html/iframe.b.gen virus BKA trojaner

maumina · 10.06.2012, 09:10

Guten Morgen, ich habe ESET online Scanner ausgeführt und gesehen das ich folgenden Virus habe
html/iframe.b.gen virus
So wie ich das gelesen habe, soll das ein BKA trojaner sein. Ich wollte daher fragen wie kann ich den Entfernen? Ich habe Avast und der erkennt das nicht so wie mailwarebytes.

Win 7, 32 bit

Und die andere frage ist, wie bekommt man so einen Virus Oo

kira · 10.06.2012, 09:43

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
mit Malwarebytes Anti-Malware hast Du einen "Vollscan" gemacht?

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

maumina · 10.06.2012, 09:49

Hallo und danke für die Schnelle antwort. Zu 1, nein kein vollständiger nur einmal Quik und Flash scan. Dabei wurden pup.funmoods gefunden.

Zu dem hatte ich den TDSkiller benuzt und dort auch was gefunden. Seid dem ich die Viruse gefunden habe, läuft mein internet sehr langsam und der pc im allgemeinen.

Code:

ATTFilter

============================================
10:38:50.0688 5148	Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0x950B86, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000050
10:38:50.0688 5148	============================================================
10:38:50.0688 5148	\Device\Harddisk0\DR0:
10:38:50.0688 5148	MBR partitions:
10:38:50.0688 5148	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29E80800
10:38:50.0688 5148	============================================================
10:38:50.0719 5148	C: <-> \Device\Harddisk0\DR0\Partition0
10:38:50.0719 5148	============================================================
10:38:50.0719 5148	Initialize success
10:38:50.0719 5148	============================================================
10:38:55.0914 4368	============================================================
10:38:55.0914 4368	Scan started
10:38:55.0914 4368	Mode: Manual; SigCheck; TDLFS; 
10:38:55.0914 4368	============================================================
10:38:57.0240 4368	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:38:57.0349 4368	1394ohci - ok
10:38:57.0427 4368	27883791        (58169ffb207940d4d84b4e85db02cc1e) C:\Windows\system32\drivers\36901465.sys
10:38:57.0474 4368	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:38:57.0490 4368	ACPI - ok
10:38:57.0505 4368	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:38:57.0583 4368	AcpiPmi - ok
10:38:57.0646 4368	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:38:57.0661 4368	AdobeFlashPlayerUpdateSvc - ok
10:38:57.0708 4368	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
10:38:57.0739 4368	adp94xx - ok
10:38:57.0755 4368	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
10:38:57.0771 4368	adpahci - ok
10:38:57.0786 4368	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
10:38:57.0802 4368	adpu320 - ok
10:38:57.0817 4368	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:38:57.0927 4368	AeLookupSvc - ok
10:38:57.0989 4368	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:38:58.0051 4368	AFD - ok
10:38:58.0067 4368	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:38:58.0083 4368	agp440 - ok
10:38:58.0098 4368	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
10:38:58.0114 4368	aic78xx - ok
10:38:58.0161 4368	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:38:58.0207 4368	ALG - ok
10:38:58.0239 4368	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:38:58.0254 4368	aliide - ok
10:38:58.0301 4368	AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
10:38:58.0363 4368	AMD External Events Utility - ok
10:38:58.0379 4368	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:38:58.0395 4368	amdagp - ok
10:38:58.0426 4368	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:38:58.0441 4368	amdide - ok
10:38:58.0473 4368	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
10:38:58.0504 4368	AmdK8 - ok
10:38:58.0519 4368	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
10:38:58.0551 4368	AmdPPM - ok
10:38:58.0582 4368	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:38:58.0597 4368	amdsata - ok
10:38:58.0613 4368	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
10:38:58.0629 4368	amdsbs - ok
10:38:58.0644 4368	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:38:58.0644 4368	amdxata - ok
10:38:58.0675 4368	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:38:58.0722 4368	AppID - ok
10:38:58.0753 4368	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:38:58.0785 4368	AppIDSvc - ok
10:38:58.0816 4368	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:38:58.0847 4368	Appinfo - ok
10:38:58.0878 4368	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:38:58.0909 4368	AppMgmt - ok
10:38:58.0941 4368	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
10:38:58.0956 4368	arc - ok
10:38:58.0956 4368	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
10:38:58.0972 4368	arcsas - ok
10:38:59.0019 4368	AsIO            (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
10:38:59.0050 4368	AsIO - ok
10:38:59.0081 4368	AsUpIO          (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
10:38:59.0097 4368	AsUpIO - ok
10:38:59.0190 4368	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
10:38:59.0206 4368	aswFsBlk - ok
10:38:59.0331 4368	aswFW           (80beddcbb4a1417cec0c78a61cac0f66) C:\Windows\system32\drivers\aswFW.sys
10:38:59.0346 4368	aswFW - ok
10:38:59.0533 4368	aswKbd          (81e695913fefd4e23360a69c0f151797) C:\Windows\system32\drivers\aswKbd.sys
10:38:59.0549 4368	aswKbd - ok
10:38:59.0611 4368	aswMonFlt       (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
10:38:59.0627 4368	aswMonFlt - ok
10:38:59.0689 4368	aswNdis         (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
10:38:59.0705 4368	aswNdis - ok
10:38:59.0736 4368	aswNdis2        (72c8f79d72b4ff6e1627276ddf4b01c9) C:\Windows\system32\drivers\aswNdis2.sys
10:38:59.0752 4368	aswNdis2 - ok
10:38:59.0767 4368	aswRdr          (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
10:38:59.0783 4368	aswRdr - ok
10:38:59.0814 4368	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
10:38:59.0830 4368	aswSnx - ok
10:38:59.0845 4368	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
10:38:59.0861 4368	aswSP - ok
10:38:59.0861 4368	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
10:38:59.0877 4368	aswTdi - ok
10:38:59.0908 4368	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:39:00.0017 4368	AsyncMac - ok
10:39:00.0064 4368	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:39:00.0079 4368	atapi - ok
10:39:00.0095 4368	athr - ok
10:39:00.0313 4368	atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
10:39:00.0454 4368	atikmdag - ok
10:39:00.0547 4368	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:39:00.0610 4368	AudioEndpointBuilder - ok
10:39:00.0610 4368	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:39:00.0641 4368	Audiosrv - ok
10:39:00.0688 4368	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:39:00.0703 4368	avast! Antivirus - ok
10:39:00.0719 4368	avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
10:39:00.0735 4368	avast! Firewall - ok
10:39:00.0781 4368	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:39:00.0844 4368	AxInstSV - ok
10:39:00.0906 4368	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
10:39:00.0953 4368	b06bdrv - ok
10:39:01.0000 4368	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:39:01.0031 4368	b57nd60x - ok
10:39:01.0062 4368	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:39:01.0109 4368	BDESVC - ok
10:39:01.0140 4368	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:39:01.0187 4368	Beep - ok
10:39:01.0234 4368	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:39:01.0296 4368	BFE - ok
10:39:01.0343 4368	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:39:01.0390 4368	BITS - ok
10:39:01.0421 4368	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:39:01.0437 4368	blbdrive - ok
10:39:01.0468 4368	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:39:01.0515 4368	bowser - ok
10:39:01.0530 4368	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
10:39:01.0561 4368	BrFiltLo - ok
10:39:01.0577 4368	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
10:39:01.0624 4368	BrFiltUp - ok
10:39:01.0671 4368	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:39:01.0702 4368	Browser - ok
10:39:01.0733 4368	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:39:01.0780 4368	Brserid - ok
10:39:01.0795 4368	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:39:01.0827 4368	BrSerWdm - ok
10:39:01.0842 4368	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:39:01.0873 4368	BrUsbMdm - ok
10:39:01.0889 4368	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:39:01.0920 4368	BrUsbSer - ok
10:39:01.0951 4368	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
10:39:01.0983 4368	BTHMODEM - ok
10:39:02.0029 4368	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:39:02.0061 4368	bthserv - ok
10:39:02.0092 4368	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:39:02.0123 4368	cdfs - ok
10:39:02.0201 4368	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:39:02.0232 4368	cdrom - ok
10:39:02.0279 4368	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:39:02.0326 4368	CertPropSvc - ok
10:39:02.0357 4368	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
10:39:02.0373 4368	circlass - ok
10:39:02.0404 4368	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:39:02.0419 4368	CLFS - ok
10:39:02.0497 4368	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:39:02.0513 4368	clr_optimization_v2.0.50727_32 - ok
10:39:02.0560 4368	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:39:02.0575 4368	clr_optimization_v4.0.30319_32 - ok
10:39:02.0591 4368	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
10:39:02.0622 4368	CmBatt - ok
10:39:02.0638 4368	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:39:02.0653 4368	cmdide - ok
10:39:02.0685 4368	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:39:02.0716 4368	CNG - ok
10:39:02.0747 4368	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
10:39:02.0747 4368	Compbatt - ok
10:39:02.0794 4368	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:39:02.0825 4368	CompositeBus - ok
10:39:02.0841 4368	COMSysApp - ok
10:39:02.0856 4368	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
10:39:02.0872 4368	crcdisk - ok
10:39:02.0903 4368	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
10:39:02.0934 4368	CryptSvc - ok
10:39:02.0965 4368	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:39:03.0012 4368	CSC - ok
10:39:03.0043 4368	CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:39:03.0075 4368	CscService - ok
10:39:03.0121 4368	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:39:03.0168 4368	DcomLaunch - ok
10:39:03.0199 4368	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:39:03.0262 4368	defragsvc - ok
10:39:03.0324 4368	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:39:03.0355 4368	DfsC - ok
10:39:03.0387 4368	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:39:03.0433 4368	Dhcp - ok
10:39:03.0449 4368	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:39:03.0496 4368	discache - ok
10:39:03.0527 4368	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
10:39:03.0527 4368	Disk - ok
10:39:03.0543 4368	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
10:39:03.0605 4368	dmvsc - ok
10:39:03.0636 4368	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:39:03.0683 4368	Dnscache - ok
10:39:03.0714 4368	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:39:03.0777 4368	dot3svc - ok
10:39:03.0808 4368	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:39:03.0855 4368	DPS - ok
10:39:03.0886 4368	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:39:03.0917 4368	drmkaud - ok
10:39:03.0964 4368	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:39:03.0979 4368	dtsoftbus01 - ok
10:39:04.0011 4368	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:39:04.0042 4368	DXGKrnl - ok
10:39:04.0057 4368	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:39:04.0104 4368	EapHost - ok
10:39:04.0213 4368	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
10:39:04.0323 4368	ebdrv - ok
10:39:04.0401 4368	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:39:04.0447 4368	EFS - ok
10:39:04.0510 4368	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:39:04.0557 4368	ehRecvr - ok
10:39:04.0603 4368	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:39:04.0650 4368	ehSched - ok
10:39:04.0713 4368	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
10:39:04.0744 4368	elxstor - ok
10:39:04.0791 4368	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:39:04.0822 4368	ErrDev - ok
10:39:04.0869 4368	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:39:04.0900 4368	EventSystem - ok
10:39:04.0931 4368	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:39:04.0962 4368	exfat - ok
10:39:04.0978 4368	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:39:05.0009 4368	fastfat - ok
10:39:05.0056 4368	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:39:05.0134 4368	Fax - ok
10:39:05.0149 4368	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
10:39:05.0181 4368	fdc - ok
10:39:05.0212 4368	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:39:05.0259 4368	fdPHost - ok
10:39:05.0274 4368	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:39:05.0305 4368	FDResPub - ok
10:39:05.0321 4368	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:39:05.0337 4368	FileInfo - ok
10:39:05.0352 4368	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:39:05.0383 4368	Filetrace - ok
10:39:05.0399 4368	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
10:39:05.0430 4368	flpydisk - ok
10:39:05.0461 4368	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:39:05.0461 4368	FltMgr - ok
10:39:05.0508 4368	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
10:39:05.0586 4368	FontCache - ok
10:39:05.0664 4368	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:39:05.0680 4368	FontCache3.0.0.0 - ok
10:39:05.0711 4368	frklrqa         (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\sebfferb.sys
10:39:05.0727 4368	frklrqa ( UnsignedFile.Multi.Generic ) - warning
10:39:05.0727 4368	frklrqa - detected UnsignedFile.Multi.Generic (1)
10:39:05.0742 4368	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:39:05.0758 4368	FsDepends - ok
10:39:05.0789 4368	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:39:05.0789 4368	Fs_Rec - ok
10:39:05.0836 4368	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:39:05.0851 4368	fvevol - ok
10:39:05.0883 4368	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
10:39:05.0898 4368	gagp30kx - ok
10:39:05.0945 4368	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:39:05.0992 4368	gpsvc - ok
10:39:06.0039 4368	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
10:39:06.0054 4368	hamachi - ok
10:39:06.0070 4368	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:39:06.0117 4368	hcw85cir - ok
10:39:06.0148 4368	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:39:06.0179 4368	HdAudAddService - ok
10:39:06.0210 4368	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:39:06.0226 4368	HDAudBus - ok
10:39:06.0241 4368	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
10:39:06.0257 4368	HidBatt - ok
10:39:06.0288 4368	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
10:39:06.0319 4368	HidBth - ok
10:39:06.0351 4368	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
10:39:06.0366 4368	HidIr - ok
10:39:06.0397 4368	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:39:06.0429 4368	hidserv - ok
10:39:06.0507 4368	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:39:06.0538 4368	HidUsb - ok
10:39:06.0553 4368	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:39:06.0600 4368	hkmsvc - ok
10:39:06.0616 4368	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:39:06.0678 4368	HomeGroupListener - ok
10:39:06.0694 4368	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:39:06.0741 4368	HomeGroupProvider - ok
10:39:06.0772 4368	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:39:06.0787 4368	HpSAMD - ok
10:39:06.0803 4368	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:39:06.0834 4368	HTTP - ok
10:39:06.0850 4368	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:39:06.0865 4368	hwpolicy - ok
10:39:06.0881 4368	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:39:06.0912 4368	i8042prt - ok
10:39:06.0959 4368	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:39:06.0975 4368	iaStorV - ok
10:39:07.0084 4368	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:39:07.0115 4368	idsvc - ok
10:39:07.0443 4368	igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:39:07.0677 4368	igfx - ok
10:39:07.0801 4368	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
10:39:07.0801 4368	iirsp - ok
10:39:07.0864 4368	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:39:07.0926 4368	IKEEXT - ok
10:39:07.0957 4368	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:39:07.0957 4368	intelide - ok
10:39:07.0989 4368	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:39:08.0020 4368	intelppm - ok
10:39:08.0035 4368	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:39:08.0067 4368	IPBusEnum - ok
10:39:08.0082 4368	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:39:08.0145 4368	IpFilterDriver - ok
10:39:08.0191 4368	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:39:08.0254 4368	iphlpsvc - ok
10:39:08.0269 4368	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:39:08.0285 4368	IPMIDRV - ok
10:39:08.0301 4368	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:39:08.0332 4368	IPNAT - ok
10:39:08.0363 4368	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:39:08.0410 4368	IRENUM - ok
10:39:08.0425 4368	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:39:08.0425 4368	isapnp - ok
10:39:08.0441 4368	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:39:08.0457 4368	iScsiPrt - ok
10:39:08.0488 4368	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:39:08.0488 4368	kbdclass - ok
10:39:08.0519 4368	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:39:08.0550 4368	kbdhid - ok
10:39:08.0581 4368	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:39:08.0613 4368	KeyIso - ok
10:39:08.0613 4368	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:39:08.0628 4368	KSecDD - ok
10:39:08.0644 4368	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:39:08.0659 4368	KSecPkg - ok
10:39:08.0691 4368	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:39:08.0722 4368	KtmRm - ok
10:39:08.0753 4368	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:39:08.0800 4368	LanmanServer - ok
10:39:08.0831 4368	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:39:08.0878 4368	LanmanWorkstation - ok
10:39:08.0925 4368	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:39:08.0971 4368	lltdio - ok
10:39:09.0003 4368	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:39:09.0018 4368	lltdsvc - ok
10:39:09.0034 4368	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:39:09.0081 4368	lmhosts - ok
10:39:09.0112 4368	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
10:39:09.0127 4368	LSI_FC - ok
10:39:09.0159 4368	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
10:39:09.0174 4368	LSI_SAS - ok
10:39:09.0190 4368	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
10:39:09.0190 4368	LSI_SAS2 - ok
10:39:09.0205 4368	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
10:39:09.0221 4368	LSI_SCSI - ok
10:39:09.0252 4368	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:39:09.0299 4368	luafv - ok
10:39:09.0346 4368	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:39:09.0362 4368	MBAMProtector - ok
10:39:09.0440 4368	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:39:09.0471 4368	MBAMService - ok
10:39:09.0502 4368	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:39:09.0518 4368	Mcx2Svc - ok
10:39:09.0549 4368	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
10:39:09.0549 4368	megasas - ok
10:39:09.0596 4368	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
10:39:09.0596 4368	MegaSR - ok
10:39:09.0705 4368	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:39:09.0767 4368	MMCSS - ok
10:39:09.0798 4368	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:39:09.0830 4368	Modem - ok
10:39:09.0876 4368	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:39:09.0923 4368	monitor - ok
10:39:09.0939 4368	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:39:09.0954 4368	mouclass - ok
10:39:10.0017 4368	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:39:10.0048 4368	mouhid - ok
10:39:10.0064 4368	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:39:10.0079 4368	mountmgr - ok
10:39:10.0095 4368	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:39:10.0110 4368	mpio - ok
10:39:10.0126 4368	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:39:10.0142 4368	mpsdrv - ok
10:39:10.0220 4368	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:39:10.0282 4368	MpsSvc - ok
10:39:10.0313 4368	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:39:10.0344 4368	MRxDAV - ok
10:39:10.0376 4368	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:39:10.0407 4368	mrxsmb - ok
10:39:10.0422 4368	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:39:10.0454 4368	mrxsmb10 - ok
10:39:10.0469 4368	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:39:10.0516 4368	mrxsmb20 - ok
10:39:10.0516 4368	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:39:10.0532 4368	msahci - ok
10:39:10.0547 4368	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:39:10.0563 4368	msdsm - ok
10:39:10.0578 4368	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:39:10.0610 4368	MSDTC - ok
10:39:10.0625 4368	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:39:10.0656 4368	Msfs - ok
10:39:10.0672 4368	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:39:10.0703 4368	mshidkmdf - ok
10:39:10.0703 4368	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:39:10.0719 4368	msisadrv - ok
10:39:10.0766 4368	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:39:10.0812 4368	MSiSCSI - ok
10:39:10.0812 4368	msiserver - ok
10:39:10.0844 4368	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:39:10.0875 4368	MSKSSRV - ok
10:39:10.0890 4368	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:39:10.0922 4368	MSPCLOCK - ok
10:39:10.0937 4368	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:39:10.0968 4368	MSPQM - ok
10:39:11.0000 4368	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:39:11.0015 4368	MsRPC - ok
10:39:11.0031 4368	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:39:11.0046 4368	mssmbios - ok
10:39:11.0078 4368	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:39:11.0093 4368	MSTEE - ok
10:39:11.0109 4368	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
10:39:11.0140 4368	MTConfig - ok
10:39:11.0171 4368	MTsensor        (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
10:39:11.0187 4368	MTsensor - ok
10:39:11.0202 4368	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:39:11.0218 4368	Mup - ok
10:39:11.0249 4368	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:39:11.0296 4368	napagent - ok
10:39:11.0343 4368	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:39:11.0390 4368	NativeWifiP - ok
10:39:11.0436 4368	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:39:11.0452 4368	NDIS - ok
10:39:11.0468 4368	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:39:11.0514 4368	NdisCap - ok
10:39:11.0546 4368	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:39:11.0577 4368	NdisTapi - ok
10:39:11.0608 4368	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:39:11.0655 4368	Ndisuio - ok
10:39:11.0686 4368	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:39:11.0733 4368	NdisWan - ok
10:39:11.0748 4368	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:39:11.0780 4368	NDProxy - ok
10:39:11.0795 4368	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:39:11.0842 4368	NetBIOS - ok
10:39:11.0858 4368	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:39:11.0904 4368	NetBT - ok
10:39:11.0936 4368	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:39:11.0951 4368	Netlogon - ok
10:39:11.0982 4368	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:39:12.0029 4368	Netman - ok
10:39:12.0060 4368	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:39:12.0107 4368	netprofm - ok
10:39:12.0185 4368	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:39:12.0201 4368	NetTcpPortSharing - ok
10:39:12.0248 4368	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
10:39:12.0263 4368	nfrd960 - ok
10:39:12.0294 4368	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:39:12.0357 4368	NlaSvc - ok
10:39:12.0372 4368	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:39:12.0404 4368	Npfs - ok
10:39:12.0435 4368	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:39:12.0482 4368	nsi - ok
10:39:12.0482 4368	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:39:12.0497 4368	nsiproxy - ok
10:39:12.0544 4368	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:39:12.0575 4368	Ntfs - ok
10:39:12.0591 4368	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:39:12.0638 4368	Null - ok
10:39:12.0996 4368	nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:39:13.0137 4368	nvlddmkm - ok
10:39:13.0262 4368	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:39:13.0277 4368	nvraid - ok
10:39:13.0308 4368	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:39:13.0324 4368	nvstor - ok
10:39:13.0386 4368	nvsvc           (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
10:39:13.0418 4368	nvsvc - ok
10:39:13.0542 4368	nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:39:13.0620 4368	nvUpdatusService - ok
10:39:13.0714 4368	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:39:13.0730 4368	nv_agp - ok
10:39:13.0745 4368	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:39:13.0776 4368	ohci1394 - ok
10:39:13.0808 4368	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:39:13.0854 4368	p2pimsvc - ok
10:39:13.0886 4368	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:39:13.0932 4368	p2psvc - ok
10:39:13.0964 4368	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:39:13.0979 4368	Parport - ok
10:39:13.0995 4368	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:39:14.0010 4368	partmgr - ok
10:39:14.0026 4368	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:39:14.0042 4368	Parvdm - ok
10:39:14.0057 4368	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:39:14.0088 4368	PcaSvc - ok
10:39:14.0104 4368	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:39:14.0120 4368	pci - ok
10:39:14.0135 4368	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:39:14.0135 4368	pciide - ok
10:39:14.0151 4368	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
10:39:14.0166 4368	pcmcia - ok
10:39:14.0182 4368	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:39:14.0182 4368	pcw - ok
10:39:14.0229 4368	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:39:14.0291 4368	PEAUTH - ok
10:39:14.0338 4368	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:39:14.0416 4368	PeerDistSvc - ok
10:39:14.0478 4368	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:39:14.0556 4368	pla - ok
10:39:14.0634 4368	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:39:14.0697 4368	PlugPlay - ok
10:39:14.0728 4368	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:39:14.0759 4368	PNRPAutoReg - ok
10:39:14.0790 4368	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:39:14.0806 4368	PNRPsvc - ok
10:39:14.0853 4368	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:39:14.0915 4368	PolicyAgent - ok
10:39:14.0946 4368	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:39:15.0009 4368	Power - ok
10:39:15.0056 4368	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:39:15.0102 4368	PptpMiniport - ok
10:39:15.0134 4368	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
10:39:15.0165 4368	Processor - ok
10:39:15.0196 4368	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
10:39:15.0243 4368	ProfSvc - ok
10:39:15.0258 4368	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:39:15.0274 4368	ProtectedStorage - ok
10:39:15.0321 4368	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:39:15.0352 4368	Psched - ok
10:39:15.0414 4368	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
10:39:15.0446 4368	ql2300 - ok
10:39:15.0539 4368	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
10:39:15.0555 4368	ql40xx - ok
10:39:15.0586 4368	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:39:15.0617 4368	QWAVE - ok
10:39:15.0648 4368	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:39:15.0664 4368	QWAVEdrv - ok
10:39:15.0680 4368	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:39:15.0711 4368	RasAcd - ok
10:39:15.0758 4368	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:39:15.0773 4368	RasAgileVpn - ok
10:39:15.0789 4368	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:39:15.0836 4368	RasAuto - ok
10:39:15.0851 4368	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:39:15.0898 4368	Rasl2tp - ok
10:39:15.0929 4368	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:39:15.0992 4368	RasMan - ok
10:39:16.0023 4368	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:39:16.0054 4368	RasPppoe - ok
10:39:16.0070 4368	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:39:16.0101 4368	RasSstp - ok
10:39:16.0132 4368	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:39:16.0163 4368	rdbss - ok
10:39:16.0179 4368	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:39:16.0194 4368	rdpbus - ok
10:39:16.0210 4368	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:39:16.0241 4368	RDPCDD - ok
10:39:16.0272 4368	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:39:16.0288 4368	RDPDR - ok
10:39:16.0335 4368	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:39:16.0366 4368	RDPENCDD - ok
10:39:16.0397 4368	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:39:16.0428 4368	RDPREFMP - ok
10:39:16.0444 4368	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:39:16.0491 4368	RdpVideoMiniport - ok
10:39:16.0506 4368	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
10:39:16.0553 4368	RDPWD - ok
10:39:16.0600 4368	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:39:16.0616 4368	rdyboost - ok
10:39:16.0647 4368	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:39:16.0662 4368	RemoteAccess - ok
10:39:16.0694 4368	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:39:16.0709 4368	RemoteRegistry - ok
10:39:16.0740 4368	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:39:16.0787 4368	RpcEptMapper - ok
10:39:16.0818 4368	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:39:16.0850 4368	RpcLocator - ok
10:39:16.0896 4368	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:39:16.0928 4368	RpcSs - ok
10:39:16.0943 4368	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:39:16.0990 4368	rspndr - ok
10:39:17.0037 4368	RTL8167         (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:39:17.0052 4368	RTL8167 - ok
10:39:17.0084 4368	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:39:17.0115 4368	s3cap - ok
10:39:17.0146 4368	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:39:17.0162 4368	SamSs - ok
10:39:17.0193 4368	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:39:17.0208 4368	sbp2port - ok
10:39:17.0255 4368	SBRE            (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
10:39:17.0255 4368	SBRE - ok
10:39:17.0302 4368	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:39:17.0349 4368	SCardSvr - ok
10:39:17.0364 4368	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:39:17.0411 4368	scfilter - ok
10:39:17.0442 4368	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:39:17.0505 4368	Schedule - ok
10:39:17.0536 4368	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:39:17.0552 4368	SCPolicySvc - ok
10:39:17.0567 4368	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:39:17.0630 4368	SDRSVC - ok
10:39:17.0661 4368	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:39:17.0708 4368	secdrv - ok
10:39:17.0723 4368	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:39:17.0770 4368	seclogon - ok
10:39:17.0801 4368	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:39:17.0848 4368	SENS - ok
10:39:17.0864 4368	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:39:17.0910 4368	SensrSvc - ok
10:39:17.0942 4368	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:39:17.0973 4368	Serenum - ok
10:39:17.0988 4368	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:39:18.0020 4368	Serial - ok
10:39:18.0035 4368	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
10:39:18.0066 4368	sermouse - ok
10:39:18.0098 4368	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:39:18.0160 4368	SessionEnv - ok
10:39:18.0176 4368	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:39:18.0207 4368	sffdisk - ok
10:39:18.0222 4368	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:39:18.0238 4368	sffp_mmc - ok
10:39:18.0254 4368	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:39:18.0300 4368	sffp_sd - ok
10:39:18.0316 4368	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
10:39:18.0347 4368	sfloppy - ok
10:39:18.0378 4368	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:39:18.0441 4368	SharedAccess - ok
10:39:18.0472 4368	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:39:18.0519 4368	ShellHWDetection - ok
10:39:18.0550 4368	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:39:18.0566 4368	sisagp - ok
10:39:18.0597 4368	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
10:39:18.0612 4368	SiSRaid2 - ok
10:39:18.0628 4368	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
10:39:18.0644 4368	SiSRaid4 - ok
10:39:18.0706 4368	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
10:39:18.0722 4368	SkypeUpdate - ok
10:39:18.0753 4368	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:39:18.0784 4368	Smb - ok
10:39:18.0831 4368	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:39:18.0846 4368	SNMPTRAP - ok
10:39:18.0878 4368	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:39:18.0893 4368	spldr - ok
10:39:18.0924 4368	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:39:18.0956 4368	Spooler - ok
10:39:19.0065 4368	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:39:19.0158 4368	sppsvc - ok
10:39:19.0236 4368	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:39:19.0283 4368	sppuinotify - ok
10:39:19.0330 4368	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:39:19.0377 4368	srv - ok
10:39:19.0392 4368	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:39:19.0439 4368	srv2 - ok
10:39:19.0470 4368	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:39:19.0502 4368	srvnet - ok
10:39:19.0533 4368	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:39:19.0580 4368	SSDPSRV - ok
10:39:19.0595 4368	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:39:19.0626 4368	SstpSvc - ok
10:39:19.0736 4368	Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:39:19.0751 4368	Stereo Service - ok
10:39:19.0767 4368	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
10:39:19.0782 4368	stexstor - ok
10:39:19.0814 4368	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:39:19.0860 4368	StiSvc - ok
10:39:19.0938 4368	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:39:19.0954 4368	storflt - ok
10:39:20.0094 4368	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:39:20.0110 4368	storvsc - ok
10:39:20.0126 4368	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:39:20.0141 4368	swenum - ok
10:39:20.0172 4368	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:39:20.0219 4368	swprv - ok
10:39:20.0250 4368	Synth3dVsc      (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys
10:39:20.0250 4368	Synth3dVsc - ok
10:39:20.0313 4368	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:39:20.0391 4368	SysMain - ok
10:39:20.0422 4368	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:39:20.0453 4368	TabletInputService - ok
10:39:20.0484 4368	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:39:20.0531 4368	TapiSrv - ok
10:39:20.0547 4368	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:39:20.0578 4368	TBS - ok
10:39:20.0656 4368	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:39:20.0687 4368	Tcpip - ok
10:39:20.0843 4368	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:39:20.0874 4368	TCPIP6 - ok
10:39:20.0937 4368	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:39:20.0968 4368	tcpipreg - ok
10:39:20.0999 4368	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:39:21.0030 4368	TDPIPE - ok
10:39:21.0062 4368	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:39:21.0062 4368	TDTCP - ok
10:39:21.0077 4368	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:39:21.0108 4368	tdx - ok
10:39:21.0124 4368	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
10:39:21.0140 4368	TermDD - ok
10:39:21.0155 4368	terminpt        (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
10:39:21.0186 4368	terminpt - ok
10:39:21.0218 4368	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:39:21.0264 4368	TermService - ok
10:39:21.0280 4368	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:39:21.0311 4368	Themes - ok
10:39:21.0342 4368	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:39:21.0374 4368	THREADORDER - ok
10:39:21.0420 4368	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:39:21.0452 4368	TrkWks - ok
10:39:21.0514 4368	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:39:21.0561 4368	TrustedInstaller - ok
10:39:21.0592 4368	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:39:21.0639 4368	tssecsrv - ok
10:39:21.0670 4368	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:39:21.0686 4368	TsUsbFlt - ok
10:39:21.0701 4368	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
10:39:21.0732 4368	TsUsbGD - ok
10:39:21.0764 4368	tsusbhub        (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
10:39:21.0795 4368	tsusbhub - ok
10:39:21.0826 4368	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:39:21.0857 4368	tunnel - ok
10:39:21.0857 4368	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
10:39:21.0873 4368	uagp35 - ok
10:39:21.0888 4368	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:39:21.0935 4368	udfs - ok
10:39:21.0966 4368	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:39:21.0998 4368	UI0Detect - ok
10:39:22.0013 4368	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:39:22.0029 4368	uliagpkx - ok
10:39:22.0060 4368	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:39:22.0076 4368	umbus - ok
10:39:22.0107 4368	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
10:39:22.0138 4368	UmPass - ok
10:39:22.0169 4368	UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:39:22.0200 4368	UmRdpService - ok
10:39:22.0232 4368	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:39:22.0263 4368	upnphost - ok
10:39:22.0310 4368	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
10:39:22.0341 4368	usbaudio - ok
10:39:22.0372 4368	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:39:22.0388 4368	usbccgp - ok
10:39:22.0419 4368	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:39:22.0450 4368	usbcir - ok
10:39:22.0466 4368	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:39:22.0481 4368	usbehci - ok
10:39:22.0528 4368	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:39:22.0544 4368	usbhub - ok
10:39:22.0544 4368	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:39:22.0575 4368	usbohci - ok
10:39:22.0590 4368	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
10:39:22.0622 4368	usbprint - ok
10:39:22.0637 4368	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:39:22.0653 4368	USBSTOR - ok
10:39:22.0668 4368	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:39:22.0700 4368	usbuhci - ok
10:39:22.0731 4368	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
10:39:22.0762 4368	usbvideo - ok
10:39:22.0793 4368	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:39:22.0840 4368	UxSms - ok
10:39:22.0871 4368	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:39:22.0887 4368	VaultSvc - ok
10:39:22.0918 4368	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:39:22.0934 4368	vdrvroot - ok
10:39:22.0949 4368	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:39:23.0012 4368	vds - ok
10:39:23.0043 4368	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:39:23.0074 4368	vga - ok
10:39:23.0090 4368	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:39:23.0105 4368	VgaSave - ok
10:39:23.0121 4368	VGPU - ok
10:39:23.0136 4368	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:39:23.0136 4368	vhdmp - ok
10:39:23.0168 4368	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:39:23.0183 4368	viaagp - ok
10:39:23.0199 4368	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
10:39:23.0214 4368	ViaC7 - ok
10:39:23.0292 4368	VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
10:39:23.0370 4368	VIAHdAudAddService - ok
10:39:23.0402 4368	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:39:23.0417 4368	viaide - ok
10:39:23.0433 4368	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:39:23.0448 4368	vmbus - ok
10:39:23.0448 4368	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:39:23.0480 4368	VMBusHID - ok
10:39:23.0495 4368	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:39:23.0511 4368	volmgr - ok
10:39:23.0526 4368	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:39:23.0542 4368	volmgrx - ok
10:39:23.0558 4368	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:39:23.0573 4368	volsnap - ok
10:39:23.0604 4368	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
10:39:23.0620 4368	vsmraid - ok
10:39:23.0667 4368	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:39:23.0714 4368	VSS - ok
10:39:23.0729 4368	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:39:23.0760 4368	vwifibus - ok
10:39:23.0792 4368	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:39:23.0807 4368	vwififlt - ok
10:39:23.0838 4368	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:39:23.0870 4368	W32Time - ok
10:39:23.0901 4368	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
10:39:23.0932 4368	WacomPen - ok
10:39:23.0979 4368	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:24.0026 4368	WANARP - ok
10:39:24.0026 4368	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:24.0057 4368	Wanarpv6 - ok
10:39:24.0119 4368	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:39:24.0182 4368	wbengine - ok
10:39:24.0197 4368	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:39:24.0244 4368	WbioSrvc - ok
10:39:24.0275 4368	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:39:24.0291 4368	wcncsvc - ok
10:39:24.0306 4368	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:39:24.0353 4368	WcsPlugInService - ok
10:39:24.0384 4368	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
10:39:24.0400 4368	Wd - ok
10:39:24.0431 4368	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:39:24.0447 4368	Wdf01000 - ok
10:39:24.0447 4368	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:39:24.0509 4368	WdiServiceHost - ok
10:39:24.0509 4368	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:39:24.0540 4368	WdiSystemHost - ok
10:39:24.0572 4368	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:39:24.0618 4368	WebClient - ok
10:39:24.0634 4368	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:39:24.0681 4368	Wecsvc - ok
10:39:24.0681 4368	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:39:24.0712 4368	wercplsupport - ok
10:39:24.0743 4368	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:39:24.0759 4368	WerSvc - ok
10:39:24.0806 4368	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:39:24.0837 4368	WfpLwf - ok
10:39:24.0852 4368	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:39:24.0868 4368	WIMMount - ok
10:39:24.0946 4368	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:39:24.0993 4368	WinDefend - ok
10:39:24.0993 4368	WinHttpAutoProxySvc - ok
10:39:25.0040 4368	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:39:25.0086 4368	Winmgmt - ok
10:39:25.0196 4368	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:39:25.0274 4368	WinRM - ok
10:39:25.0320 4368	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:39:25.0383 4368	Wlansvc - ok
10:39:25.0445 4368	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:39:25.0461 4368	WmiAcpi - ok
10:39:25.0508 4368	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:39:25.0539 4368	wmiApSrv - ok
10:39:25.0632 4368	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:39:25.0726 4368	WMPNetworkSvc - ok
10:39:25.0804 4368	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:39:25.0835 4368	WPCSvc - ok
10:39:25.0851 4368	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:39:25.0913 4368	WPDBusEnum - ok
10:39:25.0944 4368	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:39:26.0007 4368	ws2ifsl - ok
10:39:26.0116 4368	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:39:26.0147 4368	wscsvc - ok
10:39:26.0147 4368	WSearch - ok
10:39:26.0225 4368	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
10:39:26.0303 4368	wuauserv - ok
10:39:26.0397 4368	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:39:26.0428 4368	WudfPf - ok
10:39:26.0459 4368	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:39:26.0506 4368	WUDFRd - ok
10:39:26.0553 4368	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:39:26.0568 4368	wudfsvc - ok
10:39:26.0600 4368	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:39:26.0631 4368	WwanSvc - ok
10:39:26.0662 4368	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:39:27.0021 4368	\Device\Harddisk0\DR0 - ok
10:39:27.0052 4368	Boot (0x1200)   (fbfaff02b3de919d6b4ae04162a8b09b) \Device\Harddisk0\DR0\Partition0
10:39:27.0052 4368	\Device\Harddisk0\DR0\Partition0 - ok
10:39:27.0052 4368	============================================================
10:39:27.0052 4368	Scan finished
10:39:27.0052 4368	============================================================
10:39:27.0068 0840	Detected object count: 1
10:39:27.0068 0840	Actual detected object count: 1
10:39:41.0466 0840	frklrqa ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:41.0466 0840	frklrqa ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:40:16.0686 4768	============================================================
10:40:16.0686 4768	Scan started
10:40:16.0686 4768	Mode: Manual; SigCheck; TDLFS; 
10:40:16.0686 4768	============================================================
10:40:20.0185 4768	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:40:20.0425 4768	1394ohci - ok
10:40:20.0645 4768	27883791        (58169ffb207940d4d84b4e85db02cc1e) C:\Windows\system32\drivers\36901465.sys
10:40:20.0795 4768	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:40:20.0805 4768	ACPI - ok
10:40:20.0815 4768	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:40:20.0835 4768	AcpiPmi - ok
10:40:21.0065 4768	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:40:21.0085 4768	AdobeFlashPlayerUpdateSvc - ok
10:40:21.0235 4768	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
10:40:21.0255 4768	adp94xx - ok
10:40:21.0275 4768	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
10:40:21.0295 4768	adpahci - ok
10:40:21.0365 4768	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
10:40:21.0375 4768	adpu320 - ok
10:40:21.0405 4768	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:40:21.0425 4768	AeLookupSvc - ok
10:40:21.0455 4768	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:40:21.0475 4768	AFD - ok
10:40:21.0575 4768	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:40:21.0585 4768	agp440 - ok
10:40:21.0825 4768	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
10:40:21.0845 4768	aic78xx - ok
10:40:21.0975 4768	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:40:21.0985 4768	ALG - ok
10:40:22.0045 4768	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:40:22.0055 4768	aliide - ok
10:40:22.0115 4768	AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
10:40:22.0125 4768	AMD External Events Utility - ok
10:40:22.0135 4768	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:40:22.0155 4768	amdagp - ok
10:40:22.0215 4768	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:40:22.0225 4768	amdide - ok
10:40:22.0305 4768	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
10:40:22.0335 4768	AmdK8 - ok
10:40:22.0405 4768	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
10:40:22.0715 4768	AmdPPM - ok
10:40:22.0969 4768	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:40:22.0985 4768	amdsata - ok
10:40:23.0016 4768	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
10:40:23.0032 4768	amdsbs - ok
10:40:23.0234 4768	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:40:23.0250 4768	amdxata - ok
10:40:23.0312 4768	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:40:23.0328 4768	AppID - ok
10:40:23.0516 4768	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:40:23.0536 4768	AppIDSvc - ok
10:40:23.0736 4768	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:40:23.0756 4768	Appinfo - ok
10:40:23.0986 4768	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:40:23.0996 4768	AppMgmt - ok
10:40:24.0096 4768	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
10:40:24.0116 4768	arc - ok
10:40:24.0296 4768	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
10:40:24.0306 4768	arcsas - ok
10:40:24.0406 4768	AsIO            (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
10:40:24.0416 4768	AsIO - ok
10:40:24.0456 4768	AsUpIO          (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
10:40:24.0476 4768	AsUpIO - ok
10:40:24.0576 4768	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
10:40:24.0596 4768	aswFsBlk - ok
10:40:24.0896 4768	aswFW           (80beddcbb4a1417cec0c78a61cac0f66) C:\Windows\system32\drivers\aswFW.sys
10:40:24.0916 4768	aswFW - ok
10:40:25.0006 4768	aswKbd          (81e695913fefd4e23360a69c0f151797) C:\Windows\system32\drivers\aswKbd.sys
10:40:25.0016 4768	aswKbd - ok
10:40:25.0046 4768	aswMonFlt       (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
10:40:25.0056 4768	aswMonFlt - ok
10:40:25.0076 4768	aswNdis         (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
10:40:25.0086 4768	aswNdis - ok
10:40:25.0606 4768	aswNdis2        (72c8f79d72b4ff6e1627276ddf4b01c9) C:\Windows\system32\drivers\aswNdis2.sys
10:40:25.0716 4768	aswNdis2 - ok
10:40:25.0816 4768	aswRdr          (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
10:40:25.0826 4768	aswRdr - ok
10:40:25.0866 4768	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
10:40:25.0876 4768	aswSnx - ok
10:40:26.0516 4768	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
10:40:26.0676 4768	aswSP - ok
10:40:26.0736 4768	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
10:40:26.0796 4768	aswTdi - ok
10:40:27.0046 4768	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:27.0076 4768	AsyncMac - ok
10:40:27.0248 4768	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:40:27.0264 4768	atapi - ok
10:40:27.0280 4768	athr - ok
10:40:30.0455 4768	atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
10:40:30.0517 4768	atikmdag - ok
10:40:30.0939 4768	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:40:30.0970 4768	AudioEndpointBuilder - ok
10:40:30.0970 4768	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:40:31.0001 4768	Audiosrv - ok
10:40:31.0141 4768	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:40:36.0219 4768	avast! Antivirus - ok
10:40:36.0350 4768	avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
10:40:36.0459 4768	avast! Firewall - ok
10:40:36.0689 4768	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:40:36.0709 4768	AxInstSV - ok
10:40:38.0039 4768	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
10:40:38.0049 4768	b06bdrv - ok
10:40:38.0219 4768	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:40:38.0229 4768	b57nd60x - ok
10:40:38.0319 4768	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:40:38.0329 4768	BDESVC - ok
10:40:38.0389 4768	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:40:38.0409 4768	Beep - ok
10:40:38.0879 4768	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:40:38.0909 4768	BFE - ok
10:40:39.0369 4768	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:40:39.0399 4768	BITS - ok
10:40:39.0499 4768	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:39.0509 4768	blbdrive - ok
10:40:39.0549 4768	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:40:39.0559 4768	bowser - ok
10:40:39.0619 4768	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
10:40:39.0629 4768	BrFiltLo - ok
10:40:39.0679 4768	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
10:40:39.0689 4768	BrFiltUp - ok
10:40:39.0829 4768	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:40:39.0859 4768	Browser - ok
10:40:40.0159 4768	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:40:40.0179 4768	Brserid - ok
10:40:40.0332 4768	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:40.0348 4768	BrSerWdm - ok
10:40:40.0379 4768	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:40.0395 4768	BrUsbMdm - ok
10:40:40.0426 4768	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:40.0441 4768	BrUsbSer - ok
10:40:40.0566 4768	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
10:40:40.0582 4768	BTHMODEM - ok
10:40:40.0660 4768	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:40:40.0691 4768	bthserv - ok
10:40:40.0707 4768	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:40:40.0722 4768	cdfs - ok
10:40:40.0909 4768	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:40:40.0925 4768	cdrom - ok
10:40:41.0019 4768	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:40:41.0050 4768	CertPropSvc - ok
10:40:41.0097 4768	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
10:40:41.0112 4768	circlass - ok
10:40:41.0299 4768	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:40:41.0331 4768	CLFS - ok
10:40:41.0424 4768	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:41.0440 4768	clr_optimization_v2.0.50727_32 - ok
10:40:41.0533 4768	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:41.0549 4768	clr_optimization_v4.0.30319_32 - ok
10:40:41.0596 4768	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
10:40:41.0611 4768	CmBatt - ok
10:40:41.0643 4768	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:40:41.0658 4768	cmdide - ok
10:40:42.0173 4768	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:40:42.0189 4768	CNG - ok
10:40:42.0251 4768	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
10:40:42.0267 4768	Compbatt - ok
10:40:42.0329 4768	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:40:42.0345 4768	CompositeBus - ok
10:40:42.0345 4768	COMSysApp - ok
10:40:42.0423 4768	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
10:40:42.0438 4768	crcdisk - ok
10:40:42.0594 4768	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
10:40:42.0625 4768	CryptSvc - ok
10:40:42.0922 4768	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:40:42.0937 4768	CSC - ok
10:40:43.0281 4768	CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:40:43.0296 4768	CscService - ok
10:40:43.0546 4768	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:40:43.0577 4768	DcomLaunch - ok
10:40:43.0733 4768	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:40:43.0764 4768	defragsvc - ok
10:40:43.0858 4768	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:40:43.0889 4768	DfsC - ok
10:40:44.0092 4768	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:40:44.0123 4768	Dhcp - ok
10:40:44.0139 4768	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:40:44.0170 4768	discache - ok
10:40:44.0248 4768	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
10:40:44.0263 4768	Disk - ok
10:40:44.0404 4768	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
10:40:44.0419 4768	dmvsc - ok
10:40:45.0745 4768	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:40:45.0761 4768	Dnscache - ok
10:40:46.0884 4768	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:40:46.0915 4768	dot3svc - ok
10:40:47.0929 4768	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:40:47.0961 4768	DPS - ok
10:40:48.0085 4768	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:40:48.0101 4768	drmkaud - ok
10:40:49.0411 4768	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:40:49.0443 4768	dtsoftbus01 - ok
10:40:49.0552 4768	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:40:49.0577 4768	DXGKrnl - ok
10:40:49.0617 4768	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:40:49.0647 4768	EapHost - ok
10:40:49.0817 4768	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
10:40:49.0867 4768	ebdrv - ok
10:40:50.0247 4768	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:40:50.0267 4768	EFS - ok
10:40:50.0887 4768	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:40:50.0907 4768	ehRecvr - ok
10:40:51.0397 4768	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:40:51.0457 4768	ehSched - ok
10:40:51.0617 4768	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
10:40:51.0637 4768	elxstor - ok
10:40:51.0677 4768	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:40:51.0687 4768	ErrDev - ok
10:40:51.0857 4768	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:40:51.0887 4768	EventSystem - ok
10:40:51.0977 4768	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:40:52.0007 4768	exfat - ok
10:40:52.0107 4768	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:40:52.0137 4768	fastfat - ok
10:40:52.0207 4768	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:40:52.0227 4768	Fax - ok
10:40:52.0257 4768	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
10:40:52.0267 4768	fdc - ok
10:40:52.0277 4768	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:40:52.0307 4768	fdPHost - ok
10:40:52.0377 4768	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:40:52.0407 4768	FDResPub - ok
10:40:52.0557 4768	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:40:52.0567 4768	FileInfo - ok
10:40:52.0607 4768	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:40:52.0647 4768	Filetrace - ok
10:40:52.0667 4768	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
10:40:52.0677 4768	flpydisk - ok
10:40:52.0734 4768	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:40:52.0750 4768	FltMgr - ok
10:40:52.0797 4768	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
10:40:52.0828 4768	FontCache - ok
10:40:52.0953 4768	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:40:52.0968 4768	FontCache3.0.0.0 - ok
10:40:53.0046 4768	frklrqa         (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\sebfferb.sys
10:40:53.0046 4768	frklrqa ( UnsignedFile.Multi.Generic ) - warning
10:40:53.0046 4768	frklrqa - detected UnsignedFile.Multi.Generic (1)
10:40:53.0187 4768	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:40:53.0202 4768	FsDepends - ok
10:40:53.0265 4768	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:40:53.0280 4768	Fs_Rec - ok
10:40:53.0561 4768	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:40:53.0592 4768	fvevol - ok
10:40:53.0779 4768	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
10:40:53.0795 4768	gagp30kx - ok
10:40:55.0636 4768	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:40:55.0667 4768	gpsvc - ok
10:40:55.0729 4768	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
10:40:55.0745 4768	hamachi - ok
10:40:55.0823 4768	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:40:55.0839 4768	hcw85cir - ok
10:40:56.0369 4768	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:40:56.0385 4768	HdAudAddService - ok
10:40:56.0712 4768	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:40:56.0728 4768	HDAudBus - ok
10:40:56.0790 4768	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
10:40:56.0806 4768	HidBatt - ok
10:40:57.0133 4768	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
10:40:57.0149 4768	HidBth - ok
10:40:57.0289 4768	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
10:40:57.0321 4768	HidIr - ok
10:40:57.0461 4768	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:40:57.0477 4768	hidserv - ok
10:40:57.0539 4768	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:40:57.0555 4768	HidUsb - ok
10:40:57.0913 4768	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:40:57.0945 4768	hkmsvc - ok
10:40:58.0584 4768	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:40:58.0615 4768	HomeGroupListener - ok
10:40:59.0177 4768	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:40:59.0197 4768	HomeGroupProvider - ok
10:40:59.0407 4768	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:40:59.0427 4768	HpSAMD - ok
10:41:01.0421 4768	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:41:01.0452 4768	HTTP - ok
10:41:01.0483 4768	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:41:01.0499 4768	hwpolicy - ok
10:41:01.0764 4768	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:41:01.0780 4768	i8042prt - ok
10:41:02.0763 4768	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:41:02.0778 4768	iaStorV - ok
10:41:06.0091 4768	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:41:06.0111 4768	idsvc - ok
10:41:23.0675 4768	igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:41:23.0784 4768	igfx - ok
10:41:23.0906 4768	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
10:41:23.0920 4768	iirsp - ok
10:41:24.0010 4768	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:41:24.0040 4768	IKEEXT - ok
10:41:24.0088 4768	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:41:24.0100 4768	intelide - ok
10:41:24.0179 4768	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:41:24.0202 4768	intelppm - ok
10:41:24.0254 4768	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:41:24.0287 4768	IPBusEnum - ok
10:41:24.0329 4768	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:41:24.0355 4768	IpFilterDriver - ok
10:41:24.0424 4768	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:41:24.0484 4768	iphlpsvc - ok
10:41:24.0507 4768	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:41:24.0523 4768	IPMIDRV - ok
10:41:24.0589 4768	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:41:24.0649 4768	IPNAT - ok
10:41:24.0722 4768	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:41:24.0740 4768	IRENUM - ok
10:41:24.0915 4768	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:41:24.0933 4768	isapnp - ok
10:41:25.0158 4768	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:41:25.0172 4768	iScsiPrt - ok
10:41:25.0207 4768	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:41:25.0224 4768	kbdclass - ok
10:41:25.0406 4768	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:41:25.0420 4768	kbdhid - ok
10:41:25.0441 4768	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:41:25.0473 4768	KeyIso - ok
10:41:25.0495 4768	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:41:25.0510 4768	KSecDD - ok
10:41:25.0531 4768	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:41:25.0546 4768	KSecPkg - ok
10:41:25.0574 4768	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:41:25.0609 4768	KtmRm - ok
10:41:25.0645 4768	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:41:25.0691 4768	LanmanServer - ok
10:41:25.0849 4768	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:41:25.0893 4768	LanmanWorkstation - ok
10:41:25.0927 4768	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:41:25.0958 4768	lltdio - ok
10:41:26.0216 4768	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:41:26.0245 4768	lltdsvc - ok
10:41:26.0269 4768	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:41:26.0294 4768	lmhosts - ok
10:41:26.0332 4768	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
10:41:26.0345 4768	LSI_FC - ok
10:41:26.0405 4768	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
10:41:26.0419 4768	LSI_SAS - ok
10:41:26.0492 4768	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
10:41:26.0509 4768	LSI_SAS2 - ok
10:41:26.0538 4768	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
10:41:26.0554 4768	LSI_SCSI - ok
10:41:26.0573 4768	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:41:26.0602 4768	luafv - ok
10:41:26.0735 4768	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:41:26.0751 4768	MBAMProtector - ok
10:41:26.0953 4768	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:41:26.0970 4768	MBAMService - ok
10:41:27.0008 4768	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:41:27.0023 4768	Mcx2Svc - ok
10:41:27.0055 4768	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
10:41:27.0067 4768	megasas - ok
10:41:27.0156 4768	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
10:41:27.0170 4768	MegaSR - ok
10:41:27.0281 4768	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:41:27.0312 4768	MMCSS - ok
10:41:27.0452 4768	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:41:27.0478 4768	Modem - ok
10:41:27.0675 4768	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:41:27.0692 4768	monitor - ok
10:41:27.0795 4768	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:41:27.0811 4768	mouclass - ok
10:41:27.0867 4768	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:41:27.0883 4768	mouhid - ok
10:41:27.0907 4768	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:41:27.0925 4768	mountmgr - ok
10:41:28.0041 4768	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:41:28.0059 4768	mpio - ok
10:41:28.0080 4768	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:41:28.0102 4768	mpsdrv - ok
10:41:28.0292 4768	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:41:28.0325 4768	MpsSvc - ok
10:41:28.0375 4768	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:41:28.0395 4768	MRxDAV - ok
10:41:28.0434 4768	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:41:28.0450 4768	mrxsmb - ok
10:41:28.0503 4768	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:41:28.0519 4768	mrxsmb10 - ok
10:41:28.0543 4768	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:41:28.0558 4768	mrxsmb20 - ok
10:41:28.0624 4768	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:41:28.0636 4768	msahci - ok
10:41:28.0733 4768	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:41:28.0746 4768	msdsm - ok
10:41:29.0127 4768	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:41:29.0147 4768	MSDTC - ok
10:41:29.0174 4768	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:41:29.0198 4768	Msfs - ok
10:41:29.0226 4768	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:41:29.0249 4768	mshidkmdf - ok
10:41:29.0301 4768	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:41:29.0317 4768	msisadrv - ok
10:41:29.0362 4768	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:41:29.0388 4768	MSiSCSI - ok
10:41:29.0391 4768	msiserver - ok
10:41:29.0409 4768	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:41:29.0432 4768	MSKSSRV - ok
10:41:29.0436 4768	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:41:29.0460 4768	MSPCLOCK - ok
10:41:29.0479 4768	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:41:29.0503 4768	MSPQM - ok
10:41:29.0601 4768	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:41:29.0614 4768	MsRPC - ok
10:41:29.0648 4768	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:41:29.0664 4768	mssmbios - ok
10:41:29.0682 4768	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:41:29.0712 4768	MSTEE - ok
10:41:29.0746 4768	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
10:41:29.0758 4768	MTConfig - ok
10:41:29.0786 4768	MTsensor        (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
10:41:29.0795 4768	MTsensor - ok
10:41:29.0834 4768	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:41:29.0846 4768	Mup - ok
10:41:30.0095 4768	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:41:30.0132 4768	napagent - ok
10:41:30.0188 4768	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:41:30.0210 4768	NativeWifiP - ok
10:41:30.0493 4768	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:41:30.0517 4768	NDIS - ok
10:41:30.0540 4768	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:41:30.0565 4768	NdisCap - ok
10:41:30.0596 4768	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:41:30.0621 4768	NdisTapi - ok
10:41:30.0781 4768	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:41:30.0805 4768	Ndisuio - ok
10:41:30.0898 4768	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:41:30.0926 4768	NdisWan - ok
10:41:31.0014 4768	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:41:31.0036 4768	NDProxy - ok
10:41:31.0110 4768	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:41:31.0137 4768	NetBIOS - ok
10:41:31.0164 4768	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:41:31.0192 4768	NetBT - ok
10:41:31.0230 4768	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:41:31.0246 4768	Netlogon - ok
10:41:31.0392 4768	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:41:31.0427 4768	Netman - ok
10:41:31.0527 4768	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:41:31.0558 4768	netprofm - ok
10:41:31.0673 4768	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:41:31.0685 4768	NetTcpPortSharing - ok
10:41:31.0769 4768	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
10:41:31.0781 4768	nfrd960 - ok
10:41:31.0846 4768	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:41:31.0875 4768	NlaSvc - ok
10:41:31.0901 4768	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:41:31.0927 4768	Npfs - ok
10:41:32.0029 4768	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:41:32.0057 4768	nsi - ok
10:41:32.0076 4768	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:41:32.0102 4768	nsiproxy - ok
10:41:32.0549 4768	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:41:32.0577 4768	Ntfs - ok
10:41:32.0598 4768	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:41:32.0637 4768	Null - ok
10:41:34.0534 4768	nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:41:34.0683 4768	nvlddmkm - ok
10:41:34.0985 4768	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:41:34.0999 4768	nvraid - ok
10:41:35.0017 4768	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:41:35.0030 4768	nvstor - ok
10:41:35.0110 4768	nvsvc           (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
10:41:35.0130 4768	nvsvc - ok
10:41:35.0310 4768	nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:41:35.0352 4768	nvUpdatusService - ok
10:41:36.0066 4768	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:41:36.0088 4768	nv_agp - ok
10:41:36.0130 4768	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:41:36.0144 4768	ohci1394 - ok
10:41:36.0174 4768	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:41:36.0192 4768	p2pimsvc - ok
10:41:36.0299 4768	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:41:36.0317 4768	p2psvc - ok
10:41:36.0348 4768	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:41:36.0362 4768	Parport - ok
10:41:36.0392 4768	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:41:36.0404 4768	partmgr - ok
10:41:36.0420 4768	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:41:36.0433 4768	Parvdm - ok
10:41:36.0551 4768	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:41:36.0576 4768	PcaSvc - ok
10:41:36.0597 4768	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:41:36.0610 4768	pci - ok
10:41:36.0641 4768	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:41:36.0653 4768	pciide - ok
10:41:36.0784 4768	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
10:41:36.0802 4768	pcmcia - ok
10:41:36.0824 4768	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:41:36.0837 4768	pcw - ok
10:41:37.0068 4768	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:41:37.0107 4768	PEAUTH - ok
10:41:37.0334 4768	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:41:37.0364 4768	PeerDistSvc - ok
10:41:37.0473 4768	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:41:37.0513 4768	pla - ok
10:41:37.0733 4768	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:41:37.0756 4768	PlugPlay - ok
10:41:37.0801 4768	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:41:37.0816 4768	PNRPAutoReg - ok
10:41:38.0256 4768	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:41:38.0278 4768	PNRPsvc - ok
10:41:38.0505 4768	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:41:38.0539 4768	PolicyAgent - ok
10:41:38.0563 4768	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:41:38.0591 4768	Power - ok
10:41:38.0740 4768	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:41:38.0765 4768	PptpMiniport - ok
10:41:38.0831 4768	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
10:41:38.0845 4768	Processor - ok
10:41:38.0873 4768	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
10:41:38.0900 4768	ProfSvc - ok
10:41:38.0960 4768	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:41:38.0976 4768	ProtectedStorage - ok
10:41:39.0123 4768	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:41:39.0150 4768	Psched - ok
10:41:39.0343 4768	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
10:41:39.0374 4768	ql2300 - ok
10:41:39.0965 4768	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
10:41:39.0978 4768	ql40xx - ok
10:41:40.0184 4768	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:41:40.0208 4768	QWAVE - ok
10:41:40.0247 4768	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:41:40.0263 4768	QWAVEdrv - ok
10:41:40.0331 4768	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:41:40.0357 4768	RasAcd - ok
10:41:40.0427 4768	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:41:40.0456 4768	RasAgileVpn - ok
10:41:40.0526 4768	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:41:40.0559 4768	RasAuto - ok
10:41:40.0698 4768	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:40.0728 4768	Rasl2tp - ok
10:41:41.0195 4768	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:41:41.0231 4768	RasMan - ok
10:41:41.0393 4768	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:41.0418 4768	RasPppoe - ok
10:41:41.0657 4768	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:41:41.0683 4768	RasSstp - ok
10:41:41.0938 4768	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:41:41.0969 4768	rdbss - ok
10:41:42.0026 4768	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:41:42.0040 4768	rdpbus - ok
10:41:42.0056 4768	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:42.0079 4768	RDPCDD - ok
10:41:42.0096 4768	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:41:42.0110 4768	RDPDR - ok
10:41:42.0145 4768	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:41:42.0173 4768	RDPENCDD - ok
10:41:42.0189 4768	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:41:42.0219 4768	RDPREFMP - ok
10:41:42.0256 4768	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:41:42.0270 4768	RdpVideoMiniport - ok
10:41:42.0314 4768	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
10:41:42.0330 4768	RDPWD - ok
10:41:42.0385 4768	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:41:42.0400 4768	rdyboost - ok
10:41:42.0430 4768	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:41:42.0458 4768	RemoteAccess - ok
10:41:42.0503 4768	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:41:42.0536 4768	RemoteRegistry - ok
10:41:42.0603 4768	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:41:42.0639 4768	RpcEptMapper - ok
10:41:42.0677 4768	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:41:42.0695 4768	RpcLocator - ok
10:41:43.0061 4768	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:41:43.0098 4768	RpcSs - ok
10:41:43.0123 4768	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:41:43.0151 4768	rspndr - ok
10:41:43.0311 4768	RTL8167         (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:41:43.0329 4768	RTL8167 - ok
10:41:43.0455 4768	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:41:43.0471 4768	s3cap - ok
10:41:43.0534 4768	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:41:43.0552 4768	SamSs - ok
10:41:43.0760 4768	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:41:43.0772 4768	sbp2port - ok
10:41:44.0042 4768	SBRE            (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
10:41:44.0058 4768	SBRE - ok
10:41:44.0085 4768	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:41:44.0114 4768	SCardSvr - ok
10:41:44.0153 4768	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:41:44.0176 4768	scfilter - ok
10:41:44.0842 4768	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:41:44.0885 4768	Schedule - ok
10:41:45.0019 4768	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:41:45.0050 4768	SCPolicySvc - ok
10:41:45.0245 4768	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:41:45.0264 4768	SDRSVC - ok
10:41:45.0324 4768	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:41:45.0356 4768	secdrv - ok
10:41:45.0425 4768	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:41:45.0460 4768	seclogon - ok
10:41:45.0609 4768	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:41:45.0646 4768	SENS - ok
10:41:45.0728 4768	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:41:45.0748 4768	SensrSvc - ok
10:41:45.0802 4768	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:41:45.0818 4768	Serenum - ok
10:41:45.0867 4768	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:41:45.0885 4768	Serial - ok
10:41:45.0935 4768	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
10:41:45.0950 4768	sermouse - ok
10:41:46.0224 4768	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:41:46.0255 4768	SessionEnv - ok
10:41:46.0262 4768	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:41:46.0276 4768	sffdisk - ok
10:41:46.0283 4768	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:41:46.0298 4768	sffp_mmc - ok
10:41:46.0316 4768	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:41:46.0331 4768	sffp_sd - ok
10:41:46.0380 4768	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
10:41:46.0394 4768	sfloppy - ok
10:41:46.0518 4768	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:41:46.0551 4768	SharedAccess - ok
10:41:46.0599 4768	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:41:46.0628 4768	ShellHWDetection - ok
10:41:46.0643 4768	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:41:46.0656 4768	sisagp - ok
10:41:46.0696 4768	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
10:41:46.0713 4768	SiSRaid2 - ok
10:41:46.0733 4768	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
10:41:46.0746 4768	SiSRaid4 - ok
10:41:46.0896 4768	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
10:41:46.0910 4768	SkypeUpdate - ok
10:41:46.0931 4768	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:41:46.0962 4768	Smb - ok
10:41:46.0994 4768	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:41:47.0010 4768	SNMPTRAP - ok
10:41:47.0026 4768	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:41:47.0037 4768	spldr - ok
10:41:47.0083 4768	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:41:47.0111 4768	Spooler - ok
10:41:47.0385 4768	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:41:47.0442 4768	sppsvc - ok
10:41:48.0015 4768	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:41:48.0047 4768	sppuinotify - ok
10:41:48.0582 4768	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:41:48.0601 4768	srv - ok
10:41:48.0776 4768	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:41:48.0795 4768	srv2 - ok
10:41:48.0944 4768	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:41:48.0961 4768	srvnet - ok
10:41:49.0162 4768	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:41:49.0199 4768	SSDPSRV - ok
10:41:49.0428 4768	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:41:49.0460 4768	SstpSvc - ok
10:41:50.0080 4768	Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:41:50.0374 4768	Stereo Service - ok
10:41:50.0473 4768	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
10:41:50.0488 4768	stexstor - ok
10:41:50.0520 4768	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:41:50.0542 4768	StiSvc - ok
10:41:50.0574 4768	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:41:50.0586 4768	storflt - ok
10:41:50.0599 4768	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:41:50.0611 4768	storvsc - ok
10:41:50.0624 4768	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:41:50.0635 4768	swenum - ok
10:41:50.0665 4768	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:41:50.0694 4768	swprv - ok
10:41:50.0707 4768	Synth3dVsc      (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys
10:41:50.0719 4768	Synth3dVsc - ok
10:41:50.0759 4768	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:41:50.0787 4768	SysMain - ok
10:41:50.0862 4768	szserver        (8fdaf81240a4057162cad255f02a844e) C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
10:41:50.0875 4768	szserver - ok
10:41:50.0903 4768	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:41:50.0926 4768	TabletInputService - ok
10:41:50.0953 4768	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:41:50.0984 4768	TapiSrv - ok
10:41:50.0998 4768	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:41:51.0025 4768	TBS - ok
10:41:51.0107 4768	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:41:51.0139 4768	Tcpip - ok
10:41:51.0240 4768	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:41:51.0271 4768	TCPIP6 - ok
10:41:51.0337 4768	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:41:51.0359 4768	tcpipreg - ok
10:41:51.0375 4768	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:41:51.0390 4768	TDPIPE - ok
10:41:51.0417 4768	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:41:51.0429 4768	TDTCP - ok
10:41:51.0444 4768	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:41:51.0468 4768	tdx - ok
10:41:51.0491 4768	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
10:41:51.0504 4768	TermDD - ok
10:41:51.0517 4768	terminpt        (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
10:41:51.0529 4768	terminpt - ok
10:41:51.0558 4768	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:41:51.0589 4768	TermService - ok
10:41:51.0596 4768	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:41:51.0614 4768	Themes - ok
10:41:51.0641 4768	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:41:51.0668 4768	THREADORDER - ok
10:41:51.0726 4768	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:41:51.0754 4768	TrkWks - ok
10:41:51.0807 4768	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:41:51.0838 4768	TrustedInstaller - ok
10:41:51.0871 4768	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:51.0893 4768	tssecsrv - ok
10:41:51.0914 4768	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:41:51.0926 4768	TsUsbFlt - ok
10:41:51.0933 4768	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
10:41:51.0946 4768	TsUsbGD - ok
10:41:51.0962 4768	tsusbhub        (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
10:41:51.0975 4768	tsusbhub - ok
10:41:51.0982 4768	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:41:52.0005 4768	tunnel - ok
10:41:52.0012 4768	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
10:41:52.0024 4768	uagp35 - ok
10:41:52.0047 4768	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:41:52.0071 4768	udfs - ok
10:41:52.0094 4768	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:41:52.0111 4768	UI0Detect - ok
10:41:52.0126 4768	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:41:52.0139 4768	uliagpkx - ok
10:41:52.0154 4768	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
10:41:52.0167 4768	umbus - ok
10:41:52.0192 4768	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
10:41:52.0204 4768	UmPass - ok
10:41:52.0222 4768	UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:41:52.0239 4768	UmRdpService - ok
10:41:52.0261 4768	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:41:52.0291 4768	upnphost - ok
10:41:52.0318 4768	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
10:41:52.0332 4768	usbaudio - ok
10:41:52.0358 4768	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:52.0371 4768	usbccgp - ok
10:41:52.0388 4768	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:41:52.0402 4768	usbcir - ok
10:41:52.0414 4768	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:41:52.0426 4768	usbehci - ok
10:41:52.0444 4768	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:41:52.0458 4768	usbhub - ok
10:41:52.0467 4768	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:41:52.0479 4768	usbohci - ok
10:41:52.0485 4768	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
10:41:52.0499 4768	usbprint - ok
10:41:52.0514 4768	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:41:52.0527 4768	USBSTOR - ok
10:41:52.0537 4768	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:41:52.0550 4768	usbuhci - ok
10:41:52.0561 4768	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
10:41:52.0577 4768	usbvideo - ok
10:41:52.0601 4768	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:41:52.0626 4768	UxSms - ok
10:41:52.0653 4768	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:41:52.0667 4768	VaultSvc - ok
10:41:52.0679 4768	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:41:52.0691 4768	vdrvroot - ok
10:41:52.0718 4768	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:41:52.0747 4768	vds - ok
10:41:52.0763 4768	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:52.0777 4768	vga - ok
10:41:52.0792 4768	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:41:52.0816 4768	VgaSave - ok
10:41:52.0820 4768	VGPU - ok
10:41:52.0843 4768	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:41:52.0856 4768	vhdmp - ok
10:41:52.0868 4768	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:41:52.0882 4768	viaagp - ok
10:41:52.0897 4768	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
10:41:52.0911 4768	ViaC7 - ok
10:41:52.0963 4768	VIAHdAudAddService (dc56a867a2d92e1c51cb6d3f9c540548) C:\Windows\system32\drivers\viahduaa.sys
10:41:52.0986 4768	VIAHdAudAddService - ok
10:41:53.0000 4768	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:41:53.0012 4768	viaide - ok
10:41:53.0030 4768	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:41:53.0043 4768	vmbus - ok
10:41:53.0057 4768	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:41:53.0069 4768	VMBusHID - ok
10:41:53.0081 4768	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:41:53.0093 4768	volmgr - ok
10:41:53.0109 4768	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:41:53.0124 4768	volmgrx - ok
10:41:53.0141 4768	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:41:53.0155 4768	volsnap - ok
10:41:53.0167 4768	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
10:41:53.0179 4768	vsmraid - ok
10:41:53.0222 4768	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:41:53.0257 4768	VSS - ok
10:41:53.0272 4768	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:41:53.0288 4768	vwifibus - ok
10:41:53.0304 4768	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:41:53.0332 4768	vwififlt - ok
10:41:53.0362 4768	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:41:53.0399 4768	W32Time - ok
10:41:53.0421 4768	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
10:41:53.0435 4768	WacomPen - ok
10:41:53.0501 4768	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:41:53.0631 4768	WANARP - ok
10:41:53.0803 4768	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:41:53.0939 4768	Wanarpv6 - ok
10:41:54.0125 4768	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:41:54.0297 4768	wbengine - ok
10:41:54.0313 4768	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:41:54.0474 4768	WbioSrvc - ok
10:41:54.0547 4768	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:41:54.0617 4768	wcncsvc - ok
10:41:54.0642 4768	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:41:54.0740 4768	WcsPlugInService - ok
10:41:54.0793 4768	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
10:41:54.0805 4768	Wd - ok
10:41:54.0856 4768	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:41:54.0874 4768	Wdf01000 - ok
10:41:54.0890 4768	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:41:54.0955 4768	WdiServiceHost - ok
10:41:54.0958 4768	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:41:55.0050 4768	WdiSystemHost - ok
10:41:55.0246 4768	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:41:55.0414 4768	WebClient - ok
10:41:55.0426 4768	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:41:55.0558 4768	Wecsvc - ok
10:41:55.0623 4768	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:41:55.0745 4768	wercplsupport - ok
10:41:55.0758 4768	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:41:55.0788 4768	WerSvc - ok
10:41:55.0816 4768	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:41:55.0864 4768	WfpLwf - ok
10:41:55.0877 4768	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:41:55.0891 4768	WIMMount - ok
10:41:55.0967 4768	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:41:56.0007 4768	WinDefend - ok
10:41:56.0044 4768	WinHttpAutoProxySvc - ok
10:41:56.0083 4768	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:41:56.0108 4768	Winmgmt - ok
10:41:56.0157 4768	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:41:56.0198 4768	WinRM - ok
10:41:56.0247 4768	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:41:56.0275 4768	Wlansvc - ok
10:41:56.0314 4768	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:41:56.0329 4768	WmiAcpi - ok
10:41:56.0364 4768	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:41:56.0378 4768	wmiApSrv - ok
10:41:56.0461 4768	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:41:56.0483 4768	WMPNetworkSvc - ok
10:41:56.0544 4768	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:41:56.0561 4768	WPCSvc - ok
10:41:56.0573 4768	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:41:56.0592 4768	WPDBusEnum - ok
10:41:56.0630 4768	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:41:56.0660 4768	ws2ifsl - ok
10:41:56.0677 4768	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:41:56.0697 4768	wscsvc - ok
10:41:56.0701 4768	WSearch - ok
10:41:56.0767 4768	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
10:41:56.0811 4768	wuauserv - ok
10:41:56.0951 4768	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:41:56.0976 4768	WudfPf - ok
10:41:56.0988 4768	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:41:57.0024 4768	WUDFRd - ok
10:41:57.0049 4768	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:41:57.0078 4768	wudfsvc - ok
10:41:57.0098 4768	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:41:57.0119 4768	WwanSvc - ok
10:41:57.0136 4768	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:41:57.0686 4768	\Device\Harddisk0\DR0 - ok
10:41:57.0742 4768	Boot (0x1200)   (fbfaff02b3de919d6b4ae04162a8b09b) \Device\Harddisk0\DR0\Partition0
10:41:57.0744 4768	\Device\Harddisk0\DR0\Partition0 - ok
10:41:57.0745 4768	============================================================
10:41:57.0745 4768	Scan finished
10:41:57.0745 4768	============================================================
10:41:57.0753 4556	Detected object count: 1
10:41:57.0753 4556	Actual detected object count: 1
10:43:26.0339 4556	frklrqa ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:26.0339 4556	frklrqa ( UnsignedFile.Multi.Generic ) - User select action: Skip

maumina · 10.06.2012, 10:08

Punkt 3 cc cleaner

Code:

ATTFilter

Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.06.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.06.2012	6,00MB	11.2.202.235
Amazon Browser Bar	Amazon.com	09.06.2012		3.0.2012.0223
ASUSUpdate		09.06.2012		
avast! Internet Security	AVAST Software	09.06.2012		7.0.1426.0
CCleaner	Piriform	22.05.2012		3.19
DAEMON Tools Lite	DT Soft Ltd	09.06.2012		4.45.4.0314
Diablo III Beta	Blizzard Entertainment	09.06.2012		0.11.0.9359
DivX-Setup	DivX, LLC	09.06.2012		2.6.1.8
ESET Online Scanner v3		09.06.2012		
EVEREST Ultimate Edition v5.50	Lavalys, Inc.	23.04.2012		5.50
Fan Xpert	ASUSTeK	09.06.2012		1.00.11
FileASSASSIN	Malwarebytes	09.06.2012		1.06
FLV Player 2.0 (build 25)	Martijn de Visser	09.06.2012		2.0 (build 25)
Free YouTube to MP3 Converter version 3.11.20.423	DVDVideoSoft Ltd.	27.04.2012	83,6MB	3.11.20.423
GetDataBack for NTFS	Runtime Software	09.06.2012		4.25.000
Google Chrome	Google Inc.	03.05.2012		19.0.1084.52
Java(TM) 6 Update 31	Oracle	09.04.2012	95,1MB	6.0.310
League of Legends	Riot Games	19.04.2012		1.02.0000
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	09.06.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	09.06.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	09.06.2012	2,94MB	4.0.30319
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.04.2012	0,34MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	20.04.2012	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.12.2001	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	27.04.2012	11,1MB	10.0.40219
Mozilla Firefox 13.0 (x86 de)	Mozilla	09.06.2012	35,8MB	13.0
Mozilla Maintenance Service	Mozilla	09.06.2012	0,21MB	12.0
NVIDIA 3D Vision Controller-Treiber 296.10	NVIDIA Corporation	10.05.2012		296.10
NVIDIA 3D Vision Treiber 296.10	NVIDIA Corporation	10.05.2012		296.10
NVIDIA Grafiktreiber 296.10	NVIDIA Corporation	10.05.2012		296.10
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	10.05.2012		9.12.0213
NVIDIA Update 1.7.11	NVIDIA Corporation	10.05.2012		1.7.11
Pando Media Booster	Pando Networks Inc.	09.06.2012	5,47MB	2.6.0.7
PC Probe II	ASUSTeK Computer Inc.	09.06.2012		1.04.83
Realtek Ethernet Controller Driver For Windows Vista and Later	Realtek	03.04.2012		1.00.0009
Skype™ 5.8	Skype Technologies S.A.	10.04.2012	19,0MB	5.8.158
StarCraft II	Blizzard Entertainment	09.06.2012		1.4.3.21029
Steam	Valve Corporation	10.05.2012	35,5MB	1.0.0.0
STOPzilla	iS3 Inc.	09.06.2012	44,7MB	5.0.98.116
TechPowerUp GPU-Z		09.06.2012		
TmNationsForever	Nadeo	28.05.2012		
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	03.04.2012	2,62MB	1.34
WinRAR 4.11 (32-Bit)	win.rar GmbH	09.06.2012		4.11.0
World of Warcraft	Blizzard Entertainment	09.06.2012		4.3.4.15595

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 10.06.2012 10:52:05 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\blubb\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 56,64% Memory free
7,00 Gb Paging File | 5,57 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 335,25 Gb Total Space | 250,35 Gb Free Space | 74,68% Space Free | Partition Type: NTFS
 
Computer Name: BLUBB-PC | User Name: blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\blubb\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\blubb\Downloads\tdsskiller.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\AASP\1.01.04\aaCenter.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\Fan Xpert\QFanHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\PC Probe II\Probe2.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Windows\System32\AsIO.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\ASUS\AASP\1.01.04\aasp.dll ()
MOD - C:\Programme\ASUS\PC Probe II\vvc.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - C:\Programme\ASUS\PC Probe II\cpuutil.dll ()
MOD - C:\Programme\ASUS\AASP\1.01.04\cpuutil.dll ()
MOD - C:\Programme\ASUS\PC Probe II\AsMultiLang.dll ()
MOD - C:\Programme\ASUS\PC Probe II\PowerDll.dll ()
MOD - C:\Programme\ASUS\AASP\1.01.04\PowerDll.dll ()
MOD - C:\Programme\ASUS\PC Probe II\AsHtmlEngine.dll ()
MOD - C:\Programme\ASUS\PC Probe II\SoundPlay.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (szserver) -- C:\Programme\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (athr) -- system32\DRIVERS\athr.sys File not found
DRV - (27883791) -- C:\Windows\System32\drivers\36901465.sys (Kaspersky Lab, GERT)
DRV - (frklrqa) -- C:\Windows\System32\drivers\sebfferb.sys ()
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 5E E8 28 CF 11 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {F30CCDB5-25C0-4BC7-902F-640F8E23549F}
IE - HKCU\..\SearchScopes\{F30CCDB5-25C0-4BC7-902F-640F8E23549F}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.10 15:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2002.01.01 00:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.08 20:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.21 19:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\Extensions
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wm~1.def\extensions
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wm~1.def\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wmtp.default\extensions
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wmtp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.10 10:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\lrb356hj.default\extensions
[2012.04.28 19:58:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\lrb356hj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.10 10:40:24 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\lrb356hj.default\extensions\abb@amazon.com
[2012.04.21 13:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2002.01.01 00:27:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.06.08 20:22:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\blubb\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\blubb\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\blubb\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\blubb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: avast! WebRep = C:\Users\blubb\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\blubb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TBLayoutBHO Class) - {008f6853-9cb4-41c5-a950-39d55e5e06ba} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Deutsch Toolbar) - {F361B100-73C5-4793-8BCC-6E5C41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\blubb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65A72D6C-6BC3-499B-BA14-1570B997B9A3}: DhcpNameServer = 192.168.2.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.10 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.10 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.10 10:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012.06.10 10:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2012.06.10 10:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012.06.10 10:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012.06.10 10:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2012.06.10 10:37:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.06.10 10:37:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.10 10:30:24 | 000,101,112 | R--- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012.06.10 10:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012.06.10 10:20:14 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\36901465.sys
[2012.06.10 10:20:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.10 09:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012.06.10 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2012.06.10 09:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.10 09:25:32 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Malwarebytes
[2012.06.10 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.10 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 09:25:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.10 09:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.09 05:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed
[2012.06.03 21:26:39 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\TeamViewer
[2012.05.31 22:05:29 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\S1.03.15
[2012.05.31 21:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.05.31 21:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012.05.29 03:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2012.05.29 03:49:01 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\TrackMania
[2012.05.29 03:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2012.05.29 03:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\TmNationsForever
[2012.05.29 03:45:16 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\tmnationsforever_setup_de
[2012.05.27 21:54:53 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2012.05.27 21:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\GPU-Z
[2012.05.25 01:20:35 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\LolClient2
[2012.05.24 22:19:14 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\FanXpert
[2012.05.23 01:57:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.18 23:44:21 | 000,000,000 | ---D | C] -- C:\diablo
[2012.05.18 23:44:04 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\Logs
[2012.05.18 23:43:33 | 002,679,048 | ---- | C] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
[2012.05.18 23:39:04 | 002,766,595 | ---- | C] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_deDE.exe
[2012.05.14 23:16:58 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\.Nitrous
[2012.05.14 22:31:56 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\eeee
[2012.05.13 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\NVIDIA
[2012.05.13 00:02:23 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.05.12 23:35:15 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\StarCraft II
[2012.05.12 23:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.05.12 23:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2012.05.12 16:07:42 | 029,822,976 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\blubb\Desktop\TeamSpeak3-Client-win32-3.0.6.exe
[2012.05.12 03:09:38 | 000,000,000 | ---D | C] -- C:\starcraft
[2012.05.12 02:28:21 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\mresreg
[2012.05.12 02:28:20 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\Quellordner (zB neue Fotos von der Digitalkamera)
[2012.05.12 02:28:20 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\Demo-Fotos
[2012.05.12 02:28:11 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\IN-MEDIAKG
[2012.05.12 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\FotoSortierer XL
[2012.05.12 02:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\mresreg
[2012.05.12 02:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.05.12 02:10:04 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2012.05.12 02:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2012.05.12 02:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012.05.12 02:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2012.05.11 20:45:25 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012.05.11 20:45:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2012.05.11 20:45:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012.05.11 20:45:24 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012.05.11 20:45:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012.05.11 20:45:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012.05.11 20:45:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012.05.11 20:45:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012.05.11 20:45:21 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012.05.11 20:45:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2012.05.11 20:45:21 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2012.05.11 20:45:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012.05.11 20:45:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2012.05.11 20:45:21 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012.05.11 20:45:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012.05.11 20:45:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2012.05.11 20:45:20 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012.05.11 20:45:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2012.05.11 20:45:20 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012.05.11 20:45:20 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012.05.11 20:45:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2012.05.11 20:45:19 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012.05.11 20:45:19 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012.05.11 20:45:19 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012.05.11 20:45:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012.05.11 20:45:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012.05.11 20:45:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012.05.11 20:45:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012.05.11 20:45:19 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012.05.11 20:45:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012.05.11 20:45:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012.05.11 20:45:18 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2012.05.11 20:45:18 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2012.05.11 20:45:18 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2012.05.11 20:45:18 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2012.05.11 20:45:18 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2012.05.11 20:45:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2012.05.11 20:45:18 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2012.05.11 20:45:17 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2012.05.11 20:45:17 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2012.05.11 20:45:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2012.05.11 20:45:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2012.05.11 20:45:17 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2012.05.11 20:45:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2012.05.11 20:45:16 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012.05.11 20:45:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012.05.11 20:45:16 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012.05.11 20:45:16 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012.05.11 20:45:16 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2012.05.11 20:45:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012.05.11 20:45:15 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012.05.11 20:45:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012.05.11 20:45:15 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012.05.11 20:45:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012.05.11 20:45:14 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.05.11 20:45:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012.05.11 20:45:14 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012.05.11 20:45:14 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012.05.11 20:45:14 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012.05.11 20:45:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012.05.11 20:45:13 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012.05.11 20:45:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012.05.11 20:45:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012.05.11 20:45:13 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012.05.11 20:45:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012.05.11 20:45:10 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012.05.11 20:45:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012.05.11 20:45:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012.05.11 20:45:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012.05.11 20:45:09 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012.05.11 20:45:09 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012.05.11 20:45:09 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012.05.11 20:45:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012.05.11 20:40:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.05.11 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.05.11 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.05.11 20:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.05.11 20:34:27 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\DivX
[2012.05.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.11 14:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.05.11 14:27:07 | 003,881,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012.05.11 14:27:07 | 002,719,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012.05.11 14:27:07 | 002,561,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.05.11 14:27:07 | 000,108,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012.05.11 14:27:07 | 000,062,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012.05.11 14:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.05.11 14:26:22 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012.05.11 14:26:22 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012.05.11 14:26:22 | 010,819,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012.05.11 14:26:22 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012.05.11 14:26:22 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012.05.11 14:26:22 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012.05.11 14:26:22 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012.05.11 14:26:22 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012.05.11 14:26:22 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012.05.11 14:26:22 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.05.11 14:26:21 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012.05.11 14:26:21 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012.05.11 14:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.05.11 14:25:46 | 000,000,000 | ---D | C] -- C:\NVIDIA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.10 10:53:06 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.10 10:41:35 | 000,005,568 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012.06.10 10:27:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.10 10:25:29 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2049343741-2144649846-139975811-1000UA.job
[2012.06.10 10:20:14 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\36901465.sys
[2012.06.10 09:44:20 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012.06.10 09:28:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\sebfferb.sys
[2012.06.10 09:25:29 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.10 08:21:21 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 08:21:21 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 08:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.10 08:13:54 | 2817,875,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.09 05:34:23 | 000,001,229 | ---- | M] () -- C:\Users\blubb\Desktop\cFosSpeed Calibration.lnk
[2012.06.09 02:08:06 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2049343741-2144649846-139975811-1000Core.job
[2012.06.08 20:32:34 | 000,000,642 | ---- | M] () -- C:\Users\blubb\Desktop\Dokument.rtf
[2012.06.01 08:25:13 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.01 08:25:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.05.31 23:29:09 | 000,173,014 | ---- | M] () -- C:\Users\blubb\Desktop\eea.SC2Map
[2012.05.29 03:48:23 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2012.05.29 03:44:28 | 528,346,845 | ---- | M] () -- C:\Users\blubb\Desktop\tmnationsforever_setup_de.zip
[2012.05.26 04:30:38 | 000,002,382 | ---- | M] () -- C:\Users\blubb\Documents\MumbleAutomaticCertificateBackup.p12
[2012.05.26 02:03:24 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.05.24 08:26:47 | 000,002,397 | ---- | M] () -- C:\Users\blubb\Desktop\Google Chrome.lnk
[2012.05.23 02:00:53 | 000,001,994 | ---- | M] () -- C:\Users\blubb\Desktop\avast! Internet Security.lnk
[2012.05.18 23:43:40 | 002,679,048 | ---- | M] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
[2012.05.18 23:39:16 | 002,766,595 | ---- | M] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_deDE.exe
[2012.05.14 20:18:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.14 20:18:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.14 20:18:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.14 20:18:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.12 23:47:05 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.05.12 16:09:44 | 029,822,976 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\blubb\Desktop\TeamSpeak3-Client-win32-3.0.6.exe
[2012.05.12 02:12:36 | 000,234,966 | ---- | M] () -- C:\REST2514.EXE
[2012.05.12 02:11:32 | 000,001,280 | ---- | M] () -- C:\Users\blubb\Desktop\PC Inspector File Recovery.lnk
[2012.05.12 02:04:57 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.10 10:53:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.10 10:41:03 | 000,005,568 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012.06.10 09:44:20 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012.06.10 09:28:22 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\sebfferb.sys
[2012.06.10 09:25:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.09 05:34:23 | 000,001,229 | ---- | C] () -- C:\Users\blubb\Desktop\cFosSpeed Calibration.lnk
[2012.05.31 22:41:38 | 000,173,014 | ---- | C] () -- C:\Users\blubb\Desktop\eea.SC2Map
[2012.05.29 03:48:23 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2012.05.29 03:15:34 | 528,346,845 | ---- | C] () -- C:\Users\blubb\Desktop\tmnationsforever_setup_de.zip
[2012.05.27 08:57:12 | 000,000,642 | ---- | C] () -- C:\Users\blubb\Desktop\Dokument.rtf
[2012.05.26 04:30:38 | 000,002,382 | ---- | C] () -- C:\Users\blubb\Documents\MumbleAutomaticCertificateBackup.p12
[2012.05.23 02:00:53 | 000,001,994 | ---- | C] () -- C:\Users\blubb\Desktop\avast! Internet Security.lnk
[2012.05.12 23:35:15 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.05.12 02:12:35 | 000,234,966 | ---- | C] () -- C:\REST2514.EXE
[2012.05.12 02:10:05 | 000,001,280 | ---- | C] () -- C:\Users\blubb\Desktop\PC Inspector File Recovery.lnk
[2012.05.12 02:04:57 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012.05.11 14:26:22 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.04.04 22:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.04 20:48:16 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012.04.04 20:48:16 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2012.04.04 20:41:40 | 000,026,043 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.03 22:21:05 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2012.04.03 22:21:05 | 000,000,128 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2012.04.03 22:21:05 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2012.04.03 21:37:04 | 000,007,604 | ---- | C] () -- C:\Users\blubb\AppData\Local\Resmon.ResmonCfg
[2012.04.03 21:16:39 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.04.03 21:16:39 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.04.03 21:01:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.03 21:01:27 | 000,020,906 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.02.11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

< End of report >

--- --- ---

--- --- ---
OLT extra
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.06.2012 10:52:05 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\blubb\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 56,64% Memory free
7,00 Gb Paging File | 5,57 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 335,25 Gb Total Space | 250,35 Gb Free Space | 74,68% Space Free | Partition Type: NTFS
 
Computer Name: BLUBB-PC | User Name: blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFFFF21-2609-4B03-9EAC-F1FDB6E69BBE}" = lport=57447 | protocol=6 | dir=in | name=pando media booster | 
"{0B8C5D03-A1F3-404B-83AB-80B0E054EEAE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0E0FE3B0-0C59-439E-B8AB-4691AA24A55F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{130C35EE-BFB8-4CDE-BB71-C0860DF8B81E}" = lport=57447 | protocol=17 | dir=in | name=pando media booster | 
"{1A686FD0-B704-4EE1-B7A3-192B3130885D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{30F0BF86-5188-4CBB-85A4-AB94BED92BF7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4250D1D6-F3D6-49EA-A9BA-76010A8529C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{486CA489-C7D4-40AA-B8B1-5C50B6EF0AED}" = lport=57447 | protocol=6 | dir=in | name=pando media booster | 
"{4CA5C084-EB0A-4BC9-9CE0-920C0311BB3D}" = lport=57447 | protocol=17 | dir=in | name=pando media booster | 
"{4F3119FE-D614-49EF-BCA7-53A8D215AA0F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5A88E143-7E41-460D-A428-DF8C11EB1FF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B859E79-C652-438F-BD87-7C7280C2E526}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6C1262B4-B9C1-4CFB-B5F8-057509DF736D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6C6CF09D-F8B7-4104-9F32-BB6CCB02AEE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7EB39F13-DD6C-497B-B5FB-76AC2609BD82}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A6E95C4E-38CE-45F7-B619-1E81196D2886}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB848D04-9263-4181-AECD-F78814169515}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AC4F0A88-6521-43BB-B40E-E4266F6190C2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B0443470-FE25-49A6-B827-72E55ECFE1A6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BC3E360C-9183-4D30-AFF4-54CEF2C824FA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{D4C0A37D-0FDD-4483-99E7-547AF4D58298}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9367129-55AC-4D96-A8DA-DE345592B922}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DAD33237-D612-4A8F-AFA7-C21DAEF2D9BA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DC44660F-7293-4174-9012-7DB2D9114C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0AE8C24-5BE2-4510-94F3-2CCB35AD8F69}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB76A242-C816-40CE-B671-0608E8C73C67}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039FF109-83FB-40B0-9B93-27A73BA3C207}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A0117D2-A584-4624-9A2C-14BE3083F6DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E2FA6ED-9D95-4D80-867D-BC8607A879BB}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"{154F100E-9AA5-429A-B0F3-7B6760AA72A5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{17655DAF-1B37-48E4-B339-728535F3A83A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{1A73C420-B23E-45F6-AE63-EE78E7B96C25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20F5DEBD-A17C-4E74-84E9-FDF5D8169503}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{361D4895-163E-4725-8269-9AE5EFA76306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{38B313A2-1C67-40EA-A4DF-AAF35D485EA7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{49AD66B6-8D0D-44C1-B0BC-A1B28A692174}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4CA6BDDB-4014-423B-9FFB-26345E6C4312}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{4DCC6060-EE1E-4724-A2BC-8DB8ECCA945A}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{558E55FA-17D7-47EA-BEE0-1BA5D868705A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{5597BC61-E5EC-4C28-804D-0EB42B26F082}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{59F9ADA1-6EBF-4CCF-B220-F9E308FD51C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6BAC6D58-AAD4-4136-B3F0-C48ECDFAAB45}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{7A2C2942-1A5A-4AEA-A679-120BEFD244DE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F5ED9C8-C789-42C0-8FD9-43040260A52C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F71BFA7-4095-4632-BD84-03E244198879}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86C67C58-E92B-49BE-8A8E-7BBE2C4BCC87}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9E87671D-BDC3-4F92-8FA0-2B085196190C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A50E8812-A26A-4E40-A013-9B460215088A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A575CF98-907C-4EC7-B149-F4F054C51A6D}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"{B89BDA99-B7D4-4CEA-898C-F5187BD26D6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB5593E7-DBB8-46AD-9C27-EA26C6AC2A33}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{BD5BE0A8-6B42-40B3-AF69-E44F8FA212F9}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{BECFB781-14C5-4AB4-B69B-03E9DE92223B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C506DF8A-08D8-4DFC-A2B4-2C6DF6D59F65}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CFC26182-2AD9-4618-BFCB-5CCC902FAAB0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D3472A24-00EA-4DB9-90F2-128FA1D4F2AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{D5031AB7-765D-4D09-A98F-FF0F79BBFF59}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{DED5FDE0-A67D-42BB-98C9-B5599C987DE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EA2E7A79-AA33-44F4-BEC1-1E2326F1DC9C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{F6F46B24-D946-4147-9EEB-CAB15DFCE537}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{F83CF8C7-B996-4610-87A4-28FFF3B26C43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FD0745A6-433A-4CF3-8345-0F78505B9DDE}" = protocol=6 | dir=out | app=system | 
"TCP Query User{01F5FD97-BDD6-4E3A-9B1A-D3DA7FEC8F20}C:\users\blubb\desktop\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=c:\users\blubb\desktop\downloader_diablo2_dede.exe | 
"TCP Query User{0DEA2D3C-E661-47B1-A97C-CDEA6D5C09C0}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{353E67A2-1B53-42A7-AF0E-537E44DC687B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{5A237BC6-2D3D-4BFF-A2A0-0A4273B52958}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{5F72CDE4-591A-4D0F-BB2B-7C2F1E7B048F}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{93745FC3-49E0-4752-9456-0A919829B46B}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{99E7E561-16FD-4122-8299-AE4A295B753B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{B7132C76-1AC8-4843-80A0-7380033112CC}C:\users\blubb\downloads\downloader_diablo2_engb.exe" = protocol=6 | dir=in | app=c:\users\blubb\downloads\downloader_diablo2_engb.exe | 
"TCP Query User{BFD4D55D-CFE2-4F42-906A-6458F63D85E2}C:\program files\kbot\kbot 6.23\kbotcc.exe" = protocol=6 | dir=in | app=c:\program files\kbot\kbot 6.23\kbotcc.exe | 
"TCP Query User{C7637B89-7D78-496D-BB4B-41B207515E9D}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{D92678C2-0698-485B-A374-07E4A29E79D9}C:\users\blubb\downloads\downloader_diablo2_dede(1).exe" = protocol=6 | dir=in | app=c:\users\blubb\downloads\downloader_diablo2_dede(1).exe | 
"TCP Query User{E3228408-661F-4FFE-8DA8-149D9768AC19}C:\users\blubb\desktop\leagueoflegends\crack\data\wp669.exe" = protocol=6 | dir=in | app=c:\users\blubb\desktop\leagueoflegends\crack\data\wp669.exe | 
"TCP Query User{E95070D5-44DE-4323-B024-174BD3DE36A1}C:\users\blubb\downloads\starcraft_2_eu_de-de(1).exe" = protocol=6 | dir=in | app=c:\users\blubb\downloads\starcraft_2_eu_de-de(1).exe | 
"TCP Query User{F0CBB64F-47C6-4AF4-B881-153F05C7DB05}C:\users\blubb\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=c:\users\blubb\desktop\downloader_diablo2_lord_of_destruction_dede.exe | 
"TCP Query User{FFA238FC-1B5B-4CE8-A71F-1BC247C94A8F}C:\users\blubb\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\blubb\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{0F7D902C-C9D5-484A-AFD1-7CDFE483753D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{13C7A8D1-803B-4D1C-BBC6-24F89D67A20D}C:\users\blubb\downloads\starcraft_2_eu_de-de(1).exe" = protocol=17 | dir=in | app=c:\users\blubb\downloads\starcraft_2_eu_de-de(1).exe | 
"UDP Query User{1E75FCBB-9F7D-47DB-A854-1293854DC5B2}C:\users\blubb\downloads\downloader_diablo2_dede(1).exe" = protocol=17 | dir=in | app=c:\users\blubb\downloads\downloader_diablo2_dede(1).exe | 
"UDP Query User{2AB250F5-8044-4675-B8FD-958023A6018D}C:\users\blubb\downloads\downloader_diablo2_engb.exe" = protocol=17 | dir=in | app=c:\users\blubb\downloads\downloader_diablo2_engb.exe | 
"UDP Query User{32A5CD46-1581-4316-BF2A-C618A428EEA2}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{35C9313C-57EE-44C2-9FF1-36EB7DCFAD47}C:\users\blubb\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\blubb\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{45DE1847-2D79-4095-91D5-7C7552EC7258}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{565278B9-51E3-47E3-9309-7CD9EFE9FD5C}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{6377C9AD-F20E-42A6-A21B-1E4D5F0ACDD9}C:\program files\kbot\kbot 6.23\kbotcc.exe" = protocol=17 | dir=in | app=c:\program files\kbot\kbot 6.23\kbotcc.exe | 
"UDP Query User{9E64836D-5F2A-4091-B38C-70EEDC97B7BE}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{C275B4A4-219D-48DC-B2BE-C671940C0F04}C:\users\blubb\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=c:\users\blubb\desktop\downloader_diablo2_lord_of_destruction_dede.exe | 
"UDP Query User{DAC6B6DE-5E12-4F14-8DC1-8B52DCA63C9F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{DAC6BBAC-6D06-4D50-85A3-0A26A07D615D}C:\users\blubb\desktop\leagueoflegends\crack\data\wp669.exe" = protocol=17 | dir=in | app=c:\users\blubb\desktop\leagueoflegends\crack\data\wp669.exe | 
"UDP Query User{EBAB4D13-4A76-4C7A-9692-515BD2A2E3DF}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{FDBFA995-3E17-4204-B5BA-6D9C6B8C2CB2}C:\users\blubb\desktop\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=c:\users\blubb\desktop\downloader_diablo2_dede.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D975D-9BF3-43CF-AA30-7186CEE3D9DE}" = STOPzilla
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{62C6F05A-5E4B-40C6-AD5A-B773A1A5624B}" = Fan Xpert
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Browser Bar" = Amazon Browser Bar
"avast" = avast! Internet Security
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileASSASSIN" = FileASSASSIN
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"StarCraft II" = StarCraft II
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TmNationsForever_is1" = TmNationsForever
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"World of Warcraft" = World of Warcraft
"ZoneAlarm_Deutsch Toolbar" = ZoneAlarm Deutsch Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2012 19:57:37 | Computer Name = blubb-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add29bf  Ausnahmecode: 0xc0000094  Fehleroffset: 0x0005ad31  ID des fehlerhaften
 Prozesses: 0x858  Startzeit der fehlerhaften Anwendung: 0x01cd45d278f38c24  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\VIASysFx.dll  Berichtskennung: b8e9abc9-b1c5-11e1-9eff-e0cb4ee19117
 
Error - 08.06.2012 20:29:40 | Computer Name = blubb-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add29bf  Ausnahmecode: 0xc0000094  Fehleroffset: 0x0005ad31  ID des fehlerhaften
 Prozesses: 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd45d6f48d9302  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\VIASysFx.dll  Berichtskennung: 330cc2e0-b1ca-11e1-9eff-e0cb4ee19117
 
Error - 08.06.2012 23:45:52 | Computer Name = blubb-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2012 10:05:38 | Computer Name = blubb-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2012 10:12:50 | Computer Name = blubb-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add29bf  Ausnahmecode: 0xc0000094  Fehleroffset: 0x0005ad31  ID des fehlerhaften
 Prozesses: 0x42c  Startzeit der fehlerhaften Anwendung: 0x01cd4649f289c0de  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\VIASysFx.dll  Berichtskennung: 31ecf4dc-b23d-11e1-a3b1-e0cb4ee19117
 
Error - 09.06.2012 13:22:01 | Computer Name = blubb-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: VIASysFx.dll, Version: 1.0.0.0,
 Zeitstempel: 0x4add29bf  Ausnahmecode: 0xc0000094  Fehleroffset: 0x0005ad31  ID des fehlerhaften
 Prozesses: 0xe90  Startzeit der fehlerhaften Anwendung: 0x01cd464a6b0df359  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\VIASysFx.dll  Berichtskennung: 9f74a1b5-b257-11e1-a3b1-e0cb4ee19117
 
Error - 10.06.2012 02:15:45 | Computer Name = blubb-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2012 03:41:55 | Computer Name = blubb-PC | Source = Application Hang | ID = 1002
Description = Programm OTS.exe, Version 3.1.47.2 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 3a0    Startzeit: 
01cd46dbf0ef0504    Endzeit: 11    Anwendungspfad: C:\Users\blubb\Downloads\OTS.exe    Berichts-ID:
 bcc3a0bb-b2cf-11e1-9ec6-e0cb4ee19117  
 
Error - 10.06.2012 04:39:26 | Computer Name = blubb-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 szkg5.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 10.06.2012 04:39:26 | Computer Name = blubb-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 szkgfs.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
[ System Events ]
Error - 22.05.2012 20:16:38 | Computer Name = blubb-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 20:16:38 | Computer Name = blubb-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 20:16:38 | Computer Name = blubb-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 20:16:38 | Computer Name = blubb-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 20:16:38 | Computer Name = blubb-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2012 20:16:38 | Computer Name = blubb-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.05.2012 16:10:57 | Computer Name = blubb-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 25.05.2012 17:26:38 | Computer Name = blubb-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.05.2012 17:09:51 | Computer Name = blubb-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?05.?2012 um 23:08:52 unerwartet heruntergefahren.
 
Error - 31.05.2012 15:52:37 | Computer Name = blubb-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >

--- --- ---

kira · 10.06.2012, 10:17

bist Du zu schnell! meine Frage bitte beantworten unter Punkt 1.:-> http://www.trojaner-board.de/116965-...tml#post843377

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

maumina · 10.06.2012, 10:39

Ich habe keine Vollscansuche mit Malewarebytes gemacht.
Ich habe zu dem jetzt komische Probleme mit meinem Brwoser und dem PC. Auf einmal ist er langsam und das Internet auch.
Zu dem, bei dem MBR-Rootkit, es konnte nicht gefunden werden der befehl ist angeblich falsch geschrieben. Habe es erst kopiert und dann manuel eingetragen. Nur komischerweiße ist dann in dem system32 ein mbr txt. aufgetaucht und denBericht habe ich gepostet
1.GMER
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-10 11:31:13
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 ST3360320AS rev.3.AAM
Running: qj47ciks.exe; Driver: C:\Users\blubb\AppData\Local\Temp\kgloqpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwAddBootEntry [0x8C8F7DF8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                                                                        ZwAllocateVirtualMemory [0x94B78A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwAssignProcessToJobObject [0x8C8F885E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwCreateEvent [0x8C8FD2E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwCreateEventPair [0x8C8FD330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwCreateIoCompletion [0x8C8FD422]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwCreateMutant [0x8C8FD252]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwCreateSection [0x8C8FD374]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwCreateSemaphore [0x8C8FD29A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwCreateTimer [0x8C8FD3DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwDeleteBootEntry [0x8C8F7E44]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                                                                        ZwFreeVirtualMemory [0x94B78B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwLoadDriver [0x8C8F7AD6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwModifyBootEntry [0x8C8F7E90]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwNotifyChangeKey [0x8C8FAD1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwNotifyChangeMultipleKeys [0x8C8F8B02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwOpenEvent [0x8C8FD30E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwOpenEventPair [0x8C8FD352]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwOpenIoCompletion [0x8C8FD446]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwOpenMutant [0x8C8FD278]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwOpenSection [0x8C8FD3AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwOpenSemaphore [0x8C8FD2C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwOpenTimer [0x8C8FD400]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                                                                        ZwProtectVirtualMemory [0x94B78CA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwQueryObject [0x8C8F89CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwSetBootEntryOrder [0x8C8F7EDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwSetBootOptions [0x8C8F7F28]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwSetSystemInformation [0x8C8F7B46]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwSetSystemPowerState [0x8C8F7CEA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwShutdownSystem [0x8C8F7C92]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwSystemDebugControl [0x8C8F7D5A]
SSDT            \SystemRoot\system32\drivers\szkgfs.sys                                                                                                                                                                      ZwTerminateProcess [0xA06059C6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                                                                        ZwVdmControl [0x8C8F7F74]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                                                                        ZwWriteVirtualMemory [0x94B78BE0]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                                                                        ZwCreateProcessEx [0x94B8ED92]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                                                                        ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                                     82A543C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                       82A8DD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                                                                                                          82A94D80 4 Bytes  [F8, 7D, 8F, 8C]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                                                                                          82A94DA8 4 Bytes  [5A, 8A, B7, 94]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                                                                                          82A94E08 4 Bytes  [5E, 88, 8F, 8C]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                                                                                                          82A94E5C 8 Bytes  [E4, D2, 8F, 8C, 30, D3, 8F, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                                                                                                          82A94E68 4 Bytes  [22, D4, 8F, 8C]
.text           ...                                                                                                                                                                                                          
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                                                                                           82C21C64 5 Bytes  JMP 94B8BC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                                                                                                             82C3A290 5 Bytes  JMP 94B8D764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                                                                                                  82C4F3D7 4 Bytes  CALL 8C8F91B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                                                                                                 82C691E0 4 Bytes  CALL 8C8F91CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                                                                                               82CF311A 7 Bytes  JMP 94B8ED96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?               system32\drivers\79383622.sys                                                                                                                                                                                Das System kann den angegebenen Pfad nicht finden. !
?               system32\DRIVERS\szkg.sys                                                                                                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
?               system32\drivers\szkgfs.sys                                                                                                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
.text           autochk.exe                                                                                                                                                                                                  007B11D1 2 Bytes  [5C, 1F] {POP ESP; POP DS}
.text           autochk.exe                                                                                                                                                                                                  007B11DC 1 Byte  [08]
.text           autochk.exe                                                                                                                                                                                                  007B11E0 3 Bytes  [D0, DA, 25]
.text           autochk.exe                                                                                                                                                                                                  007B11E8 1 Byte  [02]
.text           autochk.exe                                                                                                                                                                                                  007B11E8 3 Bytes  [02, 00, 01]
.text           ...                                                                                                                                                                                                          
.text           kernel32.dll!GetBinaryTypeW + 70                                                                                                                                                                             75D669F4 1 Byte  [62]
.text           user32.dll!UnhookWindowsHookEx                                                                                                                                                                               75B7ADF9 5 Bytes  [E9, 0A, 5C, 6A, 8A] {JMP 0xffffffff8a6a5c0f}
.text           user32.dll!UnhookWinEvent                                                                                                                                                                                    75B7B750 5 Bytes  [E9, A7, 4C, 6A, 8A] {JMP 0xffffffff8a6a4cac}
.text           user32.dll!SetWindowsHookExW                                                                                                                                                                                 75B7E30C 5 Bytes  [E9, F3, 24, 6A, 8A] {JMP 0xffffffff8a6a24f8}
.text           user32.dll!SetWinEventHook                                                                                                                                                                                   75B824DC 5 Bytes  [E9, 17, DD, 69, 8A] {JMP 0xffffffff8a69dd1c}
.text           user32.dll!SetWindowsHookExA                                                                                                                                                                                 75BA6D0C 5 Bytes  [E9, EF, 98, 67, 8A] {JMP 0xffffffff8a6798f4}

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                          75D669F4 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[428] ntdll.dll!LdrUnloadDll                                                                                                                                                  7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\spoolsv.exe[428] ntdll.dll!LdrLoadDll                                                                                                                                                    7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\spoolsv.exe[428] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                        75D669F4 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[428] USER32.dll!UnhookWindowsHookEx                                                                                                                                          75B7ADF9 5 Bytes  JMP 00140A08 
.text           C:\Windows\System32\spoolsv.exe[428] USER32.dll!UnhookWinEvent                                                                                                                                               75B7B750 5 Bytes  JMP 001403FC 
.text           C:\Windows\System32\spoolsv.exe[428] USER32.dll!SetWindowsHookExW                                                                                                                                            75B7E30C 5 Bytes  JMP 00140804 
.text           C:\Windows\System32\spoolsv.exe[428] USER32.dll!SetWinEventHook                                                                                                                                              75B824DC 5 Bytes  JMP 001401F8 
.text           C:\Windows\System32\spoolsv.exe[428] USER32.dll!SetWindowsHookExA                                                                                                                                            75BA6D0C 5 Bytes  JMP 00140600 
.text           C:\Windows\system32\wininit.exe[484] ntdll.dll!LdrUnloadDll                                                                                                                                                  7773C86E 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\wininit.exe[484] ntdll.dll!LdrLoadDll                                                                                                                                                    7774223E 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\wininit.exe[484] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                        75D669F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[484] USER32.dll!UnhookWindowsHookEx                                                                                                                                          75B7ADF9 5 Bytes  JMP 00110A08 
.text           C:\Windows\system32\wininit.exe[484] USER32.dll!UnhookWinEvent                                                                                                                                               75B7B750 5 Bytes  JMP 001103FC 
.text           C:\Windows\system32\wininit.exe[484] USER32.dll!SetWindowsHookExW                                                                                                                                            75B7E30C 5 Bytes  JMP 00110804 
.text           C:\Windows\system32\wininit.exe[484] USER32.dll!SetWinEventHook                                                                                                                                              75B824DC 5 Bytes  JMP 001101F8 
.text           C:\Windows\system32\wininit.exe[484] USER32.dll!SetWindowsHookExA                                                                                                                                            75BA6D0C 5 Bytes  JMP 00110600 
.text           C:\Windows\system32\csrss.exe[496] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                          75D669F4 1 Byte  [62]
.text           C:\Windows\system32\services.exe[540] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\services.exe[540] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\services.exe[540] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[576] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\winlogon.exe[576] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[576] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 000C0A08 
.text           C:\Windows\system32\winlogon.exe[576] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 000C03FC 
.text           C:\Windows\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 000C0804 
.text           C:\Windows\system32\winlogon.exe[576] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 000C01F8 
.text           C:\Windows\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 000C0600 
.text           C:\Windows\system32\lsass.exe[596] ntdll.dll!LdrUnloadDll                                                                                                                                                    7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsass.exe[596] ntdll.dll!LdrLoadDll                                                                                                                                                      7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsass.exe[596] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                          75D669F4 1 Byte  [62]
.text           C:\Windows\system32\lsass.exe[596] USER32.dll!UnhookWindowsHookEx                                                                                                                                            75B7ADF9 5 Bytes  JMP 00180A08 
.text           C:\Windows\system32\lsass.exe[596] USER32.dll!UnhookWinEvent                                                                                                                                                 75B7B750 5 Bytes  JMP 001803FC 
.text           C:\Windows\system32\lsass.exe[596] USER32.dll!SetWindowsHookExW                                                                                                                                              75B7E30C 5 Bytes  JMP 00180804 
.text           C:\Windows\system32\lsass.exe[596] USER32.dll!SetWinEventHook                                                                                                                                                75B824DC 5 Bytes  JMP 001801F8 
.text           C:\Windows\system32\lsass.exe[596] USER32.dll!SetWindowsHookExA                                                                                                                                              75BA6D0C 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\lsm.exe[604] ntdll.dll!LdrUnloadDll                                                                                                                                                      7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsm.exe[604] ntdll.dll!LdrLoadDll                                                                                                                                                        7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsm.exe[604] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                            75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll                                                                                                                                                  7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrLoadDll                                                                                                                                                    7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                        75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[696] USER32.dll!UnhookWindowsHookEx                                                                                                                                          75B7ADF9 5 Bytes  JMP 00120A08 
.text           C:\Windows\system32\svchost.exe[696] USER32.dll!UnhookWinEvent                                                                                                                                               75B7B750 5 Bytes  JMP 001203FC 
.text           C:\Windows\system32\svchost.exe[696] USER32.dll!SetWindowsHookExW                                                                                                                                            75B7E30C 5 Bytes  JMP 00120804 
.text           C:\Windows\system32\svchost.exe[696] USER32.dll!SetWinEventHook                                                                                                                                              75B824DC 5 Bytes  JMP 001201F8 
.text           C:\Windows\system32\svchost.exe[696] USER32.dll!SetWindowsHookExA                                                                                                                                            75BA6D0C 5 Bytes  JMP 00120600 
.text           C:\Windows\system32\svchost.exe[728] ntdll.dll!LdrUnloadDll                                                                                                                                                  7773C86E 5 Bytes  JMP 000B03FC 
.text           C:\Windows\system32\svchost.exe[728] ntdll.dll!LdrLoadDll                                                                                                                                                    7774223E 5 Bytes  JMP 000B01F8 
.text           C:\Windows\system32\svchost.exe[728] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                        75D669F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] ntdll.dll!LdrUnloadDll                                                                                                                    7773C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] ntdll.dll!LdrLoadDll                                                                                                                      7774223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] kernel32.dll!GetBinaryTypeW + 70                                                                                                          75D669F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] USER32.dll!UnhookWindowsHookEx                                                                                                            75B7ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] USER32.dll!UnhookWinEvent                                                                                                                 75B7B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] USER32.dll!SetWindowsHookExW                                                                                                              75B7E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] USER32.dll!SetWinEventHook                                                                                                                75B824DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[824] USER32.dll!SetWindowsHookExA                                                                                                              75BA6D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll                                                                                                                                                  7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrLoadDll                                                                                                                                                    7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                        75D669F4 1 Byte  [62]
.text           C:\Windows\system32\atiesrxx.exe[960] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 001603FC 
.text           C:\Windows\system32\atiesrxx.exe[960] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 001601F8 
.text           C:\Windows\system32\atiesrxx.exe[960] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\atiesrxx.exe[960] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00300A08 
.text           C:\Windows\system32\atiesrxx.exe[960] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 003003FC 
.text           C:\Windows\system32\atiesrxx.exe[960] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00300804 
.text           C:\Windows\system32\atiesrxx.exe[960] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 003001F8 
.text           C:\Windows\system32\atiesrxx.exe[960] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00300600 
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] ntdll.dll!LdrUnloadDll                                                                                                                                  7773C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] ntdll.dll!LdrLoadDll                                                                                                                                    7774223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] kernel32.dll!GetBinaryTypeW + 70                                                                                                                        75D669F4 1 Byte  [62]
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] USER32.dll!UnhookWindowsHookEx                                                                                                                          75B7ADF9 5 Bytes  JMP 00190A08 
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] USER32.dll!UnhookWinEvent                                                                                                                               75B7B750 5 Bytes  JMP 001903FC 
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] USER32.dll!SetWindowsHookExW                                                                                                                            75B7E30C 5 Bytes  JMP 00190804 
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] USER32.dll!SetWinEventHook                                                                                                                              75B824DC 5 Bytes  JMP 001901F8 
.text           C:\Program Files\ASUS\AASP\1.01.04\aaCenter.exe[992] USER32.dll!SetWindowsHookExA                                                                                                                            75BA6D0C 5 Bytes  JMP 00190600 
.text           C:\Windows\System32\svchost.exe[996] ntdll.dll!LdrUnloadDll                                                                                                                                                  7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\System32\svchost.exe[996] ntdll.dll!LdrLoadDll                                                                                                                                                    7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\System32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                        75D669F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx                                                                                                                                          75B7ADF9 5 Bytes  JMP 00950A08 
.text           C:\Windows\System32\svchost.exe[996] USER32.dll!UnhookWinEvent                                                                                                                                               75B7B750 5 Bytes  JMP 009503FC 
.text           C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExW                                                                                                                                            75B7E30C 5 Bytes  JMP 00950804 
.text           C:\Windows\System32\svchost.exe[996] USER32.dll!SetWinEventHook                                                                                                                                              75B824DC 5 Bytes  JMP 009501F8 
.text           C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExA                                                                                                                                            75BA6D0C 5 Bytes  JMP 00950600 
.text           C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00550A08 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 005503FC 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00550804 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 005501F8 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00550600 
.text           C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000B03FC 
.text           C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000B01F8 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 01060A08 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 010603FC 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 01060804 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 010601F8 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 01060600 
.text           C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00970A08 
.text           C:\Windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 009703FC 
.text           C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00970804 
.text           C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 009701F8 
.text           C:\Windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00970600 
.text           C:\Windows\system32\atieclxx.exe[1324] ntdll.dll!LdrUnloadDll                                                                                                                                                7773C86E 5 Bytes  JMP 001603FC 
.text           C:\Windows\system32\atieclxx.exe[1324] ntdll.dll!LdrLoadDll                                                                                                                                                  7774223E 5 Bytes  JMP 001601F8 
.text           C:\Windows\system32\atieclxx.exe[1324] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                      75D669F4 1 Byte  [62]
.text           C:\Windows\system32\atieclxx.exe[1324] USER32.dll!UnhookWindowsHookEx                                                                                                                                        75B7ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Windows\system32\atieclxx.exe[1324] USER32.dll!UnhookWinEvent                                                                                                                                             75B7B750 5 Bytes  JMP 001F03FC 
.text           C:\Windows\system32\atieclxx.exe[1324] USER32.dll!SetWindowsHookExW                                                                                                                                          75B7E30C 5 Bytes  JMP 001F0804 
.text           C:\Windows\system32\atieclxx.exe[1324] USER32.dll!SetWinEventHook                                                                                                                                            75B824DC 5 Bytes  JMP 001F01F8 
.text           C:\Windows\system32\atieclxx.exe[1324] USER32.dll!SetWindowsHookExA                                                                                                                                          75BA6D0C 5 Bytes  JMP 001F0600 
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] ntdll.dll!LdrUnloadDll                                                                                                                                           7773C86E 5 Bytes  JMP 001603FC 
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] ntdll.dll!LdrLoadDll                                                                                                                                             7774223E 5 Bytes  JMP 001601F8 
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                 75D669F4 1 Byte  [62]
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] USER32.dll!UnhookWindowsHookEx                                                                                                                                   75B7ADF9 5 Bytes  JMP 00220A08 
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] USER32.dll!UnhookWinEvent                                                                                                                                        75B7B750 5 Bytes  JMP 002203FC 
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] USER32.dll!SetWindowsHookExW                                                                                                                                     75B7E30C 5 Bytes  JMP 00220804 
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] USER32.dll!SetWinEventHook                                                                                                                                       75B824DC 5 Bytes  JMP 002201F8 
.text           C:\Users\blubb\Downloads\qj47ciks.exe[1364] USER32.dll!SetWindowsHookExA                                                                                                                                     75BA6D0C 5 Bytes  JMP 00220600 
.text           C:\Windows\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1408] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00F40A08 
.text           C:\Windows\system32\svchost.exe[1408] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 00F403FC 
.text           C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00F40804 
.text           C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 00F401F8 
.text           C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00F40600 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter                                                                                                            75D4F4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!GetBinaryTypeW + 70                                                                                                                    75D669F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] ntdll.dll!LdrUnloadDll                                                                                                              7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] ntdll.dll!LdrLoadDll                                                                                                                7774223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] kernel32.dll!GetBinaryTypeW + 70                                                                                                    75D669F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] USER32.dll!UnhookWindowsHookEx                                                                                                      75B7ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] USER32.dll!UnhookWinEvent                                                                                                           75B7B750 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] USER32.dll!SetWindowsHookExW                                                                                                        75B7E30C 5 Bytes  JMP 000F0804 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] USER32.dll!SetWinEventHook                                                                                                          75B824DC 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] USER32.dll!SetWindowsHookExA                                                                                                        75BA6D0C 5 Bytes  JMP 000F0600 
.text           C:\Windows\system32\Dwm.exe[1740] ntdll.dll!LdrUnloadDll                                                                                                                                                     7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\Dwm.exe[1740] ntdll.dll!LdrLoadDll                                                                                                                                                       7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\Dwm.exe[1740] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                           75D669F4 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[1740] USER32.dll!UnhookWindowsHookEx                                                                                                                                             75B7ADF9 5 Bytes  JMP 00080A08 
.text           C:\Windows\system32\Dwm.exe[1740] USER32.dll!UnhookWinEvent                                                                                                                                                  75B7B750 5 Bytes  JMP 000803FC 
.text           C:\Windows\system32\Dwm.exe[1740] USER32.dll!SetWindowsHookExW                                                                                                                                               75B7E30C 5 Bytes  JMP 00080804 
.text           C:\Windows\system32\Dwm.exe[1740] USER32.dll!SetWinEventHook                                                                                                                                                 75B824DC 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\Dwm.exe[1740] USER32.dll!SetWindowsHookExA                                                                                                                                               75BA6D0C 5 Bytes  JMP 00080600 
.text           C:\Windows\Explorer.EXE[1764] ntdll.dll!LdrUnloadDll                                                                                                                                                         7773C86E 5 Bytes  JMP 000A03FC 
.text           C:\Windows\Explorer.EXE[1764] ntdll.dll!LdrLoadDll                                                                                                                                                           7774223E 5 Bytes  JMP 000A01F8 
.text           C:\Windows\Explorer.EXE[1764] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                               75D669F4 1 Byte  [62]
.text           C:\Windows\Explorer.EXE[1764] USER32.dll!UnhookWindowsHookEx                                                                                                                                                 75B7ADF9 5 Bytes  JMP 00150A08 
.text           C:\Windows\Explorer.EXE[1764] USER32.dll!UnhookWinEvent                                                                                                                                                      75B7B750 5 Bytes  JMP 001503FC 
.text           C:\Windows\Explorer.EXE[1764] USER32.dll!SetWindowsHookExW                                                                                                                                                   75B7E30C 5 Bytes  JMP 00150804 
.text           C:\Windows\Explorer.EXE[1764] USER32.dll!SetWinEventHook                                                                                                                                                     75B824DC 5 Bytes  JMP 001501F8 
.text           C:\Windows\Explorer.EXE[1764] USER32.dll!SetWindowsHookExA                                                                                                                                                   75BA6D0C 5 Bytes  JMP 00150600 
.text           C:\Windows\system32\taskhost.exe[1800] ntdll.dll!LdrUnloadDll                                                                                                                                                7773C86E 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\taskhost.exe[1800] ntdll.dll!LdrLoadDll                                                                                                                                                  7774223E 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\taskhost.exe[1800] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                      75D669F4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[1800] USER32.dll!UnhookWindowsHookEx                                                                                                                                        75B7ADF9 5 Bytes  JMP 000E0A08 
.text           C:\Windows\system32\taskhost.exe[1800] USER32.dll!UnhookWinEvent                                                                                                                                             75B7B750 5 Bytes  JMP 000E03FC 
.text           C:\Windows\system32\taskhost.exe[1800] USER32.dll!SetWindowsHookExW                                                                                                                                          75B7E30C 5 Bytes  JMP 000E0804 
.text           C:\Windows\system32\taskhost.exe[1800] USER32.dll!SetWinEventHook                                                                                                                                            75B824DC 5 Bytes  JMP 000E01F8 
.text           C:\Windows\system32\taskhost.exe[1800] USER32.dll!SetWindowsHookExA                                                                                                                                          75BA6D0C 5 Bytes  JMP 000E0600 
.text           C:\Program Files\AVAST Software\Avast\afwServ.exe[1896] kernel32.dll!GetBinaryTypeW + 70                                                                                                                     75D669F4 1 Byte  [62]
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] ntdll.dll!LdrUnloadDll                                                                                                                                       7773C86E 5 Bytes  JMP 000903FC 
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] ntdll.dll!LdrLoadDll                                                                                                                                         7774223E 5 Bytes  JMP 000901F8 
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] kernel32.dll!GetBinaryTypeW + 70                                                                                                                             75D669F4 1 Byte  [62]
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] USER32.dll!UnhookWindowsHookEx                                                                                                                               75B7ADF9 5 Bytes  JMP 000C0A08 
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] USER32.dll!UnhookWinEvent                                                                                                                                    75B7B750 5 Bytes  JMP 000C03FC 
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] USER32.dll!SetWindowsHookExW                                                                                                                                 75B7E30C 5 Bytes  JMP 000C0804 
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] USER32.dll!SetWinEventHook                                                                                                                                   75B824DC 5 Bytes  JMP 000C01F8 
.text           C:\Windows\servicing\TrustedInstaller.exe[1980] USER32.dll!SetWindowsHookExA                                                                                                                                 75BA6D0C 5 Bytes  JMP 000C0600 
.text           C:\Windows\System32\svchost.exe[2156] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\System32\svchost.exe[2156] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\System32\svchost.exe[2156] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[2156] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00150A08 
.text           C:\Windows\System32\svchost.exe[2156] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 001503FC 
.text           C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00150804 
.text           C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 001501F8 
.text           C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00150600 
.text           C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\System32\svchost.exe[2232] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[2232] user32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 002D0A08 
.text           C:\Windows\System32\svchost.exe[2232] user32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 002D03FC 
.text           C:\Windows\System32\svchost.exe[2232] user32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 002D0804 
.text           C:\Windows\System32\svchost.exe[2232] user32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 002D01F8 
.text           C:\Windows\System32\svchost.exe[2232] user32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 002D0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] ntdll.dll!LdrUnloadDll                                                                                                                     7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] ntdll.dll!LdrLoadDll                                                                                                                       7774223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] kernel32.dll!GetBinaryTypeW + 70                                                                                                           75D669F4 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] USER32.dll!UnhookWindowsHookEx                                                                                                             75B7ADF9 5 Bytes  JMP 00120A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] USER32.dll!UnhookWinEvent                                                                                                                  75B7B750 5 Bytes  JMP 001203FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] USER32.dll!SetWindowsHookExW                                                                                                               75B7E30C 5 Bytes  JMP 00120804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] USER32.dll!SetWinEventHook                                                                                                                 75B824DC 5 Bytes  JMP 001201F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2264] USER32.dll!SetWindowsHookExA                                                                                                               75BA6D0C 5 Bytes  JMP 00120600 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] ntdll.dll!LdrUnloadDll                                                                                                                                   7773C86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] ntdll.dll!LdrLoadDll                                                                                                                                     7774223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] kernel32.dll!GetBinaryTypeW + 70                                                                                                                         75D669F4 1 Byte  [62]
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] USER32.dll!UnhookWindowsHookEx                                                                                                                           75B7ADF9 5 Bytes  JMP 00360A08 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] USER32.dll!UnhookWinEvent                                                                                                                                75B7B750 5 Bytes  JMP 003603FC 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] USER32.dll!SetWindowsHookExW                                                                                                                             75B7E30C 5 Bytes  JMP 00360804 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] USER32.dll!SetWinEventHook                                                                                                                               75B824DC 5 Bytes  JMP 003601F8 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[2608] USER32.dll!SetWindowsHookExA                                                                                                                             75BA6D0C 5 Bytes  JMP 00360600 
.text           C:\Windows\system32\svchost.exe[2788] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[2788] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[2788] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2788] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Windows\system32\svchost.exe[2788] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 001F03FC 
.text           C:\Windows\system32\svchost.exe[2788] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 001F0804 
.text           C:\Windows\system32\svchost.exe[2788] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 001F01F8 
.text           C:\Windows\system32\svchost.exe[2788] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\system32\vssvc.exe[2816] ntdll.dll!LdrUnloadDll                                                                                                                                                   7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\vssvc.exe[2816] ntdll.dll!LdrLoadDll                                                                                                                                                     7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\vssvc.exe[2816] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                         75D669F4 1 Byte  [62]
.text           C:\Windows\system32\vssvc.exe[2816] USER32.dll!UnhookWindowsHookEx                                                                                                                                           75B7ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\vssvc.exe[2816] USER32.dll!UnhookWinEvent                                                                                                                                                75B7B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\vssvc.exe[2816] USER32.dll!SetWindowsHookExW                                                                                                                                             75B7E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\vssvc.exe[2816] USER32.dll!SetWinEventHook                                                                                                                                               75B824DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\vssvc.exe[2816] USER32.dll!SetWindowsHookExA                                                                                                                                             75BA6D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] ntdll.dll!LdrUnloadDll                                                                                                                                    7773C86E 5 Bytes  JMP 001503FC 
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] ntdll.dll!LdrLoadDll                                                                                                                                      7774223E 5 Bytes  JMP 001501F8 
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] kernel32.dll!GetBinaryTypeW + 70                                                                                                                          75D669F4 1 Byte  [62]
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] USER32.dll!UnhookWindowsHookEx                                                                                                                            75B7ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] USER32.dll!UnhookWinEvent                                                                                                                                 75B7B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] USER32.dll!SetWindowsHookExW                                                                                                                              75B7E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] USER32.dll!SetWinEventHook                                                                                                                                75B824DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe[2844] USER32.dll!SetWindowsHookExA                                                                                                                              75BA6D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[2920] kernel32.dll!GetBinaryTypeW + 70                                                                                                                     75D669F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] ntdll.dll!LdrUnloadDll                                                                                                                          7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] ntdll.dll!LdrLoadDll                                                                                                                            7774223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] kernel32.dll!GetBinaryTypeW + 70                                                                                                                75D669F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] USER32.dll!UnhookWindowsHookEx                                                                                                                  75B7ADF9 5 Bytes  JMP 00310A08 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] USER32.dll!UnhookWinEvent                                                                                                                       75B7B750 5 Bytes  JMP 003103FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] USER32.dll!SetWindowsHookExW                                                                                                                    75B7E30C 5 Bytes  JMP 00310804 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] USER32.dll!SetWinEventHook                                                                                                                      75B824DC 5 Bytes  JMP 003101F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3108] USER32.dll!SetWindowsHookExA                                                                                                                    75BA6D0C 5 Bytes  JMP 00310600 
.text           C:\Windows\system32\SearchIndexer.exe[3436] ntdll.dll!LdrUnloadDll                                                                                                                                           7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\SearchIndexer.exe[3436] ntdll.dll!LdrLoadDll                                                                                                                                             7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\SearchIndexer.exe[3436] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                 75D669F4 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[3436] USER32.dll!UnhookWindowsHookEx                                                                                                                                   75B7ADF9 5 Bytes  JMP 00140A08 
.text           C:\Windows\system32\SearchIndexer.exe[3436] USER32.dll!UnhookWinEvent                                                                                                                                        75B7B750 5 Bytes  JMP 001403FC 
.text           C:\Windows\system32\SearchIndexer.exe[3436] USER32.dll!SetWindowsHookExW                                                                                                                                     75B7E30C 5 Bytes  JMP 00140804 
.text           C:\Windows\system32\SearchIndexer.exe[3436] USER32.dll!SetWinEventHook                                                                                                                                       75B824DC 5 Bytes  JMP 001401F8 
.text           C:\Windows\system32\SearchIndexer.exe[3436] USER32.dll!SetWindowsHookExA                                                                                                                                     75BA6D0C 5 Bytes  JMP 00140600 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] ntdll.dll!LdrUnloadDll                                                                                                                              7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] ntdll.dll!LdrLoadDll                                                                                                                                7774223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] kernel32.dll!GetBinaryTypeW + 70                                                                                                                    75D669F4 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] USER32.dll!UnhookWindowsHookEx                                                                                                                      75B7ADF9 5 Bytes  JMP 00150A08 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] USER32.dll!UnhookWinEvent                                                                                                                           75B7B750 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] USER32.dll!SetWindowsHookExW                                                                                                                        75B7E30C 5 Bytes  JMP 00150804 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] USER32.dll!SetWinEventHook                                                                                                                          75B824DC 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3652] USER32.dll!SetWindowsHookExA                                                                                                                        75BA6D0C 5 Bytes  JMP 00150600 
.text           C:\Windows\System32\svchost.exe[3872] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\System32\svchost.exe[3872] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\System32\svchost.exe[3872] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3880] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[3880] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[3880] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3880] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00500A08 
.text           C:\Windows\system32\svchost.exe[3880] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 005003FC 
.text           C:\Windows\system32\svchost.exe[3880] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00500804 
.text           C:\Windows\system32\svchost.exe[3880] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 005001F8 
.text           C:\Windows\system32\svchost.exe[3880] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00500600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] ntdll.dll!LdrUnloadDll                                                                                                                                    7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] ntdll.dll!LdrLoadDll                                                                                                                                      7774223E 5 Bytes  JMP 5E50696F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] kernel32.dll!MapViewOfFile                                                                                                                                75D493DB 5 Bytes  JMP 5E7B0219 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] kernel32.dll!VirtualAlloc                                                                                                                                 75D4C43A 5 Bytes  JMP 5E7B0240 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] kernel32.dll!GetBinaryTypeW + 70                                                                                                                          75D669F4 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] USER32.dll!UnhookWindowsHookEx                                                                                                                            75B7ADF9 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] USER32.dll!UnhookWinEvent                                                                                                                                 75B7B750 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] USER32.dll!SetWindowsHookExW                                                                                                                              75B7E30C 5 Bytes  JMP 00080804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] USER32.dll!SetWinEventHook                                                                                                                                75B824DC 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] USER32.dll!SetWindowsHookExA                                                                                                                              75BA6D0C 5 Bytes  JMP 00080600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4404] GDI32.dll!CreateDIBSection                                                                                                                                77338850 5 Bytes  JMP 5E7B01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Windows\system32\taskmgr.exe[5816] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\taskmgr.exe[5816] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\taskmgr.exe[5816] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\taskmgr.exe[5816] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\taskmgr.exe[5816] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\taskmgr.exe[5816] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\taskmgr.exe[5816] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\taskmgr.exe[5816] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00100600 
.text           C:\Windows\system32\AUDIODG.EXE[5920] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\AUDIODG.EXE[5920] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\AUDIODG.EXE[5920] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\AUDIODG.EXE[5920] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00200A08 
.text           C:\Windows\system32\AUDIODG.EXE[5920] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 002003FC 
.text           C:\Windows\system32\AUDIODG.EXE[5920] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00200804 
.text           C:\Windows\system32\AUDIODG.EXE[5920] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 002001F8 
.text           C:\Windows\system32\AUDIODG.EXE[5920] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\system32\msiexec.exe[5932] ntdll.dll!LdrUnloadDll                                                                                                                                                 7773C86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\msiexec.exe[5932] ntdll.dll!LdrLoadDll                                                                                                                                                   7774223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\msiexec.exe[5932] kernel32.dll!GetBinaryTypeW + 70                                                                                                                                       75D669F4 1 Byte  [62]
.text           C:\Windows\system32\msiexec.exe[5932] USER32.dll!UnhookWindowsHookEx                                                                                                                                         75B7ADF9 5 Bytes  JMP 00150A08 
.text           C:\Windows\system32\msiexec.exe[5932] USER32.dll!UnhookWinEvent                                                                                                                                              75B7B750 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\msiexec.exe[5932] USER32.dll!SetWindowsHookExW                                                                                                                                           75B7E30C 5 Bytes  JMP 00150804 
.text           C:\Windows\system32\msiexec.exe[5932] USER32.dll!SetWinEventHook                                                                                                                                             75B824DC 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\msiexec.exe[5932] USER32.dll!SetWindowsHookExA                                                                                                                                           75BA6D0C 5 Bytes  JMP 00150600 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                                                                      [7132F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                      [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                       [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                     [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                                    [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1640] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                                                     [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\AVAST Software\Avast\afwServ.exe[1896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                                                                       [7132F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\AVAST Software\Avast\AvastUI.exe[2920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                                                                       [7132F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Windows\system32\msiexec.exe[5932] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                       [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\msiexec.exe[5932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                                                         [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\msiexec.exe[5932] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                          [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\msiexec.exe[5932] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                                                        [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\msiexec.exe[5932] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                                                                                        [7573FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                       aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                                                       szkgfs.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                                      aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device          \Driver\ACPI_HAL \Device\00000057                                                                                                                                                                            halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                                                                      aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device          \Driver\88323290 \Device\KLMD16012012_207010                                                                                                                                                                 79383622.sys
Device          \Driver\szkg5 \Device\MSProcess                                                                                                                                                                              szkg.sys

---- Files - GMER 1.0.15 ----

File            C:\avast! sandbox                                                                                                                                                                                            0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000                                                                                                                                              0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105                                                                                                                                         0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\OTL.exe_{bfab1a44-b2d6-11e1-9ec6-e0cb4ee19117}                                                                                          0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\OTL.exe_{bfab1a4e-b2d6-11e1-9ec6-e0cb4ee19117}                                                                                          0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}                                                                                    0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}\C                                                                                  0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users                                                                            0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb                                                                      0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData                                                              0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData\Local                                                        0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData\Local\Temp                                                   0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18b0-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData\Local\Temp\Uninstall.exe                                     300563 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18c4-b2d6-11e1-9ec6-e0cb4ee19117}                                                                                    0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}                                                                                    0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}\C                                                                                  0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users                                                                            0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb                                                                      0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData                                                              0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData\Local                                                        0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData\Local\Temp                                                   0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\r105\Uninstall.exe_{bfab18cd-b2d6-11e1-9ec6-e0cb4ee19117}\C\Users\blubb\AppData\Local\Temp\Uninstall.exe                                     300563 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone                                                                                                                                       0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C                                                                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile                                                                                                                      0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt                                                                                               4 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default                                                                                                              0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\History Index 2012-05                                                                                        36864 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Archived History                                                                                             53248 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Bookmarks                                                                                                    513 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Bookmarks.bak                                                                                                513 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache                                                                                                        0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\data_0                                                                                                 45056 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\data_1                                                                                                 270336 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\data_2                                                                                                 1056768 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\data_3                                                                                                 4202496 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001                                                                                               16393 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002                                                                                               43329 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003                                                                                               149359 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009                                                                                               80848 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a                                                                                               18703 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c                                                                                               46312 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d                                                                                               62486 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000011                                                                                               16532 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000012                                                                                               16393 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000013                                                                                               43329 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000017                                                                                               16532 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000018                                                                                               16393 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_000019                                                                                               43330 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001a                                                                                               80848 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001b                                                                                               29580 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001c                                                                                               29389 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001d                                                                                               18703 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001e                                                                                               16533 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001f                                                                                               16498 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cache\index                                                                                                  524656 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Cookies                                                                                                      6144 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Current Session                                                                                              5682 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Current Tabs                                                                                                 5440 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Favicons                                                                                                     10240 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\History                                                                                                      98304 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\History Index 2012-06                                                                                        36864 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Last Session                                                                                                 16350 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Last Tabs                                                                                                    10350 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Plugin Data                                                                                                  0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Plugin Data\Google Gears                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Preferences                                                                                                  1709 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Top Sites                                                                                                    32768 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\User StyleSheets                                                                                             0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css                                                                                  0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Visited Links                                                                                                131072 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Default\Web Data                                                                                                     61440 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\First Run                                                                                                            0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\sfzone_profile\Local State                                                                                                          2238 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users                                                                                                                               0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb                                                                                                                         0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData                                                                                                                 0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Local                                                                                                           0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Local\Temp                                                                                                      0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow                                                                                                        0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft                                                                                              0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache                                                                             0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\48C226A0FE7D97DE1C716B47235CB639_A62A12E9232B27717F82C4F61F73EB86   1084 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527   471 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData                                                                    0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48C226A0FE7D97DE1C716B47235CB639_A62A12E9232B27717F82C4F61F73EB86  400 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B4378BD2E36B69DECED3E341BD654801_739E3B2A46EFF4607E6FD10C35F5628D  404 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_4FA02149D30BBA29AF4BE93A384DDD9C  412 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_AAF168C896D14214BE46C922A167710F  408 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527  404 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Roaming                                                                                                         0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Roaming\Mozilla                                                                                                 0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Roaming\Mozilla\Firefox                                                                                         0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Roaming\Mozilla\Firefox\Profiles                                                                                0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Roaming\Mozilla\Firefox\Profiles\lrb356hj.default                                                               0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\AppData\Roaming\Mozilla\Firefox\Profiles\lrb356hj.default\places.sqlite                                                 10485760 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\Desktop                                                                                                                 0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Users\blubb\Desktop\Chromium.lnk                                                                                                    2276 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Windows                                                                                                                             0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Windows\Prefetch                                                                                                                    0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Windows\Prefetch\CTFMON.EXE-AF4187A6.pf                                                                                             119590 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\C\Windows\Prefetch\SAFEZONEBROWSER.EXE-74FF4DA2.pf                                                                                    45298 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\sfzone\snx_fs.dat                                                                                                                            12110 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage                                                                                                                                   0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C                                                                                                                                 0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Program Files                                                                                                                   0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Program Files\Common Files                                                                                                      0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Program Files\Common Files\Blizzard Entertainment                                                                               0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Program Files\Common Files\Blizzard Entertainment\BlizzardDownloader.ini                                                        194 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users                                                                                                                           0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb                                                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData                                                                                                             0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local                                                                                                       0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft                                                                                             0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files                                                            0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5                                                0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DNTIZ3F                                       0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DNTIZ3F\desktop.ini                           67 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEC6BWAW                                       0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEC6BWAW\desktop.ini                           67 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R65J2ZK8                                       0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R65J2ZK8\desktop.ini                           67 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLIAP6                                       0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLIAP6\desktop.ini                           67 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Temp                                                                                                  0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Temp\Rar$EXa0.174                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Local\Temp\Rar$EXa0.174\Setup.exe                                                                           2689279 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Roaming                                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Roaming\Mozilla                                                                                             0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Roaming\Mozilla\Firefox                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Roaming\Mozilla\Firefox\Profiles                                                                            0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Roaming\Mozilla\Firefox\Profiles\lrb356hj.default                                                           0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Roaming\Mozilla\Firefox\Profiles\lrb356hj.default\prefs.js                                                  15026 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\AppData\Roaming\Mozilla\Firefox\Profiles\lrb356hj.default\sessionstore.js                                           120858 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\Downloads                                                                                                           0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\Downloads\fotosortierer_setup(1).exe                                                                                12135896 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\C\Users\blubb\Downloads\fotosortierer_setup.exe                                                                                   12135896 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\E                                                                                                                                 0 bytes
File            C:\avast! sandbox\S-1-5-21-2049343741-2144649846-139975811-1000\webStorage\E\icon.ico                                                                                                                        43923 bytes
File            C:\avast! sandbox\snx_rhive                                                                                                                                                                                  262144 bytes
File            C:\avast! sandbox\snx_rhive.LOG1                                                                                                                                                                             82944 bytes
File            C:\avast! sandbox\snx_rhive.LOG2                                                                                                                                                                             0 bytes
File            C:\avast! sandbox\snx_rhive{471559cd-af3e-11e1-9f3b-e0cb4ee19117}.TM.blf                                                                                                                                     65536 bytes
File            C:\avast! sandbox\snx_rhive{471559cd-af3e-11e1-9f3b-e0cb4ee19117}.TMContainer00000000000000000001.regtrans-ms                                                                                                524288 bytes
File            C:\avast! sandbox\snx_rhive{471559cd-af3e-11e1-9f3b-e0cb4ee19117}.TMContainer00000000000000000002.regtrans-ms                                                                                                524288 bytes
File            C:\avast! sandbox\snx_rhive{a9e9135b-9af7-11e1-9284-e0cb4ee19117}.TM.blf                                                                                                                                     65536 bytes
File            C:\avast! sandbox\snx_rhive{a9e9135b-9af7-11e1-9284-e0cb4ee19117}.TMContainer00000000000000000001.regtrans-ms                                                                                                524288 bytes
File            C:\avast! sandbox\snx_rhive{a9e9135b-9af7-11e1-9284-e0cb4ee19117}.TMContainer00000000000000000002.regtrans-ms                                                                                                524288 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

2.MBR log

Code:

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST3360320AS rev.3.AAM -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys dxgmms1.sys watchdog.sys dxgkrnl.sys nvlddmkm.sys intelppm.sys 
C:\Windows\system32\DRIVERS\nvlddmkm.sys NVIDIA Corporation NVIDIA Windows Kernel Mode Driver, Version 296.10 
1 ntkrnlpa!IofCallDriver[0x82A4D55A] -> \Device\Harddisk0\DR0[0x86114030]
3 CLASSPNP[0x8C82D59E] -> ntkrnlpa!IofCallDriver[0x82A4D55A] -> [0x85C827E0]
5 ACPI[0x8C0343D4] -> ntkrnlpa!IofCallDriver[0x82A4D55A] -> \Device\Ide\IdeDeviceP2T1L0-5[0x85C82908]
kernel: MBR read successfully
user & kernel MBR OK

kira · 11.06.2012, 04:42

1.
starte Malwarebytes Anti-Malware
-> Funde aus Quarantäne löschen
-> Update ziehen
-> Vollständiger Suchlauf wählen
-> Funde löschen lassen
-> Scanergebnis hier posten!

2.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:

Code:

ATTFilter

Amazon Browser Bar

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {F30CCDB5-25C0-4BC7-902F-640F8E23549F}
IE - HKCU\..\SearchScopes\{F30CCDB5-25C0-4BC7-902F-640F8E23549F}: "URL" = http://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
IE - HKLM\..\URLSearchHook: {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Deutsch Toolbar) - {F361B100-73C5-4793-8BCC-6E5C41510210} - C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\Shell - "" = AutoRun
O33 - MountPoints2\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\Shell\AutoRun\command - "" = E:\SETUP.EXE
[2012.06.10 10:25:29 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2049343741-2144649846-139975811-1000UA.job
[2012.06.09 02:08:06 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2049343741-2144649846-139975811-1000Core.job

:Files
C:\Program Files\Amazon
C:\Program Files\Amazon Browser Bar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

maumina · 11.06.2012, 19:35

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Ich habe nur den Benuzternamen(pc namen geändert durch *

Muss ich dann die Punkte im Script durch den benuzternamen ersetzen ?
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\PC-NAME\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

So ?

OLT scipt bericht.
OLT-Neuscann Nach dem ich den Scipt eingefügt habe und Neugestartet habe,stoppt er beim scannen Firefox. Also er stürzt ab und lädt nicht weiter.
1.MALWARE-ergebniss

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
blubb :: BLUBB-PC [Administrator]

Schutz: Aktiviert

11.06.2012 21:03:13
mbam-log-2012-06-11 (21-03-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 272383
Laufzeit: 25 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\blubb\Downloads\SoftonicDownloader_fuer_trackmania-nations-forever.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OLT nach dem Neustart.

Code:

ATTFilter

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1448 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 281,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06112012_204101

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Grml das man nur 60 minuten lang editieren kann.

Ich habe jetzt auch 2 neue Datein auf dem Desktop.

Dekstop inni 2 stück.Sind einfach aufgetaucht

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

Und das steht in der anderen Dekstop.ini
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Okay, ich habe nun leider wieder zu schnell gehandelt. Ich habe 1 mal bei dem script die.. ersezt durch den pc namen und gefixt, und nun habe ich das Script unverändert gefixt und nun sind auch die 2 Desktop innis weg.

Zu dem ein neuer Report. Entschuldige ich werde mich ab sofort in Geduld üben.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F30CCDB5-25C0-4BC7-902F-640F8E23549F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F30CCDB5-25C0-4BC7-902F-640F8E23549F}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f361b100-73c5-4793-8bcc-6e5c41510210} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f361b100-73c5-4793-8bcc-6e5c41510210}\ not found.
File C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f361b100-73c5-4793-8bcc-6e5c41510210} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f361b100-73c5-4793-8bcc-6e5c41510210}\ not found.
File C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ not found.
File C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f361b100-73c5-4793-8bcc-6e5c41510210}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f361b100-73c5-4793-8bcc-6e5c41510210}\ not found.
File C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}\ not found.
File C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EA582743-9076-4178-9AA6-7393FDF4D5CE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}\ not found.
File C:\Programme\Amazon Browser Bar\AmazonBrowserBar.3.0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f361b100-73c5-4793-8bcc-6e5c41510210} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f361b100-73c5-4793-8bcc-6e5c41510210}\ not found.
File C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F361B100-73C5-4793-8BCC-6E5C41510210} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F361B100-73C5-4793-8BCC-6E5C41510210}\ not found.
File C:\Programme\ZoneAlarm_Deutsch\prxtbZon0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ef5947-96ed-11e1-8f39-e0cb4ee19117}\ not found.
File E:\SETUP.EXE not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2049343741-2144649846-139975811-1000UA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2049343741-2144649846-139975811-1000Core.job not found.
========== FILES ==========
File\Folder C:\Program Files\Amazon not found.
File\Folder C:\Program Files\Amazon Browser Bar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\blubb\Downloads\cmd.bat deleted successfully.
C:\Users\blubb\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: blubb
->Temp folder emptied: 26360356 bytes
->Temporary Internet Files folder emptied: 3867924 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71173878 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 983 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1448 bytes
RecycleBin emptied: 289556 bytes
 
Total Files Cleaned = 97,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06122012_015351

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

So, komischerweiße funktionierte OTL wieder. Ich habe als er wieder fest hing bei firefox, auf X geklick und auf antwort des Programms warten so wie Firefox gestartet, da ging es auf einmal weiter.

Hier der OTL bericht nach dem FIX.
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.06.2012 02:05:35 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\blubb\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 71,52% Memory free
7,00 Gb Paging File | 5,84 Gb Available in Paging File | 83,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 335,25 Gb Total Space | 250,59 Gb Free Space | 74,75% Space Free | Partition Type: NTFS
 
Computer Name: BLUBB-PC | User Name: blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.10 10:50:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\blubb\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.03.07 02:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.01.13 17:35:08 | 000,605,184 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\Fan Xpert\QFanHelp.exe
PRC - [2009.10.28 04:30:36 | 001,701,888 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.28 04:27:06 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.11 02:27:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.03.07 02:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athr.sys -- (athr)
DRV - [2012.06.12 01:52:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.05 23:00:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.07 02:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012.03.07 02:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010.11.20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.21 05:27:42 | 001,102,848 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.04 10:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.06 04:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD FE DE AD 04 48 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.10 15:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2002.01.01 00:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.08 20:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.21 19:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\Extensions
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wm~1.def\extensions
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wm~1.def\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wmtp.default\extensions
[2012.04.07 20:13:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\fe57wmtp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.11 21:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\lrb356hj.default\extensions
[2012.04.28 19:58:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\blubb\AppData\Roaming\mozilla\firefox\profiles\lrb356hj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.21 13:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2002.01.01 00:27:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.06.08 20:22:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\blubb\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\blubb\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\blubb\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\blubb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\blubb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: avast! WebRep = C:\Users\blubb\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\blubb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Fan Xpert\QFanHelp.exe (ASUSTeK Computer Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\blubb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65A72D6C-6BC3-499B-BA14-1570B997B9A3}: DhcpNameServer = 192.168.2.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2012.06.12 01:52:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.11 20:41:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.10 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.10 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.10 10:37:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.06.10 10:37:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.10 10:30:24 | 000,101,112 | R--- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012.06.10 10:20:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.10 09:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012.06.10 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2012.06.10 09:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.10 09:25:32 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Malwarebytes
[2012.06.10 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.10 09:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 09:25:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.10 09:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.09 05:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed
[2012.06.03 21:26:39 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\TeamViewer
[2012.05.31 22:05:29 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\S1.03.15
[2012.05.31 21:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.05.31 21:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012.05.29 03:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2012.05.29 03:49:01 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\TrackMania
[2012.05.29 03:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2012.05.29 03:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\TmNationsForever
[2012.05.29 03:45:16 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\tmnationsforever_setup_de
[2012.05.27 21:54:53 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2012.05.27 21:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\GPU-Z
[2012.05.25 01:20:35 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\LolClient2
[2012.05.24 22:19:14 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\FanXpert
[2012.05.23 01:57:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.18 23:44:21 | 000,000,000 | ---D | C] -- C:\diablo
[2012.05.18 23:44:04 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\Logs
[2012.05.18 23:43:33 | 002,679,048 | ---- | C] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
[2012.05.18 23:39:04 | 002,766,595 | ---- | C] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_deDE.exe
[2012.05.14 23:16:58 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\.Nitrous
[2012.05.14 22:31:56 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\eeee
[2012.05.13 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\NVIDIA
[2012.05.13 00:02:23 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.05.12 23:35:15 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\StarCraft II
[2012.05.12 23:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.05.12 23:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2012.05.12 16:07:42 | 029,822,976 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\blubb\Desktop\TeamSpeak3-Client-win32-3.0.6.exe
[2012.05.12 03:09:38 | 000,000,000 | ---D | C] -- C:\starcraft
[2012.05.12 02:28:21 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\mresreg
[2012.05.12 02:28:20 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\Quellordner (zB neue Fotos von der Digitalkamera)
[2012.05.12 02:28:20 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\Demo-Fotos
[2012.05.12 02:28:11 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\IN-MEDIAKG
[2012.05.12 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\FotoSortierer XL
[2012.05.12 02:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\mresreg
[2012.05.12 02:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.05.12 02:10:04 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2012.05.12 02:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2012.05.12 02:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012.05.12 02:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2012.05.11 20:45:25 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012.05.11 20:45:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2012.05.11 20:45:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012.05.11 20:45:24 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012.05.11 20:45:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012.05.11 20:45:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012.05.11 20:45:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012.05.11 20:45:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012.05.11 20:45:21 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012.05.11 20:45:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2012.05.11 20:45:21 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2012.05.11 20:45:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012.05.11 20:45:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2012.05.11 20:45:21 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012.05.11 20:45:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012.05.11 20:45:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2012.05.11 20:45:20 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012.05.11 20:45:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2012.05.11 20:45:20 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012.05.11 20:45:20 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012.05.11 20:45:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2012.05.11 20:45:19 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012.05.11 20:45:19 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012.05.11 20:45:19 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012.05.11 20:45:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012.05.11 20:45:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012.05.11 20:45:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012.05.11 20:45:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012.05.11 20:45:19 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012.05.11 20:45:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012.05.11 20:45:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012.05.11 20:45:18 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2012.05.11 20:45:18 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2012.05.11 20:45:18 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2012.05.11 20:45:18 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2012.05.11 20:45:18 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2012.05.11 20:45:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2012.05.11 20:45:18 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2012.05.11 20:45:17 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2012.05.11 20:45:17 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2012.05.11 20:45:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2012.05.11 20:45:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2012.05.11 20:45:17 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2012.05.11 20:45:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2012.05.11 20:45:16 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012.05.11 20:45:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012.05.11 20:45:16 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012.05.11 20:45:16 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012.05.11 20:45:16 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2012.05.11 20:45:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012.05.11 20:45:15 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012.05.11 20:45:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012.05.11 20:45:15 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012.05.11 20:45:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012.05.11 20:45:14 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.05.11 20:45:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012.05.11 20:45:14 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012.05.11 20:45:14 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012.05.11 20:45:14 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012.05.11 20:45:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012.05.11 20:45:13 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012.05.11 20:45:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012.05.11 20:45:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012.05.11 20:45:13 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012.05.11 20:45:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012.05.11 20:45:10 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012.05.11 20:45:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012.05.11 20:45:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012.05.11 20:45:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012.05.11 20:45:09 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012.05.11 20:45:09 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012.05.11 20:45:09 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012.05.11 20:45:09 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012.05.11 20:40:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.05.11 20:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012.05.11 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.05.11 20:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012.05.11 20:34:27 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\DivX
[2012.05.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.11 14:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.05.11 14:27:07 | 003,881,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012.05.11 14:27:07 | 002,719,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012.05.11 14:27:07 | 002,561,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.05.11 14:27:07 | 000,108,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012.05.11 14:27:07 | 000,062,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012.05.11 14:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.05.11 14:26:22 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012.05.11 14:26:22 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012.05.11 14:26:22 | 010,819,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012.05.11 14:26:22 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012.05.11 14:26:22 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012.05.11 14:26:22 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012.05.11 14:26:22 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012.05.11 14:26:22 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012.05.11 14:26:22 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012.05.11 14:26:22 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.05.11 14:26:21 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012.05.11 14:26:21 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012.05.11 14:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.05.11 14:25:46 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.05.08 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\.minecraft
[2012.05.08 21:30:12 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\Minecraft
[2012.05.08 20:39:51 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.08 20:39:51 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.08 20:39:50 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.08 20:39:49 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.05 23:15:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012.05.05 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\Skyrim
[2012.05.05 23:11:22 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\My Games
[2012.05.05 23:02:48 | 000,000,000 | ---D | C] -- C:\The Elder Scrolls V- Skyrim
[2012.05.05 23:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.05.05 23:00:31 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.05.05 23:00:28 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\DAEMON Tools Lite
[2012.05.05 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.05.05 22:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.05.04 01:22:54 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.04 01:20:56 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\Google
[2012.05.03 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\blubb\.IBot
[2012.05.03 23:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\KBot
[2012.05.01 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\Green Gamer
[2012.05.01 22:48:06 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\Mystery Valley
[2012.05.01 21:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.05.01 21:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2012.05.01 21:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.04.28 20:22:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012.04.28 20:22:19 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012.04.28 20:22:19 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2012.04.28 20:22:19 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2012.04.28 20:22:19 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012.04.28 20:22:03 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012.04.28 20:21:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.04.28 20:21:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012.04.28 20:21:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012.04.28 20:21:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012.04.28 20:20:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012.04.28 19:58:22 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.04.28 19:58:18 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.04.28 17:06:19 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\BoxyBot
[2012.04.28 09:45:30 | 001,500,160 | ---- | C] (gähn) -- C:\Users\blubb\Desktop\WoW.exe
[2012.04.28 07:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
[2012.04.28 07:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2012.04.26 01:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.26 01:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.24 21:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.04.24 21:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2012.04.24 21:34:46 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\WinRAR
[2012.04.24 21:34:46 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.24 21:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.24 21:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.04.21 16:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012.04.21 16:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III Beta
[2012.04.21 16:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.04.21 16:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.04.20 23:46:22 | 000,000,000 | ---D | C] -- C:\Users\blubb\riotsGamesLogs
[2012.04.20 23:45:54 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\LolClient
[2012.04.20 20:26:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012.04.20 20:26:34 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012.04.20 20:26:34 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012.04.20 20:26:33 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012.04.20 20:26:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012.04.20 20:21:29 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.04.20 20:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.04.12 01:33:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.12 01:33:55 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.12 01:33:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.12 01:33:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.12 01:33:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.12 01:33:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 23:02:03 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Skype
[2012.04.11 23:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.11 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.04.11 23:01:47 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.04.11 23:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.04.10 17:43:09 | 000,000,000 | ---D | C] -- C:\Users\blubb\Desktop\LeagueOfLegends
[2012.04.10 17:38:41 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\PMB Files
[2012.04.10 17:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.04.10 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.04.10 15:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.04.10 15:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.04.10 15:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012.04.10 15:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.04.10 15:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.04.10 14:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods
[2012.04.10 14:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.04.10 14:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.04.10 14:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.10 14:38:36 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.04.10 14:38:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.10 14:38:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.10 14:38:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.10 14:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.10 00:42:26 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\Diagnostics
[2012.04.10 00:05:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.04.07 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.07 20:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.04.07 20:13:02 | 000,772,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2012.04.07 20:13:02 | 000,419,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2012.04.07 20:13:02 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl100.dll
[2012.04.07 20:13:02 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcm100u.dll
[2012.04.07 20:13:01 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100u.dll
[2012.04.07 20:12:53 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\DVDVideoSoft
[2012.04.07 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.04.07 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.04.05 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\Mozilla
[2012.04.05 21:07:11 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\mozilla
[2012.04.05 21:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.04.04 20:44:35 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
[2012.04.04 20:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.04.04 20:43:49 | 001,102,848 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viahduaa.sys
[2012.04.04 20:43:49 | 000,868,352 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\VIAPropPageExt.dll
[2012.04.04 20:43:49 | 000,502,272 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\VIASysFx.dll
[2012.04.04 20:43:49 | 000,211,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\Dts2APO.dll
[2012.04.04 20:43:49 | 000,181,248 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\ViaMicArrayAPO.dll
[2012.04.04 20:43:49 | 000,076,288 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQPropPageExt.dll
[2012.04.04 20:43:49 | 000,075,776 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\Dts2PropPageExt.dll
[2012.04.04 20:43:49 | 000,071,680 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQAPO.dll
[2012.04.04 20:43:49 | 000,068,608 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\System32\ViaMicArrayPropPageExt.dll
[2012.04.04 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2012.04.04 20:42:19 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012.04.04 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.04.04 20:41:54 | 000,000,000 | ---D | C] -- C:\Intel
[2012.04.04 20:40:08 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.04.04 20:40:06 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012.04.04 20:40:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.04.04 20:39:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.04.04 20:39:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.04.04 20:31:59 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.04.04 20:31:59 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.04.04 20:31:41 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.04.04 20:31:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.04.04 12:43:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.04.04 12:43:28 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.04.04 12:43:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.04.04 12:43:27 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.04.04 12:43:27 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.04.04 00:45:33 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\ElevatedDiagnostics
[2012.04.03 22:41:56 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\MailFrontier
[2012.04.03 22:21:14 | 000,000,000 | ---D | C] -- C:\Users\blubb\Documents\ForceField Shared Files
[2012.04.03 22:21:14 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\CheckPoint
[2012.04.03 22:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Deutsch
[2012.04.03 22:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012.04.03 22:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012.04.03 22:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.04.03 22:01:54 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Macromedia
[2012.04.03 22:01:54 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Adobe
[2012.04.03 22:01:46 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.03 22:01:46 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.03 22:01:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.04.03 21:53:26 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.04.03 21:16:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.04.03 21:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012.04.03 21:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2012.04.03 21:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012.04.03 21:00:32 | 000,000,000 | R--D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.04.03 21:00:32 | 000,000,000 | R--D | C] -- C:\Users\blubb\Searches
[2012.04.03 21:00:32 | 000,000,000 | R--D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.04.03 21:00:24 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Identities
[2012.04.03 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\blubb\Contacts
[2012.04.03 20:58:47 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\VirtualStore
[2012.04.03 20:58:46 | 000,000,000 | --SD | C] -- C:\Users\blubb\AppData\Roaming\Microsoft
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Videos
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Saved Games
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Pictures
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Music
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Links
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Favorites
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Downloads
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Documents
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\Desktop
[2012.04.03 20:58:46 | 000,000,000 | R--D | C] -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Vorlagen
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\AppData\Local\Verlauf
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\AppData\Local\Temporary Internet Files
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Startmenü
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\SendTo
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Recent
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Netzwerkumgebung
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Lokale Einstellungen
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Documents\Eigene Videos
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Documents\Eigene Musik
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Eigene Dateien
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Documents\Eigene Bilder
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Druckumgebung
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Cookies
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\AppData\Local\Anwendungsdaten
[2012.04.03 20:58:46 | 000,000,000 | -HSD | C] -- C:\Users\blubb\Anwendungsdaten
[2012.04.03 20:58:46 | 000,000,000 | -H-D | C] -- C:\Users\blubb\AppData
[2012.04.03 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\Temp
[2012.04.03 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Local\Microsoft
[2012.04.03 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\blubb\AppData\Roaming\Media Center Programs
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.04.03 20:58:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.04.03 20:58:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.04.03 20:54:42 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.04.03 20:54:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.01.19 10:22:20 | 000,042,864 | R--- | C] (GFI Software) -- C:\Windows\System32\SBBD.EXE
[2012.01.04 02:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2011.11.08 23:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.11.08 23:45:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.11.08 23:40:19 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.11.08 23:40:19 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.11.08 23:40:19 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.11.08 23:40:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.11.08 23:40:19 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.11.08 23:40:19 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.11.08 23:40:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.11.08 23:40:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.11.08 23:40:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.11.08 23:40:19 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.11.08 23:40:19 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.11.08 23:40:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.11.08 23:40:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.11.08 23:40:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.11.08 23:40:19 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.11.08 23:40:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.11.08 23:40:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.11.08 23:40:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.11.08 23:40:19 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.11.08 23:40:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.11.08 23:40:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.11.08 23:40:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.11.08 23:40:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.11.08 23:40:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.11.08 23:40:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.11.08 23:40:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.11.08 23:40:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.11.08 23:40:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.11.08 23:40:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.11.08 23:40:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.11.08 23:40:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.11.08 23:39:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.11.08 23:39:16 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.11.08 23:32:35 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011.11.08 23:32:35 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011.11.08 23:32:34 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.11.08 23:32:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011.11.08 23:14:43 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.11.08 23:14:34 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.11.08 23:14:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.11.08 23:14:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.11.08 23:14:31 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011.11.08 23:14:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011.11.08 23:14:31 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011.11.08 23:14:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011.11.08 23:14:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011.11.08 23:14:20 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.11.08 23:14:12 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.11.08 23:14:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.11.08 23:14:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.11.08 23:14:07 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.11.08 23:14:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.11.08 23:14:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.11.08 23:14:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.11.08 23:14:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.11.08 23:14:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.11.08 23:14:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.11.08 23:14:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.11.08 23:14:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.11.08 23:14:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.11.08 23:14:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.11.08 23:14:02 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.11.08 23:14:02 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.11.08 23:14:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.11.08 23:13:59 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.11.08 23:13:59 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.11.08 23:13:58 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.11.08 23:13:58 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.11.08 23:13:58 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.11.08 23:13:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.11.08 23:13:58 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.11.08 23:13:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.11.08 23:13:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.11.08 23:13:50 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.11.08 23:13:50 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.11.08 23:13:49 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.11.08 23:13:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011.11.08 23:13:41 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.11.08 23:12:46 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.11.08 23:11:12 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.11.08 22:57:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.11.08 22:55:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.10.21 01:26:22 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
 
========== Files - Modified Within 360 Days ==========
 
[2012.06.12 02:27:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.12 02:02:05 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 02:02:05 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 01:54:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.12 01:54:46 | 2817,875,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.12 01:52:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.11 20:55:44 | 000,001,043 | ---- | M] () -- C:\Users\blubb\Desktop\log.rtf
[2012.06.10 11:32:02 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.06.10 10:53:06 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.10 10:41:35 | 000,005,568 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012.06.10 09:44:20 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012.06.10 09:25:29 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.09 05:34:23 | 000,001,229 | ---- | M] () -- C:\Users\blubb\Desktop\cFosSpeed Calibration.lnk
[2012.06.08 20:32:34 | 000,000,642 | ---- | M] () -- C:\Users\blubb\Desktop\Dokument.rtf
[2012.06.01 08:25:13 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.01 08:25:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.05.31 23:29:09 | 000,173,014 | ---- | M] () -- C:\Users\blubb\Desktop\eea.SC2Map
[2012.05.29 03:48:23 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2012.05.29 03:44:28 | 528,346,845 | ---- | M] () -- C:\Users\blubb\Desktop\tmnationsforever_setup_de.zip
[2012.05.26 04:30:38 | 000,002,382 | ---- | M] () -- C:\Users\blubb\Documents\MumbleAutomaticCertificateBackup.p12
[2012.05.26 02:03:24 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.05.24 08:26:47 | 000,002,397 | ---- | M] () -- C:\Users\blubb\Desktop\Google Chrome.lnk
[2012.05.23 02:00:53 | 000,001,994 | ---- | M] () -- C:\Users\blubb\Desktop\avast! Internet Security.lnk
[2012.05.18 23:43:40 | 002,679,048 | ---- | M] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
[2012.05.18 23:39:16 | 002,766,595 | ---- | M] (Blizzard Entertainment) -- C:\Users\blubb\Desktop\Downloader_Diablo2_deDE.exe
[2012.05.14 20:18:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.14 20:18:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.14 20:18:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.14 20:18:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.12 23:47:05 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.05.12 16:09:44 | 029,822,976 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\blubb\Desktop\TeamSpeak3-Client-win32-3.0.6.exe
[2012.05.12 02:12:36 | 000,234,966 | ---- | M] () -- C:\REST2514.EXE
[2012.05.12 02:11:32 | 000,001,280 | ---- | M] () -- C:\Users\blubb\Desktop\PC Inspector File Recovery.lnk
[2012.05.12 02:04:57 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012.05.11 02:27:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.11 02:27:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.11 00:29:50 | 098,468,848 | ---- | M] () -- C:\Users\blubb\Desktop\avast_internet_security_setup.exe
[2012.05.09 03:16:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.08 22:00:47 | 000,000,864 | ---- | M] () -- C:\Users\blubb\Desktop\MinecraftSP - Verknüpfung.lnk
[2012.05.05 23:15:38 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012.05.05 23:01:07 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.05.05 23:00:31 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.05.03 23:24:41 | 000,001,117 | ---- | M] () -- C:\Users\blubb\Desktop\KBot 623.lnk
[2012.04.28 20:07:37 | 005,558,371 | ---- | M] () -- C:\Users\blubb\Desktop\Die Orsons - Jump (JUICE EXCLUSIVE).mp3
[2012.04.28 20:03:59 | 007,026,138 | ---- | M] () -- C:\Users\blubb\Desktop\Kool Savas & die Liga der außergewöhnlichen Mcees - Allstar Track (Official Video) 2012.mp3
[2012.04.28 19:58:22 | 000,001,356 | ---- | M] () -- C:\Users\blubb\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.28 09:45:34 | 001,500,160 | ---- | M] (gähn) -- C:\Users\blubb\Desktop\WoW.exe
[2012.04.28 07:53:25 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2012.04.24 21:39:47 | 000,001,092 | ---- | M] () -- C:\Users\blubb\Desktop\EVEREST Ultimate Edition.lnk
[2012.04.21 16:21:35 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012.04.21 13:06:09 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 20:26:40 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.04.11 23:01:52 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.10 14:38:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.10 14:38:22 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.10 14:38:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.04.10 14:38:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.04 22:10:10 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.04.04 20:47:52 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.04.04 20:45:01 | 000,026,043 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012.04.04 20:44:07 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012.04.04 20:41:31 | 000,020,906 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 22:21:05 | 000,000,144 | ---- | M] () -- C:\Windows\System32\lkfl.dat
[2012.04.03 22:21:05 | 000,000,128 | ---- | M] () -- C:\Windows\System32\pdfl.dat
[2012.04.03 22:21:05 | 000,000,080 | ---- | M] () -- C:\Windows\System32\ibfl.dat
[2012.04.03 21:53:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.04.03 21:37:04 | 000,007,604 | ---- | M] () -- C:\Users\blubb\AppData\Local\Resmon.ResmonCfg
[2012.04.03 21:35:22 | 000,691,542 | ---- | M] () -- C:\Windows\P5G41C-M-LX-0601.zip
[2012.04.03 20:58:17 | 000,220,110 | RHS- | M] () -- C:\HURVW
[2012.04.03 20:58:17 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2012.04.03 20:56:48 | 000,161,548 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.03.31 06:39:37 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.31 06:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.31 04:36:11 | 002,343,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.22 13:43:58 | 002,557,952 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.03.07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.03.07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.03.07 02:04:25 | 000,112,984 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.03.07 02:03:23 | 000,196,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.03.07 02:02:43 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.03.07 01:44:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.03.06 15:43:14 | 004,421,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc100u.dll
[2012.03.06 15:43:14 | 000,772,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2012.03.06 15:43:14 | 000,419,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2012.03.06 15:43:14 | 000,136,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl100.dll
[2012.03.06 15:43:14 | 000,080,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfcm100u.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.01 01:59:00 | 019,444,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012.03.01 01:59:00 | 017,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012.03.01 01:59:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012.03.01 01:59:00 | 007,713,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012.03.01 01:59:00 | 005,892,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012.03.01 01:59:00 | 002,517,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012.03.01 01:59:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012.03.01 01:59:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012.03.01 01:59:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012.03.01 01:59:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012.03.01 01:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.03.01 01:59:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012.02.29 22:56:41 | 003,881,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012.02.29 22:55:16 | 002,719,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012.02.29 22:53:47 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012.02.29 22:53:46 | 000,062,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012.02.29 22:53:45 | 002,561,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012.02.29 13:26:56 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.28 03:18:55 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.28 03:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.28 03:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.28 03:08:15 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.28 03:03:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.28 02:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.17 07:34:22 | 000,919,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.01.25 07:32:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.01.25 07:32:34 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.01.25 07:27:51 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.01.19 10:22:20 | 000,042,864 | R--- | M] (GFI Software) -- C:\Windows\System32\SBBD.EXE
[2012.01.12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012.01.04 02:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2011.12.30 07:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.11.17 07:34:55 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011.11.08 23:40:19 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.11.08 23:40:19 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.11.08 23:40:19 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.11.08 23:40:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.11.08 23:40:19 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.11.08 23:40:19 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.11.08 23:40:19 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.11.08 23:40:19 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.11.08 23:40:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.11.08 23:40:19 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.11.08 23:40:19 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.11.08 23:40:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.11.08 23:40:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.11.08 23:40:19 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.11.08 23:40:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.11.08 23:40:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.11.08 23:40:19 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.11.08 23:40:19 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.11.08 23:40:19 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.11.08 23:40:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.11.08 23:40:19 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.11.08 23:40:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.11.08 23:40:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.11.08 23:40:19 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.11.08 23:40:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.11.08 23:40:19 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.11.08 23:40:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.11.08 23:40:19 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.11.08 23:40:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.11.08 23:40:19 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.11.08 23:40:19 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.11.08 23:40:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.11.08 22:58:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.11.05 06:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.10.26 06:28:12 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.10.21 01:26:22 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2011.08.17 06:24:12 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.08.17 06:19:27 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.07.16 06:15:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.16 06:15:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.07.16 06:15:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.07.16 06:15:45 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.07.16 06:15:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.16 06:15:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.07.16 06:15:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.16 06:15:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.07.16 04:17:19 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.07.16 04:17:19 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.16 04:17:19 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.16 04:17:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.06.24 06:27:01 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
 
========== Files Created - No Company Name ==========
 
[2012.06.11 20:55:34 | 000,001,043 | ---- | C] () -- C:\Users\blubb\Desktop\log.rtf
[2012.06.10 11:32:01 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.06.10 10:53:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.10 10:41:03 | 000,005,568 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012.06.10 09:44:20 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012.06.10 09:25:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.09 05:34:23 | 000,001,229 | ---- | C] () -- C:\Users\blubb\Desktop\cFosSpeed Calibration.lnk
[2012.05.31 22:41:38 | 000,173,014 | ---- | C] () -- C:\Users\blubb\Desktop\eea.SC2Map
[2012.05.29 03:48:23 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2012.05.29 03:15:34 | 528,346,845 | ---- | C] () -- C:\Users\blubb\Desktop\tmnationsforever_setup_de.zip
[2012.05.27 08:57:12 | 000,000,642 | ---- | C] () -- C:\Users\blubb\Desktop\Dokument.rtf
[2012.05.26 04:30:38 | 000,002,382 | ---- | C] () -- C:\Users\blubb\Documents\MumbleAutomaticCertificateBackup.p12
[2012.05.23 02:00:53 | 000,001,994 | ---- | C] () -- C:\Users\blubb\Desktop\avast! Internet Security.lnk
[2012.05.12 23:35:15 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.05.12 02:12:35 | 000,234,966 | ---- | C] () -- C:\REST2514.EXE
[2012.05.12 02:10:05 | 000,001,280 | ---- | C] () -- C:\Users\blubb\Desktop\PC Inspector File Recovery.lnk
[2012.05.12 02:04:57 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012.05.11 14:26:22 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.05.11 00:23:17 | 098,468,848 | ---- | C] () -- C:\Users\blubb\Desktop\avast_internet_security_setup.exe
[2012.05.08 22:00:47 | 000,000,864 | ---- | C] () -- C:\Users\blubb\Desktop\MinecraftSP - Verknüpfung.lnk
[2012.05.05 23:01:07 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.05.04 01:22:54 | 000,002,397 | ---- | C] () -- C:\Users\blubb\Desktop\Google Chrome.lnk
[2012.05.03 23:24:41 | 000,001,117 | ---- | C] () -- C:\Users\blubb\Desktop\KBot 623.lnk
[2012.05.01 21:47:18 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.04.28 20:07:20 | 005,558,371 | ---- | C] () -- C:\Users\blubb\Desktop\Die Orsons - Jump (JUICE EXCLUSIVE).mp3
[2012.04.28 20:03:33 | 007,026,138 | ---- | C] () -- C:\Users\blubb\Desktop\Kool Savas & die Liga der außergewöhnlichen Mcees - Allstar Track (Official Video) 2012.mp3
[2012.04.28 07:53:25 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2012.04.24 21:39:17 | 000,001,092 | ---- | C] () -- C:\Users\blubb\Desktop\EVEREST Ultimate Edition.lnk
[2012.04.21 16:20:09 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012.04.21 13:06:09 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.21 13:06:09 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 20:26:40 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.11 23:01:52 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.07 20:13:04 | 000,001,356 | ---- | C] () -- C:\Users\blubb\Desktop\Free YouTube to MP3 Converter.lnk
[2012.04.04 22:10:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.04 20:48:16 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012.04.04 20:48:16 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2012.04.04 20:44:07 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012.04.04 20:44:07 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012.04.04 20:41:40 | 000,026,043 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.04.03 22:21:05 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2012.04.03 22:21:05 | 000,000,128 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2012.04.03 22:21:05 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2012.04.03 22:01:46 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 21:53:28 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.04.03 21:53:26 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.04.03 21:37:04 | 000,007,604 | ---- | C] () -- C:\Users\blubb\AppData\Local\Resmon.ResmonCfg
[2012.04.03 21:35:22 | 001,048,576 | ---- | C] () -- C:\Windows\P5G41C-M-LX-0601.ROM
[2012.04.03 21:34:43 | 000,691,542 | ---- | C] () -- C:\Windows\P5G41C-M-LX-0601.zip
[2012.04.03 21:16:39 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.04.03 21:16:39 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.04.03 21:01:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.03 21:01:27 | 000,020,906 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.04.03 21:00:35 | 000,001,409 | ---- | C] () -- C:\Users\blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.04.03 20:58:17 | 000,220,110 | RHS- | C] () -- C:\HURVW
[2012.04.03 20:58:17 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2012.04.03 20:54:18 | 2817,875,968 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.11.08 23:40:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.11.08 23:00:12 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.11.08 23:00:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.11.08 22:58:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.02.11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2012.06.10 10:43:06 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\.minecraft
[2012.05.14 23:17:06 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\.Nitrous
[2012.04.03 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\CheckPoint
[2012.06.10 10:57:07 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\DAEMON Tools Lite
[2012.04.28 19:58:59 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\DVDVideoSoft
[2012.04.07 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.12 02:28:11 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\IN-MEDIAKG
[2012.04.20 23:45:54 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\LolClient
[2012.05.25 01:20:35 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\LolClient2
[2012.04.03 22:41:56 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\MailFrontier
[2012.05.12 02:28:21 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\mresreg
[2012.06.03 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\blubb\AppData\Roaming\TeamViewer
[2012.06.11 21:38:55 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

kira · 12.06.2012, 16:15

Zitat:

Zitat von maumina

Ich habe jetzt auch 2 neue Datein auf dem Desktop.

Dekstop inni 2 stück.Sind einfach aufgetaucht

mußt Du die Dateien u. Ordner wieder rückgängig machen:-> -> System-Dateien und -Ordner unter Windows sichtbar machen

maumina · 13.06.2012, 03:51

Das brauchte ich nicht mehr zu machen, denn nach dem ich das Script,für den FIX bei OTL eingesezt hatte, sind die 2 Datein wieder verschwunden.

Ist dir den bisher was aufgefallen wodurch sie den html-iframe-b-gen-virus gesichtet haben ?

Den diesen Virus habe ich nur mit Eset-online scanner gefunden. Das komische ist, heute zb. ist er nicht mehr im Scann von Eset aufgetaucht.

Ich benuzte Avast antivirus 1 jahres lizens und der zb konnte garnix finden.

Hier wäre der ESET bericht vom 10.06 dort ist der Virus noch da. Und am 12.06 nicht mehr.

Code:

ATTFilter

SETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4d08fcf4ef49de4ca67c8fb2ff9e1e19
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 08:33:25
# local_time=2012-06-10 10:33:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 100678 90945277 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95036
# found=2
# cleaned=0
# scan_time=3119
C:\Users\blubb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TSW31VI\fl_ls[1].htm	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\blubb\Downloads\SoftonicDownloader_fuer_trackmania-nations-forever.exe	Win32/SoftonicDownloader.D application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4d08fcf4ef49de4ca67c8fb2ff9e1e19
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-11 11:11:58
# local_time=2012-06-12 01:11:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 10075 91084763 0 0
# compatibility_mode=8192 67108863 100 0 136483 136483 0 0
# scanned=81309
# found=0
# cleaned=0
# scan_time=2746

kira · 13.06.2012, 06:51

Die verschiedenen Antiviren-Programme können die einzelnen Viren, Würmer mit unterschiedlichen Namen bezeichnen. Es kann vorkommen, dass ein Virenschutzsystem die verschiedenen Exemplare eines bestimmten Schadprogramms unter verschiedenen Namen identifiziert. Es ist aber auch möglich, dass verschiedene Viren, Würmer mit dem gleichen Namen bezeichnet werden.
Außerdem jedes Programm findet etwas anderes! Fehlalarm auch oft nicht ausgeschlossen!

► ansonsten alles im grünen Bereich?

maumina · 13.06.2012, 15:24

Ja ich denke schon, wenn sie nix ausgergewöhnliches gefunden haben,denke ich das das system wieder soweit sauber ist.

Ich bedanke mich Rechtherzlich für die hilfe und vorallem für die Geduld, vielen lieben dank

kira · 13.06.2012, 19:13

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!

Zitat:

Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
- Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
- Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

maumina · 14.06.2012, 23:59

Super, vielen lieben dank dafür ich werde es Beherzigen

html/iframe.b.gen virus BKA trojaner

Plagegeister aller Art und deren Bekämpfung: html/iframe.b.gen virus BKA trojaner