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:42:13.0398 2288 HomeGroupListener - ok
14:42:13.0414 2288 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:42:13.0429 2288 HomeGroupProvider - ok
14:42:13.0445 2288 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:42:13.0445 2288 HpSAMD - ok
14:42:13.0461 2288 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:42:13.0476 2288 HTTP - ok
14:42:13.0492 2288 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:42:13.0492 2288 hwpolicy - ok
14:42:13.0507 2288 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:42:13.0507 2288 i8042prt - ok
14:42:13.0539 2288 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:42:13.0539 2288 iaStor - ok
14:42:13.0585 2288 [ 1F35EFEC56CD1BF62435EAF97EABC3B3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:42:13.0585 2288 IAStorDataMgrSvc - ok
14:42:13.0617 2288 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:42:13.0617 2288 iaStorV - ok
14:42:13.0648 2288 [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
14:42:13.0663 2288 ICCS - ok
14:42:13.0679 2288 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:42:13.0710 2288 idsvc - ok
14:42:13.0773 2288 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:42:13.0851 2288 igfx - ok
14:42:13.0866 2288 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:42:13.0866 2288 iirsp - ok
14:42:13.0897 2288 [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
14:42:13.0897 2288 ikbevent - ok
14:42:13.0929 2288 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:42:13.0944 2288 IKEEXT - ok
14:42:13.0960 2288 [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
14:42:13.0960 2288 imsevent - ok
14:42:14.0022 2288 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:42:14.0038 2288 IntcAzAudAddService - ok
14:42:14.0069 2288 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:42:14.0069 2288 IntcDAud - ok
14:42:14.0116 2288 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:42:14.0131 2288 Intel(R) Capability Licensing Service Interface - ok
14:42:14.0178 2288 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
14:42:14.0178 2288 Intel(R) ME Service - ok
14:42:14.0194 2288 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:42:14.0194 2288 intelide - ok
14:42:14.0194 2288 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:42:14.0194 2288 intelppm - ok
14:42:14.0225 2288 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:42:14.0225 2288 IPBusEnum - ok
14:42:14.0241 2288 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:14.0256 2288 IpFilterDriver - ok
14:42:14.0272 2288 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:42:14.0272 2288 IPMIDRV - ok
14:42:14.0287 2288 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:42:14.0287 2288 IPNAT - ok
14:42:14.0334 2288 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:42:14.0350 2288 iPod Service - ok
14:42:14.0350 2288 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:42:14.0350 2288 IRENUM - ok
14:42:14.0365 2288 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:42:14.0365 2288 isapnp - ok
14:42:14.0381 2288 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:42:14.0381 2288 iScsiPrt - ok
14:42:14.0412 2288 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
14:42:14.0412 2288 ISCT - ok
14:42:14.0428 2288 [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
14:42:14.0443 2288 ISCTAgent - ok
14:42:14.0459 2288 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:42:14.0459 2288 iusb3hcs - ok
14:42:14.0490 2288 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
14:42:14.0490 2288 iusb3hub - ok
14:42:14.0521 2288 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:42:14.0537 2288 iusb3xhc - ok
14:42:14.0553 2288 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:42:14.0568 2288 jhi_service - ok
14:42:14.0568 2288 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:42:14.0568 2288 kbdclass - ok
14:42:14.0599 2288 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:42:14.0599 2288 kbdhid - ok
14:42:14.0615 2288 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:42:14.0615 2288 KeyIso - ok
14:42:14.0662 2288 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:42:14.0677 2288 KMWDFILTER - ok
14:42:14.0693 2288 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:42:14.0709 2288 KSecDD - ok
14:42:14.0724 2288 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:42:14.0724 2288 KSecPkg - ok
14:42:14.0740 2288 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:42:14.0740 2288 ksthunk - ok
14:42:14.0755 2288 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:42:14.0771 2288 KtmRm - ok
14:42:14.0787 2288 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:42:14.0802 2288 LanmanServer - ok
14:42:14.0818 2288 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:42:14.0833 2288 LanmanWorkstation - ok
14:42:14.0833 2288 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:42:14.0833 2288 lltdio - ok
14:42:14.0865 2288 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:42:14.0865 2288 lltdsvc - ok
14:42:14.0880 2288 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:42:14.0880 2288 lmhosts - ok
14:42:14.0896 2288 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:42:14.0896 2288 LMS - ok
14:42:14.0911 2288 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:42:14.0911 2288 LSI_FC - ok
14:42:14.0911 2288 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:42:14.0927 2288 LSI_SAS - ok
14:42:14.0927 2288 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:42:14.0927 2288 LSI_SAS2 - ok
14:42:14.0943 2288 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:42:14.0943 2288 LSI_SCSI - ok
14:42:14.0958 2288 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:42:14.0958 2288 luafv - ok
14:42:14.0989 2288 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:42:15.0005 2288 MBAMProtector - ok
14:42:15.0036 2288 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:42:15.0036 2288 MBAMScheduler - ok
14:42:15.0067 2288 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService D:\Malwarebytes' Anti-Malware\mbamservice.exe
14:42:15.0067 2288 MBAMService - ok
14:42:15.0099 2288 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
14:42:15.0099 2288 MBfilt - ok
14:42:15.0130 2288 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:42:15.0130 2288 Mcx2Svc - ok
14:42:15.0130 2288 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:42:15.0145 2288 megasas - ok
14:42:15.0145 2288 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:42:15.0161 2288 MegaSR - ok
14:42:15.0177 2288 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:42:15.0177 2288 MEIx64 - ok
14:42:15.0192 2288 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:42:15.0208 2288 MMCSS - ok
14:42:15.0208 2288 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:42:15.0223 2288 Modem - ok
14:42:15.0223 2288 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:42:15.0223 2288 monitor - ok
14:42:15.0239 2288 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:42:15.0239 2288 mouclass - ok
14:42:15.0255 2288 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:42:15.0255 2288 mouhid - ok
14:42:15.0255 2288 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:42:15.0270 2288 mountmgr - ok
14:42:15.0301 2288 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:42:15.0317 2288 MozillaMaintenance - ok
14:42:15.0333 2288 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:42:15.0348 2288 mpio - ok
14:42:15.0348 2288 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:42:15.0364 2288 mpsdrv - ok
14:42:15.0379 2288 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:42:15.0379 2288 MRxDAV - ok
14:42:15.0411 2288 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:15.0411 2288 mrxsmb - ok
14:42:15.0426 2288 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:15.0442 2288 mrxsmb10 - ok
14:42:15.0457 2288 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:15.0457 2288 mrxsmb20 - ok
14:42:15.0473 2288 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:42:15.0489 2288 msahci - ok
14:42:15.0489 2288 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:42:15.0504 2288 msdsm - ok
14:42:15.0520 2288 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:42:15.0520 2288 MSDTC - ok
14:42:15.0535 2288 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:42:15.0535 2288 Msfs - ok
14:42:15.0551 2288 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:42:15.0551 2288 mshidkmdf - ok
14:42:15.0551 2288 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:42:15.0567 2288 msisadrv - ok
14:42:15.0582 2288 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:42:15.0582 2288 MSiSCSI - ok
14:42:15.0582 2288 msiserver - ok
14:42:15.0613 2288 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:42:15.0613 2288 MSKSSRV - ok
14:42:15.0613 2288 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:15.0613 2288 MSPCLOCK - ok
14:42:15.0613 2288 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:42:15.0629 2288 MSPQM - ok
14:42:15.0645 2288 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:42:15.0645 2288 MsRPC - ok
14:42:15.0676 2288 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:42:15.0676 2288 mssmbios - ok
14:42:15.0676 2288 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:42:15.0676 2288 MSTEE - ok
14:42:15.0676 2288 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:42:15.0691 2288 MTConfig - ok
14:42:15.0691 2288 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:42:15.0691 2288 Mup - ok
14:42:15.0707 2288 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:42:15.0723 2288 napagent - ok
14:42:15.0754 2288 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:42:15.0754 2288 NativeWifiP - ok
14:42:15.0801 2288 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:42:15.0801 2288 NDIS - ok
14:42:15.0816 2288 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:42:15.0816 2288 NdisCap - ok
14:42:15.0832 2288 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:15.0832 2288 NdisTapi - ok
14:42:15.0863 2288 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:15.0863 2288 Ndisuio - ok
14:42:15.0894 2288 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:15.0894 2288 NdisWan - ok
14:42:15.0910 2288 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:42:15.0910 2288 NDProxy - ok
14:42:15.0925 2288 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:42:15.0925 2288 NetBIOS - ok
14:42:15.0941 2288 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:42:15.0941 2288 NetBT - ok
14:42:15.0957 2288 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:42:15.0957 2288 Netlogon - ok
14:42:15.0988 2288 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:42:16.0003 2288 Netman - ok
14:42:16.0035 2288 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0035 2288 NetMsmqActivator - ok
14:42:16.0050 2288 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0050 2288 NetPipeActivator - ok
14:42:16.0066 2288 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:42:16.0066 2288 netprofm - ok
14:42:16.0081 2288 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0081 2288 NetTcpActivator - ok
14:42:16.0081 2288 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:42:16.0081 2288 NetTcpPortSharing - ok
14:42:16.0097 2288 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:42:16.0097 2288 nfrd960 - ok
14:42:16.0113 2288 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:42:16.0113 2288 NlaSvc - ok
14:42:16.0128 2288 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:42:16.0128 2288 Npfs - ok
14:42:16.0128 2288 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:42:16.0144 2288 nsi - ok
14:42:16.0144 2288 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:42:16.0144 2288 nsiproxy - ok
14:42:16.0191 2288 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:42:16.0206 2288 Ntfs - ok
14:42:16.0222 2288 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:42:16.0222 2288 Null - ok
14:42:16.0237 2288 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:42:16.0237 2288 nvraid - ok
14:42:16.0253 2288 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:42:16.0269 2288 nvstor - ok
14:42:16.0269 2288 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:42:16.0269 2288 nv_agp - ok
14:42:16.0284 2288 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:42:16.0284 2288 ohci1394 - ok
14:42:16.0300 2288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:42:16.0315 2288 p2pimsvc - ok
14:42:16.0331 2288 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:42:16.0347 2288 p2psvc - ok
14:42:16.0347 2288 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:42:16.0362 2288 Parport - ok
14:42:16.0378 2288 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:42:16.0393 2288 partmgr - ok
14:42:16.0409 2288 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:42:16.0409 2288 PcaSvc - ok
14:42:16.0425 2288 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:42:16.0440 2288 pci - ok
14:42:16.0440 2288 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:42:16.0456 2288 pciide - ok
14:42:16.0456 2288 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:42:16.0471 2288 pcmcia - ok
14:42:16.0487 2288 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:42:16.0487 2288 pcw - ok
14:42:16.0487 2288 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:42:16.0503 2288 PEAUTH - ok
14:42:16.0565 2288 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:42:16.0565 2288 PerfHost - ok
14:42:16.0612 2288 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:42:16.0643 2288 pla - ok
14:42:16.0674 2288 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:42:16.0690 2288 PlugPlay - ok
14:42:16.0705 2288 PnkBstrA - ok
14:42:16.0705 2288 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:42:16.0721 2288 PNRPAutoReg - ok
14:42:16.0721 2288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:42:16.0721 2288 PNRPsvc - ok
14:42:16.0737 2288 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:42:16.0752 2288 PolicyAgent - ok
14:42:16.0768 2288 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:42:16.0768 2288 Power - ok
14:42:16.0783 2288 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:42:16.0783 2288 PptpMiniport - ok
14:42:16.0783 2288 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:42:16.0799 2288 Processor - ok
14:42:16.0815 2288 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:42:16.0830 2288 ProfSvc - ok
14:42:16.0830 2288 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:42:16.0830 2288 ProtectedStorage - ok
14:42:16.0861 2288 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:42:16.0861 2288 Psched - ok
14:42:16.0908 2288 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:42:16.0924 2288 ql2300 - ok
14:42:16.0924 2288 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:42:16.0939 2288 ql40xx - ok
14:42:16.0939 2288 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:42:16.0955 2288 QWAVE - ok
14:42:16.0955 2288 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:42:16.0955 2288 QWAVEdrv - ok
14:42:16.0971 2288 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:42:16.0971 2288 RasAcd - ok
14:42:16.0986 2288 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:42:17.0002 2288 RasAgileVpn - ok
14:42:17.0017 2288 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:42:17.0017 2288 RasAuto - ok
14:42:17.0033 2288 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:17.0033 2288 Rasl2tp - ok
14:42:17.0064 2288 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:42:17.0080 2288 RasMan - ok
14:42:17.0080 2288 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:17.0080 2288 RasPppoe - ok
14:42:17.0095 2288 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:42:17.0095 2288 RasSstp - ok
14:42:17.0111 2288 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:42:17.0111 2288 rdbss - ok
14:42:17.0127 2288 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:42:17.0127 2288 rdpbus - ok
14:42:17.0142 2288 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:17.0142 2288 RDPCDD - ok
14:42:17.0158 2288 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:42:17.0158 2288 RDPENCDD - ok
14:42:17.0158 2288 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:42:17.0158 2288 RDPREFMP - ok
14:42:17.0205 2288 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:42:17.0205 2288 RdpVideoMiniport - ok
14:42:17.0220 2288 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:42:17.0236 2288 RDPWD - ok
14:42:17.0251 2288 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:42:17.0267 2288 rdyboost - ok
14:42:17.0298 2288 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:42:17.0298 2288 RemoteAccess - ok
14:42:17.0314 2288 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:42:17.0329 2288 RemoteRegistry - ok
14:42:17.0329 2288 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:42:17.0345 2288 RpcEptMapper - ok
14:42:17.0345 2288 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:42:17.0361 2288 RpcLocator - ok
14:42:17.0376 2288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:42:17.0376 2288 RpcSs - ok
14:42:17.0376 2288 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:42:17.0376 2288 rspndr - ok
14:42:17.0407 2288 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:42:17.0423 2288 RTL8167 - ok
14:42:17.0454 2288 [ 4CE333AC701C4BD2E3EFF721C0DB2526 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
14:42:17.0470 2288 RTL8192su - ok
14:42:17.0485 2288 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:42:17.0485 2288 SamSs - ok
14:42:17.0532 2288 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:42:17.0532 2288 sbp2port - ok
14:42:17.0548 2288 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:42:17.0563 2288 SCardSvr - ok
14:42:17.0579 2288 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:42:17.0595 2288 scfilter - ok
14:42:17.0626 2288 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:42:17.0641 2288 Schedule - ok
14:42:17.0657 2288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:42:17.0657 2288 SCPolicySvc - ok
14:42:17.0657 2288 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:42:17.0673 2288 SDRSVC - ok
14:42:17.0673 2288 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:42:17.0673 2288 secdrv - ok
14:42:17.0688 2288 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:42:17.0704 2288 seclogon - ok
14:42:17.0704 2288 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:42:17.0719 2288 SENS - ok
14:42:17.0719 2288 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:42:17.0735 2288 SensrSvc - ok
14:42:17.0735 2288 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:42:17.0735 2288 Serenum - ok
14:42:17.0751 2288 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:42:17.0751 2288 Serial - ok
14:42:17.0766 2288 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:42:17.0766 2288 sermouse - ok
14:42:17.0797 2288 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:42:17.0797 2288 SessionEnv - ok
14:42:17.0813 2288 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:42:17.0829 2288 sffdisk - ok
14:42:17.0829 2288 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:42:17.0844 2288 sffp_mmc - ok
14:42:17.0844 2288 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:42:17.0844 2288 sffp_sd - ok
14:42:17.0860 2288 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:42:17.0860 2288 sfloppy - ok
14:42:17.0875 2288 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:42:17.0891 2288 ShellHWDetection - ok
14:42:17.0891 2288 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:42:17.0907 2288 SiSRaid2 - ok
14:42:17.0907 2288 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:42:17.0907 2288 SiSRaid4 - ok
14:42:17.0922 2288 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:42:17.0922 2288 Smb - ok
14:42:17.0938 2288 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:42:17.0938 2288 SNMPTRAP - ok
14:42:17.0953 2288 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:42:17.0953 2288 spldr - ok
14:42:17.0985 2288 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:42:18.0000 2288 Spooler - ok
14:42:18.0047 2288 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:42:18.0094 2288 sppsvc - ok
14:42:18.0094 2288 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:42:18.0094 2288 sppuinotify - ok
14:42:18.0125 2288 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:42:18.0125 2288 srv - ok
14:42:18.0141 2288 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:42:18.0156 2288 srv2 - ok
14:42:18.0172 2288 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:42:18.0187 2288 srvnet - ok
14:42:18.0187 2288 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:42:18.0203 2288 SSDPSRV - ok
14:42:18.0203 2288 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:42:18.0203 2288 SstpSvc - ok
14:42:18.0250 2288 Steam Client Service - ok
14:42:18.0265 2288 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:42:18.0265 2288 stexstor - ok
14:42:18.0297 2288 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:42:18.0312 2288 stisvc - ok
14:42:18.0312 2288 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:42:18.0328 2288 swenum - ok
14:42:18.0328 2288 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:42:18.0343 2288 swprv - ok
14:42:18.0390 2288 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:42:18.0421 2288 SysMain - ok
14:42:18.0421 2288 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:42:18.0437 2288 TabletInputService - ok
14:42:18.0453 2288 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:42:18.0453 2288 TapiSrv - ok
14:42:18.0468 2288 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:42:18.0468 2288 TBS - ok
14:42:18.0515 2288 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:42:18.0546 2288 Tcpip - ok
14:42:18.0577 2288 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:42:18.0593 2288 TCPIP6 - ok
14:42:18.0609 2288 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:42:18.0609 2288 tcpipreg - ok
14:42:18.0624 2288 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:42:18.0624 2288 TDPIPE - ok
14:42:18.0655 2288 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:42:18.0655 2288 TDTCP - ok
14:42:18.0687 2288 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:42:18.0687 2288 tdx - ok
14:42:18.0687 2288 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:42:18.0702 2288 TermDD - ok
14:42:18.0718 2288 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:42:18.0718 2288 TermService - ok
14:42:18.0733 2288 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:42:18.0733 2288 Themes - ok
14:42:18.0780 2288 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:42:18.0780 2288 THREADORDER - ok
14:42:18.0780 2288 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:42:18.0796 2288 TrkWks - ok
14:42:18.0827 2288 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:42:18.0827 2288 TrustedInstaller - ok
14:42:18.0843 2288 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:18.0843 2288 tssecsrv - ok
14:42:18.0874 2288 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:42:18.0874 2288 TsUsbFlt - ok
14:42:18.0905 2288 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:42:18.0921 2288 tunnel - ok
14:42:18.0921 2288 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:42:18.0936 2288 uagp35 - ok
14:42:18.0952 2288 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:42:18.0967 2288 udfs - ok
14:42:18.0983 2288 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:42:18.0983 2288 UI0Detect - ok
14:42:18.0999 2288 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:42:18.0999 2288 uliagpkx - ok
14:42:19.0014 2288 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:42:19.0030 2288 umbus - ok
14:42:19.0030 2288 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:42:19.0045 2288 UmPass - ok
14:42:19.0092 2288 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:42:19.0108 2288 UNS - ok
14:42:19.0123 2288 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:42:19.0139 2288 upnphost - ok
14:42:19.0155 2288 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:42:19.0155 2288 USBAAPL64 - ok
14:42:19.0170 2288 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:19.0170 2288 usbccgp - ok
14:42:19.0186 2288 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:42:19.0201 2288 usbcir - ok
14:42:19.0217 2288 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:42:19.0217 2288 usbehci - ok
14:42:19.0217 2288 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:42:19.0233 2288 usbhub - ok
14:42:19.0233 2288 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:42:19.0233 2288 usbohci - ok
14:42:19.0248 2288 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:42:19.0248 2288 usbprint - ok
14:42:19.0248 2288 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
14:42:19.0264 2288 USBSTOR - ok
14:42:19.0264 2288 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:42:19.0264 2288 usbuhci - ok
14:42:19.0279 2288 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:42:19.0279 2288 UxSms - ok
14:42:19.0295 2288 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:42:19.0295 2288 VaultSvc - ok
14:42:19.0295 2288 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:42:19.0295 2288 vdrvroot - ok
14:42:19.0326 2288 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:42:19.0342 2288 vds - ok
14:42:19.0342 2288 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:42:19.0357 2288 vga - ok
14:42:19.0357 2288 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:42:19.0357 2288 VgaSave - ok
14:42:19.0373 2288 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:42:19.0373 2288 vhdmp - ok
14:42:19.0389 2288 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:42:19.0389 2288 viaide - ok
14:42:19.0404 2288 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:42:19.0404 2288 volmgr - ok
14:42:19.0435 2288 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:42:19.0435 2288 volmgrx - ok
14:42:19.0451 2288 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:42:19.0467 2288 volsnap - ok
14:42:19.0467 2288 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:42:19.0467 2288 vsmraid - ok
14:42:19.0513 2288 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:42:19.0529 2288 VSS - ok
14:42:19.0529 2288 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:42:19.0529 2288 vwifibus - ok
14:42:19.0560 2288 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:42:19.0560 2288 vwififlt - ok
14:42:19.0576 2288 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:42:19.0576 2288 vwifimp - ok
14:42:19.0607 2288 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:42:19.0607 2288 W32Time - ok
14:42:19.0623 2288 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:42:19.0623 2288 WacomPen - ok
14:42:19.0638 2288 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:42:19.0638 2288 WANARP - ok
14:42:19.0638 2288 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:42:19.0638 2288 Wanarpv6 - ok
14:42:19.0669 2288 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:42:19.0701 2288 wbengine - ok
14:42:19.0716 2288 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:42:19.0716 2288 WbioSrvc - ok
14:42:19.0732 2288 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:42:19.0747 2288 wcncsvc - ok
14:42:19.0763 2288 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:42:19.0763 2288 WcsPlugInService - ok
14:42:19.0810 2288 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
14:42:19.0810 2288 WCUService_STC_IE - ok
14:42:19.0825 2288 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:42:19.0825 2288 Wd - ok
14:42:19.0857 2288 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:42:19.0872 2288 Wdf01000 - ok
14:42:19.0888 2288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:42:19.0888 2288 WdiServiceHost - ok
14:42:19.0888 2288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:42:19.0903 2288 WdiSystemHost - ok
14:42:19.0919 2288 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:42:19.0935 2288 WebClient - ok
14:42:19.0966 2288 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:42:19.0966 2288 Wecsvc - ok
14:42:19.0981 2288 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:42:19.0981 2288 wercplsupport - ok
14:42:19.0997 2288 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:42:19.0997 2288 WerSvc - ok
14:42:19.0997 2288 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:42:20.0013 2288 WfpLwf - ok
14:42:20.0013 2288 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:42:20.0028 2288 WIMMount - ok
14:42:20.0028 2288 WinHttpAutoProxySvc - ok
14:42:20.0075 2288 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:42:20.0075 2288 Winmgmt - ok
14:42:20.0122 2288 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:42:20.0153 2288 WinRM - ok
14:42:20.0200 2288 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:42:20.0215 2288 WinUsb - ok
14:42:20.0231 2288 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:42:20.0247 2288 Wlansvc - ok
14:42:20.0262 2288 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:42:20.0262 2288 WmiAcpi - ok
14:42:20.0278 2288 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:42:20.0278 2288 wmiApSrv - ok
14:42:20.0309 2288 WMPNetworkSvc - ok
14:42:20.0325 2288 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:42:20.0325 2288 WPCSvc - ok
14:42:20.0340 2288 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:42:20.0356 2288 WPDBusEnum - ok
14:42:20.0371 2288 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys
14:42:20.0371 2288 WPRO_41_2001 - ok
14:42:20.0387 2288 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:42:20.0387 2288 ws2ifsl - ok
14:42:20.0387 2288 WSearch - ok
14:42:20.0403 2288 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:42:20.0418 2288 WudfPf - ok
14:42:20.0449 2288 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:42:20.0449 2288 WUDFRd - ok
14:42:20.0481 2288 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:42:20.0481 2288 wudfsvc - ok
14:42:20.0496 2288 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:42:20.0512 2288 WwanSvc - ok
14:42:20.0574 2288 X6va012 - ok
14:42:20.0590 2288 ================ Scan global ===============================
14:42:20.0605 2288 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:42:20.0637 2288 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:42:20.0652 2288 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:42:20.0683 2288 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:42:20.0715 2288 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
14:42:20.0715 2288 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
14:42:20.0715 2288 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
14:42:20.0715 2288 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
14:42:20.0715 2288 ================ Scan MBR ==================================
14:42:20.0730 2288 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:42:21.0229 2288 \Device\Harddisk0\DR0 - ok
14:42:21.0229 2288 ================ Scan VBR ==================================
14:42:21.0229 2288 [ CD6D33772586B8FB578825C4ED328A3B ] \Device\Harddisk0\DR0\Partition1
14:42:21.0229 2288 \Device\Harddisk0\DR0\Partition1 - ok
14:42:21.0229 2288 [ D531F34B3A4ED3B3A5BA512DC2A4A9DA ] \Device\Harddisk0\DR0\Partition2
14:42:21.0245 2288 \Device\Harddisk0\DR0\Partition2 - ok
14:42:21.0245 2288 [ 680B142A802269C02CA7D0DA22D20468 ] \Device\Harddisk0\DR0\Partition3
14:42:21.0261 2288 \Device\Harddisk0\DR0\Partition3 - ok
14:42:21.0261 2288 ============================================================
14:42:21.0261 2288 Scan finished
14:42:21.0261 2288 ============================================================
14:42:21.0261 3364 Detected object count: 1
14:42:21.0261 3364 Actual detected object count: 1
14:42:29.0029 3364 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
14:42:29.0029 3364 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
|
|
12.02.2013, 15:56
| #6 | |
| /// TB-Ausbilder | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Weiter: Schritt 1 Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten".
Schritt 2 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 3 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort:
__________________ --> W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) |
|
12.02.2013, 16:40
| #7 |
| | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Ich habe 2 Logs von TDSSKiller: Code:
ATTFilter 16:04:56.0130 3296 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:04:56.0333 3296 ============================================================
16:04:56.0333 3296 Current date / time: 2013/02/12 16:04:56.0333
16:04:56.0333 3296 SystemInfo:
16:04:56.0333 3296
16:04:56.0333 3296 OS Version: 6.1.7601 ServicePack: 1.0
16:04:56.0333 3296 Product type: Workstation
16:04:56.0333 3296 ComputerName: GAMING-PC
16:04:56.0333 3296 UserName: Pascal
16:04:56.0333 3296 Windows directory: C:\Windows
16:04:56.0333 3296 System windows directory: C:\Windows
16:04:56.0333 3296 Running under WOW64
16:04:56.0333 3296 Processor architecture: Intel x64
16:04:56.0333 3296 Number of processors: 4
16:04:56.0333 3296 Page size: 0x1000
16:04:56.0333 3296 Boot type: Normal boot
16:04:56.0333 3296 ============================================================
16:04:57.0238 3296 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:57.0253 3296 ============================================================
16:04:57.0253 3296 \Device\Harddisk0\DR0:
16:04:57.0253 3296 MBR partitions:
16:04:57.0253 3296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:04:57.0253 3296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0D800
16:04:57.0253 3296 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x6AAC6000
16:04:57.0253 3296 ============================================================
16:04:57.0269 3296 C: <-> \Device\Harddisk0\DR0\Partition2
16:04:57.0284 3296 D: <-> \Device\Harddisk0\DR0\Partition3
16:04:57.0284 3296 ============================================================
16:04:57.0300 3296 Initialize success
16:04:57.0300 3296 ============================================================
16:05:23.0118 4328 ============================================================
16:05:23.0118 4328 Scan started
16:05:23.0118 4328 Mode: Manual;
16:05:23.0118 4328 ============================================================
16:05:23.0321 4328 ================ Scan system memory ========================
16:05:23.0321 4328 System memory - ok
16:05:23.0321 4328 ================ Scan services =============================
16:05:23.0773 4328 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:05:23.0789 4328 1394ohci - ok
16:05:23.0804 4328 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:05:23.0804 4328 ACPI - ok
16:05:23.0820 4328 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:05:23.0820 4328 AcpiPmi - ok
16:05:23.0882 4328 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:23.0882 4328 AdobeARMservice - ok
16:05:23.0992 4328 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:23.0992 4328 AdobeFlashPlayerUpdateSvc - ok
16:05:24.0007 4328 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:05:24.0023 4328 adp94xx - ok
16:05:24.0038 4328 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:05:24.0038 4328 adpahci - ok
16:05:24.0054 4328 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:05:24.0070 4328 adpu320 - ok
16:05:24.0085 4328 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:05:24.0085 4328 AeLookupSvc - ok
16:05:24.0132 4328 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:05:24.0148 4328 AFD - ok
16:05:24.0163 4328 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:05:24.0163 4328 agp440 - ok
16:05:24.0179 4328 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:05:24.0194 4328 ALG - ok
16:05:24.0194 4328 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:05:24.0210 4328 aliide - ok
16:05:24.0210 4328 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:05:24.0226 4328 amdide - ok
16:05:24.0241 4328 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:05:24.0257 4328 AmdK8 - ok
16:05:24.0257 4328 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:05:24.0272 4328 AmdPPM - ok
16:05:24.0288 4328 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:05:24.0304 4328 amdsata - ok
16:05:24.0319 4328 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:05:24.0319 4328 amdsbs - ok
16:05:24.0335 4328 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:05:24.0335 4328 amdxata - ok
16:05:24.0382 4328 [ B73EB5109193A4BACE8520B79DD77B25 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
16:05:24.0397 4328 AntiVirMailService - ok
16:05:24.0397 4328 [ 44E76CC89F7E38B3C31F000A4E566856 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:05:24.0413 4328 AntiVirSchedulerService - ok
16:05:24.0444 4328 [ 3FE1CDD4DCF5D42DDBD6F1A3F83B5D3A ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:05:24.0460 4328 AntiVirService - ok
16:05:24.0475 4328 [ 4B46FED191BEB6EAFED88DE90E97A7DB ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:05:24.0491 4328 AntiVirWebService - ok
16:05:24.0522 4328 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:05:24.0522 4328 AppID - ok
16:05:24.0538 4328 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:05:24.0553 4328 AppIDSvc - ok
16:05:24.0584 4328 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:05:24.0584 4328 Appinfo - ok
16:05:24.0616 4328 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:05:24.0631 4328 Apple Mobile Device - ok
16:05:24.0631 4328 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:05:24.0631 4328 arc - ok
16:05:24.0647 4328 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:05:24.0647 4328 arcsas - ok
16:05:24.0725 4328 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:05:24.0787 4328 aspnet_state - ok
16:05:24.0803 4328 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
16:05:24.0803 4328 AsrAppCharger - ok
16:05:24.0818 4328 [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk C:\Windows\system32\DRIVERS\AsrRamDisk.sys
16:05:24.0834 4328 AsrRamDisk - ok
16:05:24.0850 4328 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:24.0850 4328 AsyncMac - ok
16:05:24.0881 4328 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:05:24.0881 4328 atapi - ok
16:05:24.0943 4328 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:05:24.0959 4328 athr - ok
16:05:24.0990 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:25.0006 4328 AudioEndpointBuilder - ok
16:05:25.0021 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:05:25.0021 4328 AudioSrv - ok
16:05:25.0021 4328 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:05:25.0021 4328 avgntflt - ok
16:05:25.0037 4328 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:05:25.0037 4328 avipbb - ok
16:05:25.0052 4328 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:05:25.0052 4328 avkmgr - ok
16:05:25.0084 4328 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:05:25.0099 4328 AxInstSV - ok
16:05:25.0115 4328 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:05:25.0130 4328 b06bdrv - ok
16:05:25.0162 4328 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:05:25.0162 4328 b57nd60a - ok
16:05:25.0208 4328 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:05:25.0208 4328 BDESVC - ok
16:05:25.0224 4328 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:05:25.0224 4328 Beep - ok
16:05:25.0240 4328 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:05:25.0240 4328 blbdrive - ok
16:05:25.0271 4328 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:05:25.0271 4328 bowser - ok
16:05:25.0286 4328 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:05:25.0286 4328 BrFiltLo - ok
16:05:25.0286 4328 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:05:25.0286 4328 BrFiltUp - ok
16:05:25.0349 4328 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:05:25.0349 4328 Browser - ok
16:05:25.0364 4328 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:05:25.0380 4328 Brserid - ok
16:05:25.0380 4328 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:25.0380 4328 BrSerWdm - ok
16:05:25.0396 4328 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:25.0396 4328 BrUsbMdm - ok
16:05:25.0411 4328 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:25.0411 4328 BrUsbSer - ok
16:05:25.0427 4328 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:05:25.0427 4328 BTHMODEM - ok
16:05:25.0442 4328 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:05:25.0458 4328 bthserv - ok
16:05:25.0458 4328 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:05:25.0474 4328 cdfs - ok
16:05:25.0505 4328 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:05:25.0505 4328 cdrom - ok
16:05:25.0552 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:05:25.0567 4328 CertPropSvc - ok
16:05:25.0567 4328 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:05:25.0567 4328 circlass - ok
16:05:25.0598 4328 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:05:25.0598 4328 CLFS - ok
16:05:25.0676 4328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:25.0676 4328 clr_optimization_v2.0.50727_32 - ok
16:05:25.0723 4328 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:25.0723 4328 clr_optimization_v2.0.50727_64 - ok
16:05:25.0786 4328 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:25.0879 4328 clr_optimization_v4.0.30319_32 - ok
16:05:25.0910 4328 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:25.0926 4328 clr_optimization_v4.0.30319_64 - ok
16:05:25.0942 4328 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:05:25.0942 4328 CmBatt - ok
16:05:25.0957 4328 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:05:25.0957 4328 cmdide - ok
16:05:26.0035 4328 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:05:26.0066 4328 CNG - ok
16:05:26.0082 4328 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:05:26.0082 4328 Compbatt - ok
16:05:26.0098 4328 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:05:26.0113 4328 CompositeBus - ok
16:05:26.0113 4328 COMSysApp - ok
16:05:26.0191 4328 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:05:26.0207 4328 cphs - ok
16:05:26.0207 4328 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:05:26.0222 4328 crcdisk - ok
16:05:26.0254 4328 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:05:26.0254 4328 CryptSvc - ok
16:05:26.0300 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:05:26.0300 4328 DcomLaunch - ok
16:05:26.0332 4328 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:05:26.0332 4328 defragsvc - ok
16:05:26.0363 4328 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:05:26.0363 4328 DfsC - ok
16:05:26.0394 4328 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:05:26.0410 4328 Dhcp - ok
16:05:26.0410 4328 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:05:26.0425 4328 discache - ok
16:05:26.0425 4328 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:05:26.0441 4328 Disk - ok
16:05:26.0472 4328 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:05:26.0488 4328 Dnscache - ok
16:05:26.0519 4328 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:05:26.0534 4328 dot3svc - ok
16:05:26.0550 4328 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:05:26.0550 4328 DPS - ok
16:05:26.0581 4328 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:05:26.0581 4328 drmkaud - ok
16:05:26.0628 4328 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:05:26.0628 4328 DXGKrnl - ok
16:05:26.0659 4328 EagleX64 - ok
16:05:26.0675 4328 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:05:26.0690 4328 EapHost - ok
16:05:26.0737 4328 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:05:26.0800 4328 ebdrv - ok
16:05:26.0815 4328 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:05:26.0815 4328 EFS - ok
16:05:26.0846 4328 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:05:26.0862 4328 ehRecvr - ok
16:05:26.0893 4328 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:05:26.0893 4328 ehSched - ok
16:05:26.0924 4328 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:05:26.0940 4328 elxstor - ok
16:05:26.0956 4328 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:05:26.0971 4328 ErrDev - ok
16:05:27.0002 4328 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:05:27.0002 4328 EventSystem - ok
16:05:27.0034 4328 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:05:27.0034 4328 exfat - ok
16:05:27.0127 4328 FairplayKD - ok
16:05:27.0127 4328 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:05:27.0143 4328 fastfat - ok
16:05:27.0174 4328 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:05:27.0190 4328 Fax - ok
16:05:27.0190 4328 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:05:27.0190 4328 fdc - ok
16:05:27.0205 4328 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:05:27.0205 4328 fdPHost - ok
16:05:27.0236 4328 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:05:27.0236 4328 FDResPub - ok
16:05:27.0236 4328 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:05:27.0236 4328 FileInfo - ok
16:05:27.0252 4328 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:05:27.0252 4328 Filetrace - ok
16:05:27.0252 4328 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:05:27.0252 4328 flpydisk - ok
16:05:27.0283 4328 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:05:27.0283 4328 FltMgr - ok
16:05:27.0314 4328 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
16:05:27.0314 4328 FNETURPX - ok
16:05:27.0346 4328 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:05:27.0361 4328 FontCache - ok
16:05:27.0392 4328 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:05:27.0408 4328 FontCache3.0.0.0 - ok
16:05:27.0408 4328 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:05:27.0408 4328 FsDepends - ok
16:05:27.0439 4328 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:05:27.0439 4328 Fs_Rec - ok
16:05:27.0470 4328 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:05:27.0470 4328 fvevol - ok
16:05:27.0486 4328 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:05:27.0486 4328 gagp30kx - ok
16:05:27.0517 4328 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:05:27.0517 4328 GEARAspiWDM - ok
16:05:27.0533 4328 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:05:27.0564 4328 gpsvc - ok
16:05:27.0580 4328 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:05:27.0595 4328 hamachi - ok
16:05:27.0611 4328 Hamachi2Svc - ok
16:05:27.0626 4328 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:05:27.0626 4328 hcw85cir - ok
16:05:27.0658 4328 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:05:27.0673 4328 HdAudAddService - ok
16:05:27.0689 4328 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:05:27.0689 4328 HDAudBus - ok
16:05:27.0704 4328 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:05:27.0704 4328 HidBatt - ok
16:05:27.0720 4328 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:05:27.0720 4328 HidBth - ok
16:05:27.0736 4328 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:05:27.0736 4328 HidIr - ok
16:05:27.0751 4328 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:05:27.0767 4328 hidserv - ok
16:05:27.0782 4328 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:05:27.0782 4328 HidUsb - ok
16:05:27.0798 4328 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:05:27.0814 4328 hkmsvc - ok
16:05:27.0829 4328 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:05:27.0845 4328 HomeGroupListener - ok
16:05:27.0860 4328 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:05:27.0860 4328 HomeGroupProvider - ok
16:05:27.0876 4328 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:05:27.0892 4328 HpSAMD - ok
16:05:27.0907 4328 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:05:27.0938 4328 HTTP - ok
16:05:27.0938 4328 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:05:27.0954 4328 hwpolicy - ok
16:05:27.0954 4328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:05:27.0970 4328 i8042prt - ok
16:05:27.0985 4328 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:05:28.0001 4328 iaStor - ok
16:05:28.0048 4328 [ 1F35EFEC56CD1BF62435EAF97EABC3B3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:05:28.0048 4328 IAStorDataMgrSvc - ok
16:05:28.0063 4328 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:05:28.0063 4328 iaStorV - ok
16:05:28.0094 4328 [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
16:05:28.0094 4328 ICCS - ok
16:05:28.0126 4328 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:05:28.0157 4328 idsvc - ok
16:05:28.0250 4328 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:05:28.0328 4328 igfx - ok
16:05:28.0328 4328 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:05:28.0344 4328 iirsp - ok
16:05:28.0360 4328 [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
16:05:28.0375 4328 ikbevent - ok
16:05:28.0422 4328 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:05:28.0438 4328 IKEEXT - ok
16:05:28.0453 4328 [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
16:05:28.0469 4328 imsevent - ok
16:05:28.0531 4328 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:05:28.0547 4328 IntcAzAudAddService - ok
16:05:28.0578 4328 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:05:28.0594 4328 IntcDAud - ok
16:05:28.0640 4328 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:05:28.0656 4328 Intel(R) Capability Licensing Service Interface - ok
16:05:28.0687 4328 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:05:28.0703 4328 Intel(R) ME Service - ok
16:05:28.0718 4328 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:05:28.0718 4328 intelide - ok
16:05:28.0734 4328 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:05:28.0734 4328 intelppm - ok
16:05:28.0750 4328 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:05:28.0765 4328 IPBusEnum - ok
16:05:28.0781 4328 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:05:28.0796 4328 IpFilterDriver - ok
16:05:28.0812 4328 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:05:28.0812 4328 IPMIDRV - ok
16:05:28.0843 4328 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:05:28.0859 4328 IPNAT - ok
16:05:28.0906 4328 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:05:28.0921 4328 iPod Service - ok
16:05:28.0937 4328 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:05:28.0937 4328 IRENUM - ok
16:05:28.0952 4328 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:05:28.0952 4328 isapnp - ok
16:05:28.0968 4328 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:05:28.0984 4328 iScsiPrt - ok
16:05:28.0984 4328 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
16:05:28.0999 4328 ISCT - ok
16:05:29.0015 4328 [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
16:05:29.0030 4328 ISCTAgent - ok
16:05:29.0046 4328 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:05:29.0062 4328 iusb3hcs - ok
16:05:29.0077 4328 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:05:29.0093 4328 iusb3hub - ok
16:05:29.0108 4328 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:05:29.0124 4328 iusb3xhc - ok
16:05:29.0140 4328 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:05:29.0140 4328 jhi_service - ok
16:05:29.0155 4328 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:05:29.0171 4328 kbdclass - ok
16:05:29.0186 4328 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:05:29.0202 4328 kbdhid - ok
16:05:29.0218 4328 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:05:29.0218 4328 KeyIso - ok
16:05:29.0280 4328 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
16:05:29.0280 4328 KMWDFILTER - ok
16:05:29.0296 4328 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:05:29.0311 4328 KSecDD - ok
16:05:29.0327 4328 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:05:29.0342 4328 KSecPkg - ok
16:05:29.0342 4328 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:05:29.0342 4328 ksthunk - ok
16:05:29.0374 4328 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:05:29.0389 4328 KtmRm - ok
16:05:29.0436 4328 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:05:29.0436 4328 LanmanServer - ok
16:05:29.0467 4328 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:05:29.0483 4328 LanmanWorkstation - ok
16:05:29.0498 4328 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:05:29.0514 4328 lltdio - ok
16:05:29.0545 4328 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:05:29.0545 4328 lltdsvc - ok
16:05:29.0576 4328 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:05:29.0576 4328 lmhosts - ok
16:05:29.0623 4328 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:05:29.0623 4328 LMS - ok
16:05:29.0623 4328 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:05:29.0639 4328 LSI_FC - ok
16:05:29.0639 4328 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:05:29.0654 4328 LSI_SAS - ok
16:05:29.0654 4328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:05:29.0654 4328 LSI_SAS2 - ok
16:05:29.0670 4328 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:05:29.0670 4328 LSI_SCSI - ok
16:05:29.0686 4328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:05:29.0686 4328 luafv - ok
16:05:29.0748 4328 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:05:29.0748 4328 MBAMProtector - ok
16:05:29.0779 4328 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:05:29.0795 4328 MBAMScheduler - ok
16:05:29.0842 4328 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService D:\Malwarebytes' Anti-Malware\mbamservice.exe
16:05:29.0842 4328 MBAMService - ok
16:05:29.0873 4328 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
16:05:29.0873 4328 MBfilt - ok
16:05:29.0888 4328 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:05:29.0904 4328 Mcx2Svc - ok
16:05:29.0904 4328 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:05:29.0920 4328 megasas - ok
16:05:29.0920 4328 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:05:29.0935 4328 MegaSR - ok
16:05:29.0951 4328 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:05:29.0966 4328 MEIx64 - ok
16:05:29.0982 4328 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:05:29.0982 4328 MMCSS - ok
16:05:29.0998 4328 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:05:29.0998 4328 Modem - ok
16:05:30.0013 4328 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:05:30.0013 4328 monitor - ok
16:05:30.0029 4328 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:05:30.0029 4328 mouclass - ok
16:05:30.0044 4328 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:05:30.0060 4328 mouhid - ok
16:05:30.0091 4328 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:05:30.0091 4328 mountmgr - ok
16:05:30.0138 4328 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:05:30.0138 4328 MozillaMaintenance - ok
16:05:30.0154 4328 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:05:30.0169 4328 mpio - ok
16:05:30.0185 4328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:05:30.0200 4328 mpsdrv - ok
16:05:30.0216 4328 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:05:30.0232 4328 MRxDAV - ok
16:05:30.0247 4328 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:30.0247 4328 mrxsmb - ok
16:05:30.0263 4328 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:30.0278 4328 mrxsmb10 - ok
16:05:30.0294 4328 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:30.0294 4328 mrxsmb20 - ok
16:05:30.0310 4328 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:05:30.0310 4328 msahci - ok
16:05:30.0341 4328 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:05:30.0341 4328 msdsm - ok
16:05:30.0356 4328 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:05:30.0356 4328 MSDTC - ok
16:05:30.0372 4328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:05:30.0388 4328 Msfs - ok
16:05:30.0388 4328 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:05:30.0388 4328 mshidkmdf - ok
16:05:30.0388 4328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:05:30.0403 4328 msisadrv - ok
16:05:30.0419 4328 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:05:30.0419 4328 MSiSCSI - ok
16:05:30.0434 4328 msiserver - ok
16:05:30.0450 4328 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:05:30.0450 4328 MSKSSRV - ok
16:05:30.0466 4328 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:30.0466 4328 MSPCLOCK - ok
16:05:30.0466 4328 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:05:30.0481 4328 MSPQM - ok
16:05:30.0497 4328 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:05:30.0512 4328 MsRPC - ok
16:05:30.0528 4328 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:05:30.0528 4328 mssmbios - ok
16:05:30.0544 4328 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:05:30.0559 4328 MSTEE - ok
16:05:30.0559 4328 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:05:30.0559 4328 MTConfig - ok
16:05:30.0575 4328 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:05:30.0575 4328 Mup - ok
16:05:30.0590 4328 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:05:30.0606 4328 napagent - ok
16:05:30.0637 4328 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:05:30.0637 4328 NativeWifiP - ok
16:05:30.0715 4328 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:05:30.0715 4328 NDIS - ok
16:05:30.0746 4328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:05:30.0746 4328 NdisCap - ok
16:05:30.0762 4328 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:30.0762 4328 NdisTapi - ok
16:05:30.0809 4328 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:30.0809 4328 Ndisuio - ok
16:05:30.0824 4328 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:30.0840 4328 NdisWan - ok
16:05:30.0856 4328 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:05:30.0856 4328 NDProxy - ok
16:05:30.0871 4328 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:05:30.0871 4328 NetBIOS - ok
16:05:30.0887 4328 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:05:30.0902 4328 NetBT - ok
16:05:30.0918 4328 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:05:30.0918 4328 Netlogon - ok
16:05:30.0965 4328 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:05:30.0965 4328 Netman - ok
16:05:30.0996 4328 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0027 4328 NetMsmqActivator - ok
16:05:31.0027 4328 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0027 4328 NetPipeActivator - ok
16:05:31.0043 4328 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:05:31.0058 4328 netprofm - ok
16:05:31.0074 4328 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0074 4328 NetTcpActivator - ok
16:05:31.0074 4328 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:31.0074 4328 NetTcpPortSharing - ok
16:05:31.0090 4328 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:05:31.0090 4328 nfrd960 - ok
16:05:31.0121 4328 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:05:31.0121 4328 NlaSvc - ok
16:05:31.0121 4328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:05:31.0136 4328 Npfs - ok
16:05:31.0136 4328 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:05:31.0152 4328 nsi - ok
16:05:31.0152 4328 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:05:31.0152 4328 nsiproxy - ok
16:05:31.0199 4328 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:05:31.0230 4328 Ntfs - ok
16:05:31.0246 4328 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:05:31.0246 4328 Null - ok
16:05:31.0261 4328 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:05:31.0261 4328 nvraid - ok
16:05:31.0292 4328 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:05:31.0292 4328 nvstor - ok
16:05:31.0324 4328 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:05:31.0324 4328 nv_agp - ok
16:05:31.0339 4328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:05:31.0339 4328 ohci1394 - ok
16:05:31.0355 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:05:31.0370 4328 p2pimsvc - ok
16:05:31.0370 4328 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:05:31.0386 4328 p2psvc - ok
16:05:31.0386 4328 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:05:31.0402 4328 Parport - ok
16:05:31.0417 4328 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:05:31.0433 4328 partmgr - ok
16:05:31.0448 4328 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:05:31.0448 4328 PcaSvc - ok
16:05:31.0464 4328 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:05:31.0480 4328 pci - ok
16:05:31.0480 4328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:05:31.0495 4328 pciide - ok
16:05:31.0511 4328 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:05:31.0511 4328 pcmcia - ok
16:05:31.0526 4328 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:05:31.0526 4328 pcw - ok
16:05:31.0542 4328 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:05:31.0558 4328 PEAUTH - ok
16:05:31.0620 4328 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:05:31.0620 4328 PerfHost - ok
16:05:31.0667 4328 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:05:31.0698 4328 pla - ok
16:05:31.0729 4328 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:05:31.0745 4328 PlugPlay - ok
16:05:31.0760 4328 PnkBstrA - ok
16:05:31.0776 4328 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:05:31.0792 4328 PNRPAutoReg - ok
16:05:31.0792 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:05:31.0792 4328 PNRPsvc - ok
16:05:31.0823 4328 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:05:31.0838 4328 PolicyAgent - ok
16:05:31.0885 4328 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:05:31.0885 4328 Power - ok
16:05:31.0901 4328 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:05:31.0901 4328 PptpMiniport - ok
16:05:31.0916 4328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:05:31.0916 4328 Processor - ok
16:05:31.0948 4328 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:05:31.0948 4328 ProfSvc - ok
16:05:31.0963 4328 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:05:31.0963 4328 ProtectedStorage - ok
16:05:31.0994 4328 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:05:31.0994 4328 Psched - ok
16:05:32.0026 4328 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:05:32.0057 4328 ql2300 - ok
16:05:32.0072 4328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:05:32.0088 4328 ql40xx - ok
16:05:32.0088 4328 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:05:32.0104 4328 QWAVE - ok
16:05:32.0104 4328 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:05:32.0119 4328 QWAVEdrv - ok
16:05:32.0119 4328 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:05:32.0135 4328 RasAcd - ok
16:05:32.0150 4328 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:05:32.0150 4328 RasAgileVpn - ok
16:05:32.0166 4328 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:05:32.0166 4328 RasAuto - ok
16:05:32.0182 4328 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:32.0197 4328 Rasl2tp - ok
16:05:32.0228 4328 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:05:32.0244 4328 RasMan - ok
16:05:32.0260 4328 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:32.0275 4328 RasPppoe - ok
16:05:32.0275 4328 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:05:32.0275 4328 RasSstp - ok
16:05:32.0291 4328 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:05:32.0306 4328 rdbss - ok
16:05:32.0322 4328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:05:32.0322 4328 rdpbus - ok
16:05:32.0353 4328 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:32.0353 4328 RDPCDD - ok
16:05:32.0353 4328 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:05:32.0353 4328 RDPENCDD - ok
16:05:32.0384 4328 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:05:32.0384 4328 RDPREFMP - ok
16:05:32.0447 4328 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:05:32.0447 4328 RdpVideoMiniport - ok
16:05:32.0462 4328 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:05:32.0478 4328 RDPWD - ok
16:05:32.0509 4328 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:05:32.0525 4328 rdyboost - ok
16:05:32.0556 4328 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:05:32.0572 4328 RemoteAccess - ok
16:05:32.0572 4328 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:05:32.0587 4328 RemoteRegistry - ok
16:05:32.0603 4328 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:05:32.0618 4328 RpcEptMapper - ok
16:05:32.0618 4328 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:05:32.0634 4328 RpcLocator - ok
16:05:32.0650 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:05:32.0650 4328 RpcSs - ok
16:05:32.0665 4328 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:05:32.0681 4328 rspndr - ok
16:05:32.0712 4328 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:05:32.0712 4328 RTL8167 - ok
16:05:32.0759 4328 [ 4CE333AC701C4BD2E3EFF721C0DB2526 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
16:05:32.0774 4328 RTL8192su - ok
16:05:32.0790 4328 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:05:32.0790 4328 SamSs - ok
16:05:32.0821 4328 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:05:32.0821 4328 sbp2port - ok
16:05:32.0837 4328 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:05:32.0837 4328 SCardSvr - ok
16:05:32.0868 4328 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:05:32.0868 4328 scfilter - ok
16:05:32.0899 4328 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:05:32.0930 4328 Schedule - ok
16:05:32.0946 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:05:32.0946 4328 SCPolicySvc - ok
16:05:32.0962 4328 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:05:32.0977 4328 SDRSVC - ok
16:05:32.0977 4328 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:05:32.0977 4328 secdrv - ok
16:05:33.0008 4328 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:05:33.0008 4328 seclogon - ok
16:05:33.0040 4328 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:05:33.0040 4328 SENS - ok
16:05:33.0055 4328 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:05:33.0055 4328 SensrSvc - ok
16:05:33.0071 4328 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:05:33.0071 4328 Serenum - ok
16:05:33.0086 4328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:05:33.0086 4328 Serial - ok
16:05:33.0118 4328 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:05:33.0118 4328 sermouse - ok
16:05:33.0133 4328 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:05:33.0149 4328 SessionEnv - ok
16:05:33.0164 4328 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:05:33.0164 4328 sffdisk - ok
16:05:33.0180 4328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:05:33.0180 4328 sffp_mmc - ok
16:05:33.0180 4328 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:05:33.0180 4328 sffp_sd - ok
16:05:33.0211 4328 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:05:33.0211 4328 sfloppy - ok
16:05:33.0227 4328 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:05:33.0242 4328 ShellHWDetection - ok
16:05:33.0258 4328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:05:33.0258 4328 SiSRaid2 - ok
16:05:33.0274 4328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:05:33.0274 4328 SiSRaid4 - ok
16:05:33.0289 4328 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:05:33.0305 4328 Smb - ok
16:05:33.0320 4328 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:05:33.0336 4328 SNMPTRAP - ok
16:05:33.0336 4328 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:05:33.0336 4328 spldr - ok
16:05:33.0367 4328 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:05:33.0383 4328 Spooler - ok
16:05:33.0430 4328 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:05:33.0476 4328 sppsvc - ok
16:05:33.0492 4328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:05:33.0492 4328 sppuinotify - ok
16:05:33.0508 4328 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:05:33.0523 4328 srv - ok
16:05:33.0523 4328 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:05:33.0539 4328 srv2 - ok
16:05:33.0539 4328 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:05:33.0539 4328 srvnet - ok
16:05:33.0570 4328 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:05:33.0570 4328 SSDPSRV - ok
16:05:33.0586 4328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:05:33.0586 4328 SstpSvc - ok
16:05:33.0617 4328 Steam Client Service - ok
16:05:33.0617 4328 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:05:33.0632 4328 stexstor - ok
16:05:33.0664 4328 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:05:33.0679 4328 stisvc - ok
16:05:33.0695 4328 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:05:33.0695 4328 swenum - ok
16:05:33.0710 4328 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:05:33.0726 4328 swprv - ok
16:05:33.0757 4328 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:05:33.0773 4328 SysMain - ok
16:05:33.0788 4328 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:05:33.0804 4328 TabletInputService - ok
16:05:33.0820 4328 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:05:33.0835 4328 TapiSrv - ok
16:05:33.0851 4328 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:05:33.0851 4328 TBS - ok
16:05:33.0898 4328 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:05:33.0929 4328 Tcpip - ok
16:05:33.0960 4328 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:05:33.0976 4328 TCPIP6 - ok
16:05:34.0022 4328 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:05:34.0022 4328 tcpipreg - ok
16:05:34.0038 4328 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:05:34.0038 4328 TDPIPE - ok
16:05:34.0069 4328 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:05:34.0069 4328 TDTCP - ok
16:05:34.0100 4328 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:05:34.0116 4328 tdx - ok
16:05:34.0116 4328 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:05:34.0116 4328 TermDD - ok
16:05:34.0132 4328 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:05:34.0163 4328 TermService - ok
16:05:34.0178 4328 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:05:34.0178 4328 Themes - ok
16:05:34.0194 4328 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:05:34.0194 4328 THREADORDER - ok
16:05:34.0210 4328 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:05:34.0210 4328 TrkWks - ok
16:05:34.0241 4328 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:05:34.0256 4328 TrustedInstaller - ok
16:05:34.0256 4328 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:34.0272 4328 tssecsrv - ok
16:05:34.0288 4328 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:05:34.0288 4328 TsUsbFlt - ok
16:05:34.0319 4328 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:05:34.0334 4328 tunnel - ok
16:05:34.0334 4328 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:05:34.0350 4328 uagp35 - ok
16:05:34.0366 4328 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:05:34.0381 4328 udfs - ok
16:05:34.0397 4328 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:05:34.0412 4328 UI0Detect - ok
16:05:34.0412 4328 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:05:34.0412 4328 uliagpkx - ok
16:05:34.0444 4328 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:05:34.0444 4328 umbus - ok
16:05:34.0459 4328 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:05:34.0459 4328 UmPass - ok
16:05:34.0522 4328 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:05:34.0522 4328 UNS - ok
16:05:34.0537 4328 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:05:34.0553 4328 upnphost - ok
16:05:34.0568 4328 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:05:34.0584 4328 USBAAPL64 - ok
16:05:34.0584 4328 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:34.0600 4328 usbccgp - ok
16:05:34.0615 4328 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:05:34.0631 4328 usbcir - ok
16:05:34.0646 4328 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:05:34.0646 4328 usbehci - ok
16:05:34.0678 4328 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:05:34.0693 4328 usbhub - ok
16:05:34.0709 4328 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:05:34.0709 4328 usbohci - ok
16:05:34.0724 4328 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:05:34.0724 4328 usbprint - ok
16:05:34.0740 4328 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
16:05:34.0740 4328 USBSTOR - ok
16:05:34.0756 4328 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:05:34.0756 4328 usbuhci - ok
16:05:34.0771 4328 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:05:34.0787 4328 UxSms - ok
16:05:34.0802 4328 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:05:34.0802 4328 VaultSvc - ok
16:05:34.0818 4328 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:05:34.0818 4328 vdrvroot - ok
16:05:34.0834 4328 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:05:34.0849 4328 vds - ok
16:05:34.0865 4328 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:34.0880 4328 vga - ok
16:05:34.0880 4328 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:05:34.0880 4328 VgaSave - ok
16:05:34.0896 4328 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:05:34.0912 4328 vhdmp - ok
16:05:34.0927 4328 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:05:34.0927 4328 viaide - ok
16:05:34.0943 4328 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:05:34.0943 4328 volmgr - ok
16:05:34.0974 4328 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:05:34.0974 4328 volmgrx - ok
16:05:34.0990 4328 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:05:35.0005 4328 volsnap - ok
16:05:35.0021 4328 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:05:35.0036 4328 vsmraid - ok
16:05:35.0068 4328 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:05:35.0099 4328 VSS - ok
16:05:35.0099 4328 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:05:35.0099 4328 vwifibus - ok
16:05:35.0130 4328 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:05:35.0146 4328 vwififlt - ok
16:05:35.0161 4328 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:05:35.0161 4328 vwifimp - ok
16:05:35.0177 4328 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:05:35.0192 4328 W32Time - ok
16:05:35.0208 4328 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:05:35.0208 4328 WacomPen - ok
16:05:35.0224 4328 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:05:35.0239 4328 WANARP - ok
16:05:35.0239 4328 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:05:35.0239 4328 Wanarpv6 - ok
16:05:35.0286 4328 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:05:35.0302 4328 wbengine - ok
16:05:35.0317 4328 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:05:35.0333 4328 WbioSrvc - ok
16:05:35.0348 4328 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:05:35.0348 4328 wcncsvc - ok
16:05:35.0364 4328 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:05:35.0364 4328 WcsPlugInService - ok
16:05:35.0411 4328 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
16:05:35.0426 4328 WCUService_STC_IE - ok
16:05:35.0426 4328 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:05:35.0426 4328 Wd - ok
16:05:35.0458 4328 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:05:35.0473 4328 Wdf01000 - ok
16:05:35.0489 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:05:35.0489 4328 WdiServiceHost - ok
16:05:35.0504 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:05:35.0504 4328 WdiSystemHost - ok
16:05:35.0520 4328 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:05:35.0536 4328 WebClient - ok
16:05:35.0551 4328 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:05:35.0567 4328 Wecsvc - ok
16:05:35.0567 4328 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:05:35.0567 4328 wercplsupport - ok
16:05:35.0582 4328 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:05:35.0582 4328 WerSvc - ok
16:05:35.0598 4328 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:05:35.0598 4328 WfpLwf - ok
16:05:35.0614 4328 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:05:35.0614 4328 WIMMount - ok
16:05:35.0614 4328 WinHttpAutoProxySvc - ok
16:05:35.0660 4328 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:05:35.0676 4328 Winmgmt - ok
16:05:35.0707 4328 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:05:35.0723 4328 WinRM - ok
16:05:35.0770 4328 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:05:35.0770 4328 WinUsb - ok
16:05:35.0816 4328 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:05:35.0832 4328 Wlansvc - ok
16:05:35.0848 4328 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:05:35.0848 4328 WmiAcpi - ok
16:05:35.0863 4328 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:05:35.0879 4328 wmiApSrv - ok
16:05:35.0894 4328 WMPNetworkSvc - ok
16:05:35.0910 4328 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:05:35.0910 4328 WPCSvc - ok
16:05:35.0941 4328 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:05:35.0941 4328 WPDBusEnum - ok
16:05:35.0957 4328 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys
16:05:35.0957 4328 WPRO_41_2001 - ok
16:05:35.0957 4328 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:05:35.0957 4328 ws2ifsl - ok
16:05:35.0972 4328 WSearch - ok
16:05:35.0988 4328 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:05:36.0004 4328 WudfPf - ok
16:05:36.0004 4328 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:05:36.0019 4328 WUDFRd - ok
16:05:36.0035 4328 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:05:36.0050 4328 wudfsvc - ok
16:05:36.0066 4328 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:05:36.0066 4328 WwanSvc - ok
16:05:36.0113 4328 X6va012 - ok
16:05:36.0144 4328 ================ Scan global ===============================
16:05:36.0175 4328 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:05:36.0191 4328 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:05:36.0206 4328 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:05:36.0238 4328 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:05:36.0269 4328 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
16:05:36.0269 4328 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
16:05:36.0269 4328 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
16:05:36.0269 4328 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
16:05:36.0269 4328 ================ Scan MBR ==================================
16:05:36.0284 4328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:05:36.0518 4328 \Device\Harddisk0\DR0 - ok
16:05:36.0518 4328 ================ Scan VBR ==================================
16:05:36.0518 4328 [ CD6D33772586B8FB578825C4ED328A3B ] \Device\Harddisk0\DR0\Partition1
16:05:36.0518 4328 \Device\Harddisk0\DR0\Partition1 - ok
16:05:36.0550 4328 [ D531F34B3A4ED3B3A5BA512DC2A4A9DA ] \Device\Harddisk0\DR0\Partition2
16:05:36.0550 4328 \Device\Harddisk0\DR0\Partition2 - ok
16:05:36.0565 4328 [ 680B142A802269C02CA7D0DA22D20468 ] \Device\Harddisk0\DR0\Partition3
16:05:36.0565 4328 \Device\Harddisk0\DR0\Partition3 - ok
16:05:36.0565 4328 ============================================================
16:05:36.0565 4328 Scan finished
16:05:36.0565 4328 ============================================================
16:05:36.0565 3556 Detected object count: 1
16:05:36.0565 3556 Actual detected object count: 1
16:05:44.0833 3556 C:\Windows\system32\services.exe - copied to quarantine
16:05:45.0005 3556 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
16:05:45.0005 3556 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
16:05:45.0036 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\@ - copied to quarantine
16:05:45.0052 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\00000004.@ - copied to quarantine
16:05:45.0067 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000004.@ - copied to quarantine
16:05:45.0067 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@ - copied to quarantine
16:05:45.0067 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@ - copied to quarantine
16:05:45.0083 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000000.@ - copied to quarantine
16:05:45.0083 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000032.@ - copied to quarantine
16:05:45.0083 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000064.@ - copied to quarantine
16:06:15.0667 3556 Backup copy not found, trying to cure infected file..
16:06:15.0667 3556 Cure success, using it..
16:06:15.0714 3556 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
16:06:15.0714 3556 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
16:06:15.0730 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\@ - will be deleted on reboot
16:06:15.0730 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000004.@ - will be deleted on reboot
16:06:15.0730 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\00000008.@ - will be deleted on reboot
16:06:15.0730 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\000000cb.@ - will be deleted on reboot
16:06:15.0730 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000000.@ - will be deleted on reboot
16:06:15.0730 3556 C:\Windows\installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U\80000064.@ - will be deleted on reboot
16:06:15.0730 3556 C:\Windows\system32\services.exe - will be cured on reboot
16:06:15.0730 3556 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
16:06:20.0191 4512 Deinitialize success
Code:
ATTFilter 16:08:09.0117 3916 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:08:09.0305 3916 ============================================================
16:08:09.0305 3916 Current date / time: 2013/02/12 16:08:09.0305
16:08:09.0305 3916 SystemInfo:
16:08:09.0305 3916
16:08:09.0305 3916 OS Version: 6.1.7601 ServicePack: 1.0
16:08:09.0305 3916 Product type: Workstation
16:08:09.0305 3916 ComputerName: GAMING-PC
16:08:09.0305 3916 UserName: Pascal
16:08:09.0305 3916 Windows directory: C:\Windows
16:08:09.0305 3916 System windows directory: C:\Windows
16:08:09.0305 3916 Running under WOW64
16:08:09.0305 3916 Processor architecture: Intel x64
16:08:09.0305 3916 Number of processors: 4
16:08:09.0305 3916 Page size: 0x1000
16:08:09.0305 3916 Boot type: Normal boot
16:08:09.0305 3916 ============================================================
16:08:14.0000 3916 BG loaded
16:08:14.0765 3916 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:08:14.0765 3916 ============================================================
16:08:14.0765 3916 \Device\Harddisk0\DR0:
16:08:14.0765 3916 MBR partitions:
16:08:14.0765 3916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:08:14.0765 3916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0D800
16:08:14.0765 3916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x6AAC6000
16:08:14.0765 3916 ============================================================
16:08:14.0796 3916 C: <-> \Device\Harddisk0\DR0\Partition2
16:08:14.0827 3916 D: <-> \Device\Harddisk0\DR0\Partition3
16:08:14.0827 3916 ============================================================
16:08:14.0827 3916 Initialize success
16:08:14.0827 3916 ============================================================
16:21:33.0686 3784 Deinitialize success
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 12/02/2013 um 16:00:05 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Pascal - GAMING-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Pascal\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1222 octets] - [12/02/2013 16:00:05]
########## EOF - C:\AdwCleaner[S1].txt - [1282 octets] ##########
Code:
ATTFilter ComboFix 13-02-12.01 - Pascal 12.02.2013 16:23:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7885.6285 [GMT 1:00]
ausgeführt von:: c:\users\Pascal\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\programdata\ntuser.dat
c:\windows\security\Database\tmp.edb
c:\windows\win.dll
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-12 bis 2013-02-12 ))))))))))))))))))))))))))))))
.
.
2013-02-12 15:26 . 2013-02-12 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-12 15:07 . 2013-02-12 15:27 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-02-12 15:05 . 2013-02-12 15:05 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-12 01:34 . 2013-02-12 01:34 -------- d-----w- c:\program files (x86)\7-Zip
2013-02-11 23:35 . 2013-02-11 23:35 -------- d-----w- c:\programdata\Malwarebytes
2013-02-11 23:35 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-11 22:47 . 2013-02-11 22:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-02-10 22:37 . 2013-02-10 22:38 -------- d-----w- c:\programdata\PMB Files
2013-02-10 22:37 . 2013-02-10 22:37 -------- d-----w- c:\program files (x86)\Pando Networks
2013-02-10 18:11 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-02-10 18:11 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-02-10 18:11 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-02-10 18:11 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2013-02-10 18:11 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-02-10 18:11 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-02-10 01:25 . 2013-02-10 01:25 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-02-10 01:16 . 2013-02-10 01:25 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-02-10 01:16 . 2013-02-10 01:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-02-10 00:11 . 2013-02-10 00:34 -------- d-----w- c:\program files (x86)\Origin Games
2013-02-10 00:09 . 2013-02-10 00:33 -------- d-----w- c:\programdata\Origin
2013-02-10 00:09 . 2013-02-10 00:09 -------- d-----w- c:\programdata\Electronic Arts
2013-02-08 10:57 . 2013-01-18 11:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90623E7D-7121-41F4-B0DA-936347020410}\mpengine.dll
2013-02-08 10:46 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-07 20:39 . 2013-02-07 20:39 -------- d-----w- c:\windows\system32\SPReview
2013-02-07 20:38 . 2013-02-07 20:38 -------- d-----w- c:\windows\system32\EventProviders
2013-02-07 18:14 . 2013-02-07 18:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-02-07 14:58 . 2013-02-07 15:21 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-02-06 16:41 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-02-06 16:41 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-02-06 16:39 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-02-06 16:39 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-02-06 16:39 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-02-06 16:24 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-02-06 16:24 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-02-06 16:24 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-02-06 16:24 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-02-06 16:24 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-02-06 16:24 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-02-06 16:24 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-02-06 16:23 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-02-06 16:23 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-02-06 16:23 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-02-06 16:23 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-02-06 16:23 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-02-06 16:23 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-02-06 16:23 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-02-06 16:23 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-02-06 16:23 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-02-06 16:23 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-02-06 16:23 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-02-06 16:22 . 2013-02-06 16:22 -------- d-----w- c:\program files (x86)\TP-LINK
2013-02-06 16:18 . 2009-03-18 15:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2013-02-06 10:49 . 2012-12-16 16:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-02-05 21:13 . 2013-02-05 21:13 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-02-05 21:13 . 2013-02-05 21:13 -------- d-----w- c:\windows\system32\wbem\en-US
2013-02-05 20:55 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-02-05 20:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-05 20:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-05 20:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-05 20:49 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-02-05 20:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-02-05 20:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-02-05 20:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-02-05 20:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-02-05 20:41 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-02-05 20:41 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-02-05 20:41 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-05 20:41 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-05 20:41 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-05 20:41 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-05 20:41 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-05 20:41 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-05 20:41 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-05 20:38 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-05 20:38 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-05 20:38 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-05 20:38 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-02-05 20:38 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-02-05 20:29 . 2013-02-05 20:29 -------- d-----w- c:\programdata\Nexon
2013-02-05 19:38 . 2013-02-05 20:27 -------- d-----w- C:\Download
2013-02-05 19:38 . 2013-02-05 19:38 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2013-02-05 19:38 . 2013-02-05 19:38 -------- d-----w- C:\Nexon
2013-02-05 19:38 . 2013-02-05 19:38 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2013-02-05 19:09 . 2013-02-05 19:09 -------- d-----w- c:\windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
2013-02-05 18:12 . 2013-02-05 18:12 -------- d-----w- c:\programdata\MTA San Andreas All
2013-02-05 16:39 . 2013-02-05 16:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-05 16:39 . 2013-02-05 16:39 -------- d-----w- c:\programdata\Skype
2013-02-05 16:05 . 2013-02-05 16:05 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-02-05 15:41 . 2013-02-05 15:41 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-05 15:41 . 2013-02-05 15:41 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-05 15:41 . 2013-02-05 15:41 188320 ----a-w- c:\windows\system32\java.exe
2013-02-05 15:41 . 2013-02-05 15:41 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-05 15:39 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2013-02-05 15:38 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2013-02-05 15:36 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-02-05 15:36 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2013-02-05 15:36 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2013-02-05 15:36 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-02-05 15:36 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-02-05 15:35 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-05 15:35 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-05 15:35 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-05 15:35 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2013-02-05 15:35 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-02-05 15:35 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2013-02-05 15:35 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2013-02-05 15:35 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2013-02-05 15:35 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2013-02-05 15:35 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-02-05 15:35 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2013-02-05 15:33 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-02-05 15:32 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-02-05 15:31 . 2013-02-05 15:41 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-05 15:31 . 2013-02-05 15:41 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-05 15:28 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2013-02-05 15:27 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2013-02-05 15:27 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-02-05 15:27 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-02-05 15:27 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-02-05 15:26 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-02-05 15:26 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-02-05 15:26 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-02-05 15:26 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-02-05 15:26 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-02-05 15:26 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-07 20:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-02-07 20:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-12-14 01:42 . 2012-12-14 01:42 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-12-14 01:42 . 2012-12-14 01:42 21850112 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42 196096 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-12-14 01:42 . 2012-12-14 01:42 384512 ----a-w- c:\windows\system32\igfxpph.dll
2012-12-14 01:42 . 2012-12-14 01:42 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-12-14 01:42 . 2012-12-14 01:42 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-12-14 01:42 . 2012-12-14 01:42 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-12-14 01:42 . 2012-12-14 01:42 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-12-14 01:42 . 2012-12-14 01:42 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-12-14 01:42 . 2012-12-14 01:42 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-12-14 01:42 . 2012-12-14 01:42 330752 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-12-14 01:42 . 2012-12-14 01:42 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-12-14 01:42 . 2012-12-14 01:42 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-12-14 01:42 . 2012-12-14 01:42 11174912 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-12-14 01:42 . 2012-12-14 01:42 640512 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42 512112 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-12-14 01:42 . 2012-12-14 01:42 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-12-14 01:42 . 2012-12-14 01:42 255088 ----a-w- c:\windows\system32\igfxext.exe
2012-12-14 01:42 . 2012-12-14 01:42 483840 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-12-14 01:42 . 2012-12-14 01:42 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-12-14 01:42 . 2012-12-14 01:42 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-12-14 01:42 . 2012-12-14 01:42 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-12-14 01:42 . 2012-12-14 01:42 754652 ----a-w- c:\windows\system32\igcodeckrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42 598384 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-12-14 01:42 . 2012-12-14 01:42 459264 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-12-14 01:42 . 2012-12-14 01:42 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-12-14 01:42 . 2012-12-14 01:42 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-12-14 01:42 . 2012-12-14 01:42 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-12-14 01:42 . 2012-12-14 01:42 5353888 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-12-14 01:42 . 2012-12-14 01:42 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-12-14 01:42 . 2012-12-14 01:42 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-12-14 01:42 . 2012-12-14 01:42 185968 ----a-w- c:\windows\system32\difx64.exe
2012-12-14 01:42 . 2012-12-14 01:42 11633152 ----a-w- c:\windows\system32\ig7icd64.dll
2012-12-14 01:42 . 2012-12-14 01:42 8621056 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-12-14 01:42 . 2012-12-14 01:42 518656 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-12-14 01:42 . 2012-12-14 01:42 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-12-14 01:42 . 2012-12-14 01:42 27457536 ----a-w- c:\windows\system32\igdfcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42 116224 ----a-w- c:\windows\system32\igfxCoIn_v2932.dll
2012-12-14 01:42 . 2012-12-14 01:42 442880 ----a-w- c:\windows\system32\igfxdev.dll
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-12-14 01:42 . 2012-12-14 01:42 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-12-14 01:42 . 2012-12-14 01:42 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-12-14 01:42 . 2012-12-14 01:42 441968 ----a-w- c:\windows\system32\igfxpers.exe
2012-12-14 01:42 . 2012-12-14 01:42 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-12-14 01:42 . 2012-12-14 01:42 410112 ----a-w- c:\windows\system32\igfxTMM.dll
2012-12-14 01:42 . 2012-12-14 01:42 3581440 ----a-w- c:\windows\system32\igdbcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42 172144 ----a-w- c:\windows\system32\igfxtray.exe
2012-12-14 01:42 . 2012-12-14 01:42 5906032 ----a-w- c:\windows\system32\GfxUI.exe
2012-12-14 01:42 . 2012-12-14 01:42 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-12-14 01:42 . 2012-12-14 01:42 3511296 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-12-14 01:42 . 2012-12-14 01:42 2898944 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-12-14 01:42 . 2012-12-14 01:42 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-12-14 01:42 . 2012-12-14 01:42 175104 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-12-14 01:42 . 2012-12-14 01:42 399984 ----a-w- c:\windows\system32\hkcmd.exe
2012-12-14 01:42 . 2012-12-14 01:42 277616 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-12-14 01:42 . 2012-12-14 01:42 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-12-13 15:24 . 2012-12-13 15:24 342528 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-12-13 15:24 . 2012-12-13 15:24 16896 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-11-30 04:45 . 2013-02-05 15:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-10 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-07 385248]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-04 27800]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-02-04 15936]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-02-07 400608]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-07 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-07 565472]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-12-14 682344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-12-13 342528]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-02-12 34752]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 22:29]
.
2013-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2013-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-07 18:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-10 01:29; battlefieldplay4free@ea.com; c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
SafeBoot-78041831.sys
AddRemove-ASRock InstantBoot_is1 - c:\program files (x86)\ASRock Utility\InstantBoot\unins000.exe
AddRemove-PunkBusterSvc - d:\battlefield play 4 free\pbsvc_p4f.exe
AddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - d:\battlefield play 4 free\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\malwarebytes' anti-malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-12 16:30:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-12 15:30
.
Vor Suchlauf: 8.161.193.984 Bytes frei
Nach Suchlauf: 8.540.614.656 Bytes frei
.
- - End Of File - - F308597A29A8A9C2771091F5FC075F45
|
|
12.02.2013, 17:46
| #8 |
| /// TB-Ausbilder | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Gut, kontrollieren wir, ob das ganze Rootkit ausgegraben wurde. Wie läuft der Rechner jetzt? Schritt 1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers. Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
12.02.2013, 18:19
| #9 |
| | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Mein Rechner läuft endlich wieder normal und Avira meldet auch keine Trojaner mehr Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.12.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: GAMING-PC [administrator]
12.02.2013 17:56:34
mbar-log-2013-02-12 (17-56-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28976
Time elapsed: 3 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\U (Backdoor.0Access) -> Delete on reboot.
Files Detected: 3
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{30185aac-7e08-c35f-8bb9-ae8f2055d551}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.12.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: GAMING-PC [administrator]
12.02.2013 18:05:52
mbar-log-2013-02-12 (18-05-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28938
Time elapsed: 3 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter OTL logfile created on: 12.02.2013 18:08:05 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pascal\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,70 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 76,63% Memory free 15,40 Gb Paging File | 13,40 Gb Available in Paging File | 87,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 8,89 Gb Free Space | 11,40% Space Free | Partition Type: NTFS Drive D: | 853,39 Gb Total Space | 805,55 Gb Free Space | 94,39% Space Free | Partition Type: NTFS Computer Name: GAMING-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe PRC - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.02.07 14:03:31 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.26 20:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ========== Modules (No Company Name) ========== MOD - [2013.02.10 23:37:26 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2013.02.08 21:10:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll MOD - [2013.02.08 21:10:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll MOD - [2013.02.08 12:02:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.08 12:02:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.02.08 12:02:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.08 12:02:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.08 12:02:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.08 12:01:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.08 12:01:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.08 12:01:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2013.02.11 23:29:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.07 16:00:55 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.07 14:05:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.07 14:03:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.07 14:03:37 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.02.07 14:03:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.06 17:34:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.12 18:00:20 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.17 19:39:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.07.08 15:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 59 68 34 FF 02 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{B53D59EC-52C9-4e86-B240-F4C3220FAFBC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java2\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.04 19:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions [2013.02.10 01:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions [2013.02.10 01:29:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com [2013.02.07 18:57:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\firefox\profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.06 17:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 17:34:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.12 16:26:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java2\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java2\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DDA3A0-17BC-4F24-A5C0-7CAC9B5427EF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956FAE59-CBA2-402C-AD51-E75D0A27FF5E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 18:07:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe [2013.02.12 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\mbar [2013.02.12 16:27:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.12 16:26:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.12 16:22:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.12 16:22:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.12 16:22:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.12 16:22:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.12 16:22:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.12 16:22:06 | 005,033,736 | R--- | C] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe [2013.02.12 16:05:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.02.12 14:41:23 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe [2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.02.12 00:35:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes [2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 00:35:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.12 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs [2013.02.11 23:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2013.02.11 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0 [2013.02.11 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Gordonsys_2.0 [2013.02.11 20:00:39 | 005,570,048 | ---- | C] (Gordonsys 2.0) -- C:\Users\Pascal\Desktop\Gordonsys 2.0.exe [2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar [2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\B1E [2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Cross Fire [2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.02.10 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PMB Files [2013.02.10 23:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.02.10 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.02.10 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\SCE [2013.02.10 17:23:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\libimobiledevice [2013.02.10 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PunkBuster [2013.02.10 02:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Origin [2013.02.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Origin [2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.02.08 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net [2013.02.07 21:39:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.02.07 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.07 17:49:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps [2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.06 17:40:33 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.02.06 17:40:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.02.06 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.06 17:23:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\TP-LINK [2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK [2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK [2013.02.06 17:18:24 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.02.06 17:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.02.05 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2013.02.05 21:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2013.02.05 21:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2013.02.05 20:38:20 | 000,000,000 | ---D | C] -- C:\Download [2013.02.05 20:38:08 | 000,000,000 | ---D | C] -- C:\Nexon [2013.02.05 20:38:07 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2013.02.05 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LogMeIn Hamachi [2013.02.05 20:09:50 | 000,000,000 | ---D | C] -- C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4} [2013.02.05 19:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3 [2013.02.05 19:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2013.02.05 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Skype [2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.05 17:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.05 17:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.02.05 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.02.05 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\World of Warcraft [2013.02.05 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.05 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\.minecraft [2013.02.05 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.02.05 16:21:06 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe [2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.02.05 16:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.02.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.05 00:04:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.02.05 00:04:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.02.05 00:03:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.02.04 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\GTA San Andreas User Files [2013.02.04 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.04 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Diagnostics [2013.02.04 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Avira [2013.02.04 19:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.04 19:57:53 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.04 19:57:53 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.04 19:57:53 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Apple Computer [2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple Computer [2013.02.04 19:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.04 19:38:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.04 19:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.04 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple [2013.02.04 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.02.04 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.02.04 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Macromedia [2013.02.04 19:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.02.04 19:21:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Mozilla [2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Mozilla [2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\ASRock [2013.02.04 19:04:57 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe [2013.02.04 18:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013.02.04 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop [2013.02.04 18:39:08 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2013.02.04 18:39:08 | 001,491,456 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2013.02.04 18:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2013.02.04 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM [2013.02.04 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.02.04 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.02.04 18:30:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} [2013.02.04 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\DeviceVm [2013.02.04 18:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.02.04 18:30:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso [2013.02.04 18:30:18 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Cyberlink [2013.02.04 18:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.02.04 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2013.02.04 18:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.02.04 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia [2013.02.04 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe [2013.02.04 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.02.04 18:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.02.04 18:27:55 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2013.02.04 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock [2013.02.04 18:27:49 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.02.04 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET [2013.02.04 18:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB [2013.02.04 18:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB [2013.02.04 18:27:37 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys [2013.02.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility [2013.02.04 18:27:34 | 000,017,192 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys [2013.02.04 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [2013.02.04 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility [2013.02.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Intel Corporation [2013.02.04 18:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.02.04 18:25:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.02.04 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.02.04 18:23:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.02.04 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield [2013.02.04 18:22:14 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.04 18:21:43 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.04 18:21:43 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.04 18:21:43 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.04 18:21:43 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.04 18:21:43 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.04 18:21:42 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.04 18:21:42 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.04 18:21:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.04 18:21:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.04 18:21:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.04 18:21:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.04 18:21:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.02.04 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.04 18:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.04 18:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.02.04 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013.02.04 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013.02.04 18:19:44 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.04 18:19:43 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.04 18:14:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.02.04 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.02.04 18:14:30 | 000,000,000 | ---D | C] -- C:\Intel [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.04 18:12:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities [2013.02.04 18:12:15 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts [2013.02.04 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore [2013.02.04 18:12:06 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Videos [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Musik [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten [2013.02.04 18:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.02.04 18:12:02 | 000,000,000 | ---D | C] -- C:\Recovery [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.12 18:08:06 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 18:08:06 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 18:06:01 | 001,618,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.12 18:06:01 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.12 18:06:01 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.12 18:06:01 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.12 18:06:01 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.12 18:00:36 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.02.12 18:00:27 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.12 18:00:20 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.12 18:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.12 18:00:13 | 1905,799,167 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.12 16:26:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.12 16:12:42 | 005,033,736 | R--- | M] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe [2013.02.12 15:58:20 | 000,587,671 | ---- | M] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe [2013.02.12 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.12 14:41:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe [2013.02.12 01:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable [2013.02.12 01:19:30 | 000,365,568 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe [2013.02.12 00:35:15 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 18:56:45 | 000,000,256 | ---- | M] () -- C:\aim [2013.02.10 23:58:34 | 000,000,708 | ---- | M] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk [2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 01:09:11 | 000,000,524 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.02.09 01:07:02 | 000,007,605 | ---- | M] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg [2013.02.08 11:54:39 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.08 11:39:08 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.07 16:24:06 | 000,000,202 | ---- | M] () -- C:\Users\Pascal\Desktop\Arctic Combat.url [2013.02.07 15:58:34 | 000,000,538 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.06 17:22:42 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2013.02.06 17:18:20 | 000,000,527 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.05 21:28:22 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2013.02.05 20:38:08 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2013.02.05 20:38:07 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2013.02.05 19:12:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.02.05 17:39:56 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 17:30:23 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.02.05 16:20:58 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe [2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.02.04 19:57:54 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.04 19:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.04 19:54:09 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.04 19:54:08 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.04 19:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.04 19:38:35 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.04 19:16:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.04 18:29:11 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2013.02.04 18:27:55 | 000,000,003 | ---- | M] () -- C:\Users\Pascal\AppData\Local\user_data.ini [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.02.04 18:27:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.04 18:24:02 | 000,018,330 | ---- | M] () -- C:\Windows\SysNative\results.xml [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.12 16:22:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.12 16:22:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.12 16:22:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.12 16:22:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.12 16:22:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.12 15:59:40 | 000,587,671 | ---- | C] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe [2013.02.12 01:58:24 | 000,365,568 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe [2013.02.12 01:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable [2013.02.12 00:35:15 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 00:11:12 | 000,000,256 | ---- | C] () -- C:\aim [2013.02.10 23:58:34 | 000,000,708 | ---- | C] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk [2013.02.10 02:25:34 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 02:16:22 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 02:16:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 01:09:11 | 000,000,524 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.02.09 01:07:02 | 000,007,605 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg [2013.02.07 19:14:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.07 16:24:06 | 000,000,202 | ---- | C] () -- C:\Users\Pascal\Desktop\Arctic Combat.url [2013.02.07 15:58:34 | 000,000,538 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.06 17:40:50 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.02.06 17:40:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.02.06 17:40:19 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.02.06 17:22:42 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2013.02.05 21:55:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.05 21:41:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.05 21:28:22 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2013.02.05 20:38:08 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2013.02.05 20:26:51 | 000,000,527 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.05 19:12:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.02.05 17:39:56 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 17:30:23 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.02.05 17:05:48 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.05 00:08:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.05 00:08:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.05 00:04:08 | 1905,799,167 | -HS- | C] () -- C:\hiberfil.sys [2013.02.04 19:57:54 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.04 19:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.04 19:38:35 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.04 19:38:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.04 19:21:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 19:16:38 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.04 19:16:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.04 18:39:08 | 000,137,691 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2013.02.04 18:39:08 | 000,007,756 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2013.02.04 18:30:36 | 000,001,404 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk [2013.02.04 18:29:12 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini [2013.02.04 18:29:12 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini [2013.02.04 18:29:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2013.02.04 18:29:11 | 000,246,784 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2013.02.04 18:29:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.02.04 18:29:11 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2013.02.04 18:29:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.02.04 18:29:11 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2013.02.04 18:28:50 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk [2013.02.04 18:27:55 | 000,000,003 | ---- | C] () -- C:\Users\Pascal\AppData\Local\user_data.ini [2013.02.04 18:27:20 | 000,034,752 | ---- | C] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.04 18:27:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.04 18:25:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.04 18:25:49 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.04 18:25:38 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.02.04 18:24:02 | 000,018,330 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013.02.04 18:22:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013.02.04 18:21:43 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.02.04 18:21:42 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.04 18:19:44 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2013.02.04 18:19:44 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2013.02.04 18:19:44 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2013.02.04 18:19:43 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin [2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin [2013.02.04 18:19:43 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2013.02.04 18:19:43 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2013.02.04 18:19:43 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2013.02.04 18:19:43 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2013.02.04 18:12:29 | 000,001,409 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.04 18:12:26 | 000,001,443 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.09 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft [2013.02.11 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar [2013.02.04 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeviceVm [2013.02.12 00:53:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0 [2013.02.10 01:12:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin [2013.02.06 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TP-LINK [2013.02.08 20:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net ========== Purity Check ========== < End of report > Ich habe jetzt noch 3 Fragen: 1. Ist mein PC damit jetzt bereinigt und wir sind durch mit der ganzen Sache? Wenn ja bedanke ich mich unendlich bei euch für den schnellen Support und die großartige Hilfe, Ich werde euch auf jeden Fall überall weiter empfehlen! 2. Ich habe jetzt Avira deinstalliert und mir Avast gedownloadet da ich gehört habe das es viel besser sein soll. Könnt ihr mir vielleicht das aus eurer Sicht beste Antiviren Programm oder eine gute Kombi empfehlen? 3. Kann ich jetzt die ganzen Programme wie adwcleaner,gmer,Malwarebytes,Combofix,tdsskiller,OTL,mbar wieder deinstallieren oder sollte ich sie behalten? Gruß Elmox |
|
12.02.2013, 21:47
| #10 | |
| /// TB-Ausbilder | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Hey, Zitat:
Machen wir morgen hier weiter, lass bis dann bitte noch alles, wie es ist. Wir räumen dann am Schluss auf.
__________________ cheers, Leo |
|
12.02.2013, 22:09
| #11 |
| | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Alles klar Ich habe gerade einen kompletten Systemcheck mit Avast gemacht und es wurden die von TDSSKiller in Quarantäne verschobenen Dateien gefunden. Ich habe dann gesagt das Avast diese alle löschen soll, ist das schlimm? |
|
12.02.2013, 22:14
| #12 |
| /// TB-Ausbilder | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Nein, das ist nicht schlimm, war ja nur die Quarantäne. Du brauchst sonst noch nichts zu löschen oder so, wir räumen morgen zum Schluss alles auf, wenn die Bereinigung durch ist.
__________________ cheers, Leo |
|
12.02.2013, 22:29
| #13 |
| | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Ok, dann ist ja gut Morgen werde ich so ab 16 Uhr zu Hause sein. |
|
13.02.2013, 11:42
| #14 |
| /// TB-Ausbilder | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) Ok, dann machen wir so noch weiter: Schritt 1 Öffne bitte den erstellten Ordner von Malwarebytes Anti-Rootkit. Starte die fixdamage.exe und beantworte die Frage mit Yes. Wenn das Tool fertig ist, starte den Rechner neu auf. Schritt 2
Code:
ATTFilter :OTL
[2013.02.11 23:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
:commands
[emptytemp]
Schritt 3
Schritt 4 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 5 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
13.02.2013, 15:16
| #15 |
| | W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)Code:
ATTFilter OTL logfile created on: 13.02.2013 15:02:12 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pascal\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,70 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 76,66% Memory free 15,40 Gb Paging File | 13,63 Gb Available in Paging File | 88,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,03 Gb Total Space | 8,52 Gb Free Space | 10,92% Space Free | Partition Type: NTFS Drive D: | 853,39 Gb Total Space | 805,27 Gb Free Space | 94,36% Space Free | Partition Type: NTFS Computer Name: GAMING-PC | User Name: Pascal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe PRC - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.05.30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.26 20:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ========== Modules (No Company Name) ========== MOD - [2013.02.12 19:41:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.12 19:41:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.08 21:10:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll MOD - [2013.02.08 21:10:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll MOD - [2013.02.08 12:02:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.08 12:02:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.08 12:02:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.08 12:02:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.02.08 12:01:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.02.08 12:01:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.08 12:01:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2013.02.11 23:29:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.07 16:00:55 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.06 17:34:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2012.02.28 17:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.28 17:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.21 12:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.21 12:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.13 14:06:21 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.08.17 19:39:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.07.08 15:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 59 68 34 FF 02 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{B53D59EC-52C9-4e86-B240-F4C3220FAFBC}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java2\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.12 20:27:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 17:34:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.04 19:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions [2013.02.10 01:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions [2013.02.10 01:29:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\d6mqz1u7.default\extensions\battlefieldplay4free@ea.com [2013.02.07 18:57:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\firefox\profiles\d6mqz1u7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.06 17:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.12 20:27:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.02.06 17:34:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.12 16:26:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java2\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java2\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DDA3A0-17BC-4F24-A5C0-7CAC9B5427EF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956FAE59-CBA2-402C-AD51-E75D0A27FF5E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.02.13 14:12:49 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Pascal\Desktop\esetsmartinstaller_enu.exe [2013.02.13 14:05:15 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.12 22:34:19 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2013.02.12 22:34:14 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2013.02.12 22:34:14 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2013.02.12 22:34:13 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys [2013.02.12 22:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2013.02.12 21:12:52 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0 [2013.02.12 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Google [2013.02.12 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.12 20:27:25 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.02.12 20:27:24 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.02.12 20:27:24 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.02.12 20:27:24 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.02.12 20:27:23 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.02.12 20:27:22 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.02.12 20:27:22 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.02.12 20:27:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013.02.12 20:27:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.02.12 20:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.02.12 20:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.02.12 18:07:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe [2013.02.12 17:50:48 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\mbar [2013.02.12 16:27:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.12 16:26:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.12 16:22:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.12 16:22:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.12 16:22:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.12 16:22:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.12 16:22:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.12 16:22:06 | 005,033,736 | R--- | C] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe [2013.02.12 16:05:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.02.12 14:41:23 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe [2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.02.12 02:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.02.12 00:35:21 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes [2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 00:35:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.12 00:34:41 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Programs [2013.02.11 20:06:12 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Gordonsys_2.0 [2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar [2013.02.11 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\B1E [2013.02.10 23:58:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\Cross Fire [2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.02.10 23:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.02.10 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.02.10 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\SCE [2013.02.10 17:23:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\libimobiledevice [2013.02.10 02:25:10 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\PunkBuster [2013.02.10 02:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.02.10 01:11:09 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Origin [2013.02.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Origin [2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.02.10 01:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.02.08 20:22:57 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net [2013.02.07 21:39:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.02.07 21:38:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.07 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.07 17:49:45 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\CrashDumps [2013.02.07 16:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.07 15:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.06 17:40:33 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.02.06 17:40:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.02.06 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.06 17:23:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\TP-LINK [2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK [2013.02.06 17:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK [2013.02.06 17:18:24 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.02.06 17:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.02.05 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2013.02.05 21:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2013.02.05 21:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2013.02.05 20:38:20 | 000,000,000 | ---D | C] -- C:\Download [2013.02.05 20:38:08 | 000,000,000 | ---D | C] -- C:\Nexon [2013.02.05 20:38:07 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2013.02.05 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\LogMeIn Hamachi [2013.02.05 20:09:50 | 000,000,000 | ---D | C] -- C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4} [2013.02.05 19:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3 [2013.02.05 19:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2013.02.05 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Skype [2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.05 17:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.05 17:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.05 17:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.02.05 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.02.05 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\World of Warcraft [2013.02.05 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.05 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\.minecraft [2013.02.05 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.02.05 16:21:06 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe [2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.02.05 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.02.05 16:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.02.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.05 00:04:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.02.05 00:04:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.02.05 00:03:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.02.04 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Documents\GTA San Andreas User Files [2013.02.04 20:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\WinRAR [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.04 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.02.04 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Diagnostics [2013.02.04 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Apple Computer [2013.02.04 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple Computer [2013.02.04 19:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.04 19:38:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.04 19:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.02.04 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.04 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Apple [2013.02.04 19:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.02.04 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.02.04 19:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.02.04 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Macromedia [2013.02.04 19:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.02.04 19:21:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Mozilla [2013.02.04 19:16:42 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Mozilla [2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.04 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Pascal\Desktop\ASRock [2013.02.04 19:04:57 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.04 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Adobe [2013.02.04 18:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013.02.04 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop [2013.02.04 18:39:08 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2013.02.04 18:39:08 | 001,491,456 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2013.02.04 18:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2013.02.04 18:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM [2013.02.04 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.02.04 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.02.04 18:30:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} [2013.02.04 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\DeviceVm [2013.02.04 18:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.02.04 18:30:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso [2013.02.04 18:30:18 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Cyberlink [2013.02.04 18:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.02.04 18:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2013.02.04 18:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.02.04 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Macromedia [2013.02.04 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Adobe [2013.02.04 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.02.04 18:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.02.04 18:27:55 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2013.02.04 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock [2013.02.04 18:27:49 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.02.04 18:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET [2013.02.04 18:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB [2013.02.04 18:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB [2013.02.04 18:27:37 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys [2013.02.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility [2013.02.04 18:27:34 | 000,017,192 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys [2013.02.04 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [2013.02.04 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility [2013.02.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Intel Corporation [2013.02.04 18:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.02.04 18:25:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.02.04 18:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.02.04 18:23:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.02.04 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\InstallShield [2013.02.04 18:22:14 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.04 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.04 18:21:43 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.04 18:21:43 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.04 18:21:43 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.04 18:21:43 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.04 18:21:43 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.04 18:21:42 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.04 18:21:42 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.04 18:21:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.04 18:21:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.04 18:21:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.04 18:21:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.04 18:21:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.04 18:21:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.02.04 18:21:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.02.04 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.04 18:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.04 18:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.02.04 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013.02.04 18:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013.02.04 18:19:44 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.02.04 18:19:43 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.02.04 18:14:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.02.04 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.02.04 18:14:30 | 000,000,000 | ---D | C] -- C:\Intel [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Searches [2013.02.04 18:12:25 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.04 18:12:17 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Identities [2013.02.04 18:12:15 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Contacts [2013.02.04 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\VirtualStore [2013.02.04 18:12:06 | 000,000,000 | --SD | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Videos [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Saved Games [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Pictures [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Music [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Links [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Favorites [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Downloads [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Documents [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\Desktop [2013.02.04 18:12:06 | 000,000,000 | R--D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Vorlagen [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Verlauf [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Temporary Internet Files [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Startmenü [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\SendTo [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Recent [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Netzwerkumgebung [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Lokale Einstellungen [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Videos [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Musik [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Eigene Dateien [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Documents\Eigene Bilder [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Druckumgebung [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Cookies [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\AppData\Local\Anwendungsdaten [2013.02.04 18:12:06 | 000,000,000 | -HSD | C] -- C:\Users\Pascal\Anwendungsdaten [2013.02.04 18:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Pascal\AppData [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Temp [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Local\Microsoft [2013.02.04 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Media Center Programs [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.04 18:12:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.02.04 18:12:02 | 000,000,000 | ---D | C] -- C:\Recovery ========== Files - Modified Within 30 Days ========== [2013.02.13 14:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.13 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.13 14:13:32 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 14:13:32 | 000,027,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 14:11:32 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Pascal\Desktop\esetsmartinstaller_enu.exe [2013.02.13 14:11:17 | 001,618,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.13 14:11:17 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.13 14:11:17 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.13 14:11:17 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.13 14:11:17 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.13 14:06:26 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.02.13 14:06:22 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.13 14:06:21 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.13 14:06:09 | 1905,799,167 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 22:34:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.02.12 22:33:05 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013.02.12 19:39:50 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.12 16:26:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.12 16:12:42 | 005,033,736 | R--- | M] (Swearware) -- C:\Users\Pascal\Desktop\ComboFix.exe [2013.02.12 15:58:20 | 000,587,671 | ---- | M] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe [2013.02.12 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.12 14:41:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pascal\Desktop\tdsskiller.exe [2013.02.12 01:34:06 | 000,000,000 | ---- | M] () -- C:\Users\Pascal\defogger_reenable [2013.02.12 01:19:30 | 000,365,568 | ---- | M] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe [2013.02.12 01:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Desktop\OTL.exe [2013.02.12 00:35:15 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 23:58:34 | 000,000,708 | ---- | M] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk [2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 02:25:34 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 02:16:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 01:09:11 | 000,000,524 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.02.09 01:07:02 | 000,007,605 | ---- | M] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg [2013.02.08 11:54:39 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.07 16:24:06 | 000,000,202 | ---- | M] () -- C:\Users\Pascal\Desktop\Arctic Combat.url [2013.02.07 15:58:34 | 000,000,538 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.06 17:22:42 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2013.02.06 17:18:20 | 000,000,527 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.05 21:47:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.05 21:28:22 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2013.02.05 20:38:08 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2013.02.05 20:38:07 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2013.02.05 19:12:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.02.05 17:39:56 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 17:30:23 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.02.05 16:20:58 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Pascal\Desktop\Minecraft SP.exe [2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.05 00:08:18 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.02.04 19:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.04 19:38:35 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.04 19:16:38 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.04 18:29:11 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2013.02.04 18:27:55 | 000,000,003 | ---- | M] () -- C:\Users\Pascal\AppData\Local\user_data.ini [2013.02.04 18:27:49 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.02.04 18:27:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.04 18:24:02 | 000,018,330 | ---- | M] () -- C:\Windows\SysNative\results.xml ========== Files Created - No Company Name ========== [2013.02.12 22:33:05 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013.02.12 20:27:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.02.12 16:22:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.12 16:22:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.12 16:22:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.12 16:22:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.12 16:22:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.12 15:59:40 | 000,587,671 | ---- | C] () -- C:\Users\Pascal\Desktop\adwcleaner0.exe [2013.02.12 01:58:24 | 000,365,568 | ---- | C] () -- C:\Users\Pascal\Desktop\gmer_2.0.18454.exe [2013.02.12 01:34:06 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\defogger_reenable [2013.02.12 00:35:15 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 23:58:34 | 000,000,708 | ---- | C] () -- C:\Users\Pascal\Desktop\Crossfire Europe.lnk [2013.02.10 02:25:34 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.10 02:16:22 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.10 02:16:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.10 01:09:11 | 000,000,524 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.02.09 01:07:02 | 000,007,605 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Resmon.ResmonCfg [2013.02.07 19:14:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.07 16:24:06 | 000,000,202 | ---- | C] () -- C:\Users\Pascal\Desktop\Arctic Combat.url [2013.02.07 15:58:34 | 000,000,538 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.02.06 17:40:50 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.02.06 17:40:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.02.06 17:40:24 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.02.06 17:40:19 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.02.06 17:22:42 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk [2013.02.05 21:55:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.05 21:47:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.05 21:41:24 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.05 21:28:22 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2013.02.05 20:38:08 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2013.02.05 20:26:51 | 000,000,527 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.05 19:12:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk [2013.02.05 17:39:56 | 000,002,475 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 17:30:23 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.02.05 17:05:48 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.05 00:08:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.05 00:08:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.05 00:04:08 | 1905,799,167 | -HS- | C] () -- C:\hiberfil.sys [2013.02.04 19:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.04 19:38:35 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.04 19:38:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.04 19:21:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 19:16:38 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.04 19:16:38 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.04 18:39:08 | 000,137,691 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2013.02.04 18:39:08 | 000,007,756 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2013.02.04 18:30:36 | 000,001,404 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk [2013.02.04 18:29:12 | 000,007,195 | ---- | C] () -- C:\Windows\SysNative\THXCfgUninstall64.ini [2013.02.04 18:29:12 | 000,006,925 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini [2013.02.04 18:29:12 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2013.02.04 18:29:12 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2013.02.04 18:29:11 | 000,246,784 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2013.02.04 18:29:11 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.02.04 18:29:11 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2013.02.04 18:29:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.02.04 18:29:11 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2013.02.04 18:28:50 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk [2013.02.04 18:27:55 | 000,000,003 | ---- | C] () -- C:\Users\Pascal\AppData\Local\user_data.ini [2013.02.04 18:27:20 | 000,034,752 | ---- | C] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.02.04 18:27:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.02.04 18:25:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.02.04 18:25:49 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.04 18:25:38 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.02.04 18:24:02 | 000,018,330 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013.02.04 18:22:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013.02.04 18:21:43 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.02.04 18:21:42 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.04 18:19:44 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2013.02.04 18:19:44 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2013.02.04 18:19:44 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2013.02.04 18:19:43 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.02.04 18:19:43 | 000,755,572 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin [2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.02.04 18:19:43 | 000,559,972 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin [2013.02.04 18:19:43 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2013.02.04 18:19:43 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2013.02.04 18:19:43 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2013.02.04 18:19:43 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2013.02.04 18:12:29 | 000,001,409 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.04 18:12:26 | 000,001,443 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.09 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft [2013.02.11 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\B1Toolbar [2013.02.04 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DeviceVm [2013.02.12 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0 [2013.02.10 01:12:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin [2013.02.06 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TP-LINK [2013.02.08 20:22:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Wargaming.net ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Pascal :: GAMING-PC [Administrator] Schutz: Aktiviert 13.02.2013 14:09:23 mbam-log-2013-02-13 (14-09-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213256 Laufzeit: 1 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Users\Pascal\AppData\Roaming\Gordonsys 2.0\5hyN5qTuA0.dll a variant of Win32/Packed.VMProtect.AAN trojan
|
|
| Themen zu W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira) |
| avira, beseitigen, c:\windows, c:\windows\system32\services.exe, eingefangen, gefangen, gefunde, gen, hoffe, schei, services.exe, system, system32, titel, troja, trojaner-board, virus, virus.win64.zaccess.a, w32/patched.uc, windows, ähnliches |
Textbox.
Linear-Darstellung
