| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. dWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 11:03
| #1 |
 |  Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d [CODEVirenprüfung mit G Data TotalProtection 2013 Version 23.1.0.2 (16.01.2013) Virensignaturen vom 31.01.2013 Startzeit: 31.01.2013 09:58:11 Engine(s): Engine A (AVA 22.7643), Engine B (AVL 22.1504) Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Ein Prüfung der Systembereiche... Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart... Prüfung auf RootKits... Prüfung aller lokalen Festplatten... Analyse vollständig durchgeführt: 31.01.2013 10:16:16 145376 Dateien überprüft 1 infizierte Dateien gefunden 0 verdächtige Dateien gefunden –Archiv: DME_launcher.exe Pfad: C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\Data Status: Virus, Datei gelöscht Virus: Trojan.Generic.8347442 (Engine A) Objekt: Trojan.Generic.8347442 =>autorun.exe In Archiv: C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\Data\DME_launcher.exe Status: Virus gefunden Virus: Trojan.Generic.8347442 (Engine A) –Der Zugriff auf die folgenden Dateien wurde verweigert: C:\Windows\system32\PnkBstrA.exe C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\log\log.txt C:\Program Files (x86)\G Data\TotalProtection\Firewall\GdFwSvc.dat C:\Program Files (x86)\Steam\debug.log C:\Program Files (x86)\Steam\steam.log C:\Program Files (x86)\Steam\config\htmlcache\Cookies C:\Program Files (x86)\Steam\logs\connection_log.txt C:\Program Files (x86)\Steam\logs\content_log.txt C:\Windows\WindowsUpdate.log C:\Windows\CSC\v2.0.6\pq C:\Windows\CSC\v2.0.6\temp\ea-{f5a31fbc-63a8-11e2-ba10-f6e26b7f2ac9} C:\Windows\CSC\v2.0.6\pq C:\Windows\debug\PASSWD.LOG C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-571990867-4251336482-3981496003-1004.dat C:\Windows\SoftwareDistribution\ReportingEvents.log C:\Windows\System32\config\TxR\{6ff4c446-6a0c-11e2-b655-806e6f6e6963}.TxR.0.regtrans-ms C:\Windows\System32\config\TxR\{6ff4c447-6a0c-11e2-b655-806e6f6e6963}.TM.blf C:\Windows\System32\config\TxR\{6ff4c446-6a0c-11e2-b655-806e6f6e6963}.TxR.blf C:\Windows\System32\config\TxR\{6ff4c446-6a0c-11e2-b655-806e6f6e6963}.TxR.2.regtrans-ms C:\Windows\System32\config\TxR\{6ff4c447-6a0c-11e2-b655-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSteam Event Tracing.etl C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSteam Event Tracing.etl C:\Windows\System32\wbem\Repository\MAPPING2.MAP C:\Windows\System32\wbem\Repository\MAPPING1.MAP C:\Windows\System32\wbem\Repository\INDEX.BTR C:\Windows\System32\wbem\Repository\OBJECTS.DATA C:\Windows\System32\wbem\Repository\MAPPING3.MAP C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001 C:\Windows\System32\wfp\wfpdiag.etl C:\Windows\System32\winevt\Logs\Application.evtx C:\Windows\System32\winevt\Logs\Internet Explorer.evtx C:\Windows\System32\winevt\Logs\HardwareEvents.evtx C:\Windows\System32\winevt\Logs\Key Management Service.evtx C:\Windows\System32\winevt\Logs\Media Center.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx C:\Windows\System32\winevt\Logs\System.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx C:\Windows\System32\winevt\Logs\Security.evtx C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx C:\Windows\System32\winevt\Logs\TuneUp.evtx C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\Windows\Tasks\SCHEDLGU.TXT C:\Windows\Temp\JET6132.tmp C:\Windows\Temp\tmp000037cc\tmp00000000 C:\ProgramData\G DATA\AVKBackup\AVKBackup.ldb C:\ProgramData\G DATA\AVK\Log\AVKLog\0000000029.log C:\ProgramData\G DATA\AVKBackup\AVKBackup.mdb C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52340ee08ec8b4c0267e3794afb0b91a_cc41fb77-c238-4a18-8672-6d1b49959637 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\716c4779faf8d1177afc1f89494f4752_cc41fb77-c238-4a18-8672-6d1b49959637 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0df0c8013ab2eefb44197793c87b77e_cc41fb77-c238-4a18-8672-6d1b49959637 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e467402e980b732d7375cb2110f91bb5_cc41fb77-c238-4a18-8672-6d1b49959637 C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fbe7a6e53acfc9ba1d5e29ad845e8832_cc41fb77-c238-4a18-8672-6d1b49959637 C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.67 C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.7E C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.80 C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.87 C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.A0 C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.VE0 C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.VE1 C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.VF C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log C:\ProgramData\NVIDIA\Updatus\journalBS.jour.dat C:\ProgramData\NVIDIA\Updatus\updtclient.log C:\ProgramData\TuneUp Software\TuneUp Utilities\TUProgMan.10.tudb C:\ProgramData\TuneUp Software\TuneUp Utilities\TUTuningIndex.10.2.tudb C:\ProgramData\TuneUp Software\TuneUp Utilities\TUUtilitiesSvc.10.tudb C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.10.tudb C:\System Volume Information\MountPointManagerRemoteDatabase C:\System Volume Information\Syscache.hve C:\System Volume Information\Syscache.hve.LOG1 C:\System Volume Information\Syscache.hve.LOG2 C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db C:\Users\Roberto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\Roberto\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\Users\Roberto\AppData\Local\Temp\FXSAPIDebugLogFile.txt C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Cookies\index.dat –Die folgenden Dateien sind Passwortgeschützt: C:\Program Files (x86)\Stardock\Impulse\app.dat C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\DME Platinum.cdd C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\Data\DME_launcher.exe C:\Users\Roberto\Downloads\Manager_11_Update_2 824.exe C:\Users\Roberto\Downloads\Manager_11_Update_3.exe C:\Users\Roberto\Downloads\Manager_11_Update_1.exe] Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Roberto :: GAMING-PC [Administrator] 31.01.2013 10:52:11 mbam-log-2013-01-31 (10-52-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 255367 Laufzeit: 1 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:31 on 31/01/2013 (Roberto)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 10:49:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000088 ATA_____ rev.SD28 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Roberto\AppData\Local\Temp\awdiapod.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077241401 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077241419 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077241431 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007724144a 2 bytes [24, 77]
.text ... * 9
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772414dd 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772414f5 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007724150d 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077241525 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007724153d 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077241555 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007724156d 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077241585 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007724159d 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772415b5 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772415cd 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772416b2 2 bytes [24, 77]
.text C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772416bd 2 bytes [24, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071df17fa 2 bytes [DF, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071df1860 2 bytes [DF, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071df1942 2 bytes [DF, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071df194d 2 bytes [DF, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHAddressToString + 85 000000006fee128e 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetSockaddrType + 85 000000006fee12fb 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHStringToAddress + 68 000000006fee1364 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHOpenSocket2 + 33 000000006fee1405 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHOpenSocket2 + 59 000000006fee141f 2 bytes [EE, 6F]
.text ... * 12
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHSetSocketInformation + 61 000000006fee15f6 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHSetSocketInformation + 78 000000006fee1607 2 bytes [EE, 6F]
.text ... * 15
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWinsockMapping + 24 000000006fee1902 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWinsockMapping + 35 000000006fee190d 2 bytes [EE, 6F]
.text ... * 3
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHNotify + 18 000000006fee195c 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHNotify + 36 000000006fee196e 2 bytes [EE, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHJoinLeaf + 128 000000006fee1a0e 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHJoinLeaf + 139 000000006fee1a19 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWSAProtocolInfo + 30 000000006fee1a49 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWSAProtocolInfo + 39 000000006fee1a52 2 bytes [EE, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetProviderGuid + 22 000000006fee1a95 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetProviderGuid + 31 000000006fee1a9e 2 bytes [EE, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHEnumProtocols + 190 000000006fee1c04 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHEnumProtocols + 245 000000006fee1c3b 2 bytes [EE, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetSockaddrType + 90 000000006fed1277 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHAddressToString + 90 000000006fed132d 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHStringToAddress + 71 000000006fed1397 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket2 + 33 000000006fed1435 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket2 + 59 000000006fed144f 2 bytes [ED, 6F]
.text ... * 12
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWildcardSockaddr + 119 000000006fed168a 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWildcardSockaddr + 136 000000006fed169b 2 bytes [ED, 6F]
.text ... * 4
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHSetSocketInformation + 137 000000006fed17f7 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHSetSocketInformation + 165 000000006fed1813 2 bytes [ED, 6F]
.text ... * 10
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWinsockMapping + 24 000000006fed197f 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWinsockMapping + 35 000000006fed198a 2 bytes [ED, 6F]
.text ... * 3
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHNotify + 18 000000006fed19d9 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHNotify + 36 000000006fed19eb 2 bytes [ED, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHJoinLeaf + 11 000000006fed1a16 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHJoinLeaf + 147 000000006fed1a9e 2 bytes [ED, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWSAProtocolInfo + 30 000000006fed1ae5 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWSAProtocolInfo + 39 000000006fed1aee 2 bytes [ED, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetProviderGuid + 22 000000006fed1b31 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetProviderGuid + 31 000000006fed1b3a 2 bytes [ED, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHEnumProtocols + 190 000000006fed1ca0 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHEnumProtocols + 245 000000006fed1cd7 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket + 46 000000006fed1d85 2 bytes [ED, 6F]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket + 52 000000006fed1d8b 2 bytes [ED, 6F]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077241401 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077241419 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077241431 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007724144a 2 bytes [24, 77]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772414dd 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772414f5 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007724150d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077241525 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007724153d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077241555 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007724156d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077241585 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007724159d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772415b5 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772415cd 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772416b2 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772416bd 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077241401 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077241419 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077241431 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007724144a 2 bytes [24, 77]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772414dd 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772414f5 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007724150d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077241525 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007724153d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077241555 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007724156d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077241585 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007724159d 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772415b5 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772415cd 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772416b2 2 bytes [24, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772416bd 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077241401 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077241419 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077241431 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007724144a 2 bytes [24, 77]
.text ... * 9
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772414dd 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772414f5 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007724150d 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077241525 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007724153d 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077241555 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007724156d 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077241585 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007724159d 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772415b5 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772415cd 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772416b2 2 bytes [24, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772416bd 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077241401 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077241419 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077241431 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007724144a 2 bytes [24, 77]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772414dd 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772414f5 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007724150d 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077241525 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007724153d 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077241555 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007724156d 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077241585 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007724159d 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772415b5 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772415cd 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772416b2 2 bytes [24, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772416bd 2 bytes [24, 77]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036dd68ec3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a417310f9f94
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036dd68ec3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a417310f9f94 (not active ControlSet)
---- EOF - GMER 2.0 ----
|
|
31.01.2013, 11:09
| #2 |
| | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 31.01.2013 10:21:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roberto\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,90 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 84,29% Memory free
31,79 Gb Paging File | 28,84 Gb Available in Paging File | 90,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 344,72 Gb Free Space | 74,03% Space Free | Partition Type: NTFS
Computer Name: GAMING-PC | User Name: Roberto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FDEA83-5456-4E4D-9077-59882378120F}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EFE8952-28F4-400D-A522-29B9C7305A6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{167C1F5E-20AF-4D85-A8E1-A8FEBA2E3BD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20605654-D562-40A0-9BFC-1D159EA991A3}" = lport=137 | protocol=17 | dir=in | app=system |
"{279E224B-7D8A-4531-8C7A-30B12BF9132C}" = rport=137 | protocol=17 | dir=out | app=system |
"{5844AC76-7E4C-4BB7-964F-C0DAAADF2311}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{80BB5983-DB16-416C-B9B8-E99AB1625445}" = rport=445 | protocol=6 | dir=out | app=system |
"{87E275B9-60C8-4079-96EC-BCEA0676FCB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC98645F-E0FB-4D1A-986C-27D16E6EB19C}" = rport=138 | protocol=17 | dir=out | app=system |
"{D02F382E-71B0-481A-BE71-D85CF45DDF66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D9BB52E1-A9E1-470F-88B4-C47D54238BFC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E28226D6-ED19-45AC-A176-A1044182DEFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F21DF4C8-940D-43E9-9D5B-80F392D7CB45}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F92CA64F-846D-4BE2-BD8E-B246976C17C5}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006D2760-1E81-4261-9F1A-5464A5503DA4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{04E7C090-D7B4-46D2-9FFA-A16742FB4AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{10294D27-76AC-4E67-B6C6-EC3AC5D9F303}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{10D21765-C04E-465A-995E-280328C7F536}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{18F44372-1881-4DFC-92FA-E56DA3BD1D41}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{209FAA06-BC54-481B-9970-4B42EE2D805F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{3062E101-5316-46CD-A2E3-2BED491B7D72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{307FBB93-7499-4120-9848-8EDB77058E68}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{39BAFB49-C39A-4D81-99E4-10AF38588E45}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{3CB7C1D3-29D4-41C2-9C28-6E8CA202A1B2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3D20E1EF-78E7-49FB-ACD1-74E1B0EF7B41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{3F044CD7-F1DD-44CF-9347-C9D5513A571F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{414BBB79-17AC-4854-BA1F-6553CAB30400}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{461E2035-DED4-4763-87B7-22D9F8809991}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{4809DC90-E5FF-4C34-AADA-82EEBB5470A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{48590286-6D38-459F-B965-21005CB524D8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{4E10B1F3-9F57-4996-8A77-03433A16E2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{53A71F76-D8F2-4111-ABC7-CADDE8AB727D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{53C36373-12E3-4308-AFBB-C5FFB2B29FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{5482AC16-F3EB-468D-A06C-FA9F4F54DD20}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{55103F56-1119-44DA-8CFE-E8056ADE260C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{5C6255C4-C762-4A61-82A2-C3D5DAACFDC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C9D398B-2364-4344-A035-DF6707D27E63}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{5F50DD00-F08A-4B38-B36C-564B8EB57908}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{66F21980-A26D-4707-8733-82E1AD7BE8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{676FEF4C-4252-4AFC-9EE6-0FE362EFD817}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{6C3B8B7A-3383-47D5-BC19-18DA96E8CDEC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{713F21B5-DE33-41C6-91DC-6036B041C36E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{7157EA9F-3DD0-46B7-9C28-F579B1D6EE65}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{72E0C5BC-8AF3-4DE5-9EAA-A7D0DDE87246}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{739B2FD0-D2B4-4D20-AEA2-0C44C5645624}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{76480EDA-580D-484C-95AD-DF101598113B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D3B5A2C-7D89-4D88-B1B7-3E9358096CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{807A4A3D-B557-47ED-93DE-B9AB91E53270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{895DD938-B7D8-4547-89C7-E68E01404CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{8DC9EBA3-6E4E-4F4C-9DEC-23F00273B2B2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{91C4B993-2CD2-4C4C-974D-5C4647341652}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{99387812-9EFF-4D97-863C-1CEACB70C1F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{994EC673-0655-4E59-9E28-04C921DD5040}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{9D9C0AAB-9E56-470C-8D37-90E81BD42233}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{9DBB438F-45CF-40D3-8DFD-B8FC62994E96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9FFBA421-CDAF-419E-B2AC-FBC66B6DD8BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A1D6F72A-3899-4E6B-A3B0-66B89EB72F1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AA60E507-6661-4EF1-8D50-AD48B1C668F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{AA8A9B38-5A91-4D61-BEC0-CBF0EA2B079F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{B0B76BBB-D5E9-4F80-B852-3896D97EFC0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B14FD12F-0BF9-4078-96A7-2BDFD571D4B9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{B54560BF-013C-451E-9396-708FEF787961}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{B60166D7-3C17-4D94-93B9-B0505B54AA13}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{B842BC9A-352B-4C9A-88CC-A2B7631CFA19}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C193C885-2A03-487A-8722-654AFA0767E7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{C2B12D1D-E826-4775-8848-02F871A0BBD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{CF27BBBB-0126-41AB-9581-38547FC74516}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E29889C5-7DCA-4111-BCBA-4A8DD8DBAA10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EC614742-249B-4B3F-80A2-4BB075991763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F279CEAE-4864-4AE9-9CDE-09D137D06BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{F976B605-1A68-4608-B928-C372054CFB7B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"HWiNFO64_is1" = HWiNFO64 Version 4.08
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{ac3600d2-e1b3-4573-bef7-73f9409d6393}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE6217F3-6072-40E2-9157-A4695C334F8E}" = G Data TotalProtection 2013
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Ashampoo Magical Defrag 3_is1" = Ashampoo Magical Defrag 3
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"EA Installer.-1797597899" = EA Installer
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Impulse" = Impulse
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Steam App 204880" = Sins of a Solar Empire: Rebellion
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.01.2013 06:46:54 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 06:48:03 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KillerNetManager.exe, Version: 0.0.0.0,
Zeitstempel: 0x500dc3af Name des fehlerhaften Moduls: modNetwork.dll, Version: 0.0.0.0,
Zeitstempel: 0x500dc388 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000005a47
ID
des fehlerhaften Prozesses: 0xe30 Startzeit der fehlerhaften Anwendung: 0x01cdfe0dbcb5e842
Pfad
der fehlerhaften Anwendung: C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
Berichtskennung:
5ac5b216-6a01-11e2-822c-a417310f9f94
Error - 29.01.2013 07:21:29 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 07:23:35 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 29.01.2013 07:24:01 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 29.01.2013 08:09:21 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 08:14:48 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 08:15:06 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 29.01.2013 08:28:39 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 09:59:43 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 29.01.2013 07:22:57 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.01.2013 07:22:57 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.01.2013 07:23:25 | Computer Name = Gaming-PC | Source = DCOM | ID = 10005
Description =
Error - 29.01.2013 08:05:31 | Computer Name = Gaming-PC | Source = BugCheck | ID = 1001
Description =
Error - 29.01.2013 08:05:38 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GLogin
Error - 29.01.2013 08:07:31 | Computer Name = Gaming-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?01.?2013 um 13:06:22 unerwartet heruntergefahren.
Error - 29.01.2013 08:07:32 | Computer Name = Gaming-PC | Source = BugCheck | ID = 1005
Description =
Error - 29.01.2013 08:07:32 | Computer Name = Gaming-PC | Source = BugCheck | ID = 1001
Description =
Error - 29.01.2013 08:07:38 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GLogin
Error - 29.01.2013 08:13:01 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GLogin
OTL logfile created on: 31.01.2013 10:33:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roberto\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,90 Gb Total Physical Memory | 13,30 Gb Available Physical Memory | 83,65% Memory free
31,79 Gb Paging File | 28,77 Gb Available in Paging File | 90,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 344,50 Gb Free Space | 73,98% Space Free | Partition Type: NTFS
Computer Name: GAMING-PC | User Name: Roberto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.31 10:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roberto\Desktop\OTL.exe
PRC - [2013.01.31 01:35:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.01.30 16:10:03 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.01.30 16:09:29 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013.01.16 11:18:33 | 001,650,128 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2013.01.10 14:35:48 | 000,257,512 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.11.29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009.12.16 10:21:36 | 000,927,072 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe
PRC - [2009.12.16 10:21:36 | 000,890,208 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe
PRC - [2009.12.16 10:21:34 | 000,132,448 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
PRC - [2009.12.16 10:21:30 | 000,083,296 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.30 16:10:10 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2013.01.30 16:10:02 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.01.30 16:10:02 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013.01.30 16:10:02 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.01.30 16:10:02 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013.01.30 16:10:02 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.08.27 21:04:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2009.12.16 10:21:36 | 000,927,072 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe
MOD - [2009.12.16 10:21:34 | 000,132,448 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
MOD - [2009.12.16 10:21:30 | 000,083,296 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
========== Services (SafeList) ==========
SRV:64bit: - [2012.11.24 14:39:10 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.01.31 01:35:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.01.30 16:10:03 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.16 11:18:33 | 001,650,128 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2013.01.10 14:35:48 | 000,257,512 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.30 05:30:54 | 001,219,096 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2012.11.29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.24 23:08:16 | 000,490,496 | ---- | M] () [Auto | Running] -- C:\Programme\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.08.10 18:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.12.13 09:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.12.16 10:21:36 | 000,890,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe -- (Ashampoo Defrag Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.01.30 20:11:26 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.01.22 18:57:31 | 000,029,672 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013.01.22 13:26:23 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.22 13:25:31 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.22 13:25:22 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.22 13:25:22 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.22 13:25:22 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.01.22 13:11:08 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2012.12.29 11:34:47 | 000,030,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.11.24 15:09:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.11.24 15:09:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.11.24 14:47:44 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.11.24 14:41:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.24 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2012.11.24 14:34:02 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2012.11.24 14:34:00 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2012.11.24 14:34:00 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.24 23:09:26 | 000,066,928 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2012.09.24 23:09:24 | 000,157,552 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (L1C)
DRV:64bit: - [2012.09.24 23:09:18 | 003,364,720 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2012.08.10 18:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.08.10 18:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.08.10 18:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.08.10 18:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.08.10 18:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.08.10 18:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.08.10 18:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012.07.09 21:43:10 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.09 21:43:07 | 000,027,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.07.03 01:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.29 19:27:54 | 000,651,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS)
DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.05.21 08:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 08:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 08:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.04.24 17:40:26 | 000,240,960 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr278x.sys -- (rr278x)
DRV:64bit: - [2012.04.24 17:39:12 | 000,241,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr276x.sys -- (rr276x)
DRV:64bit: - [2012.04.24 17:37:54 | 000,240,960 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\274x_3x.sys -- (274x_3x)
DRV:64bit: - [2012.04.24 17:01:44 | 000,612,672 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\272x_1x.sys -- (272x_1x)
DRV:64bit: - [2012.04.23 07:31:22 | 000,087,168 | R--- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.04.23 07:31:22 | 000,064,384 | R--- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.04.11 02:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.04.11 02:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.03.26 05:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.03.08 10:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:64bit: - [2012.03.02 10:37:58 | 000,221,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2012.03.02 10:37:58 | 000,065,536 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2012.03.01 18:46:54 | 000,108,840 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.02.28 21:42:29 | 000,051,496 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas2.sys -- (megasas2)
DRV:64bit: - [2012.02.23 04:20:36 | 000,317,744 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2012.02.23 04:20:36 | 000,027,440 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2012.02.22 17:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)
DRV:64bit: - [2012.02.22 17:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)
DRV:64bit: - [2012.02.21 19:46:18 | 000,396,776 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012.02.21 19:46:18 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012.01.24 16:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.01.20 13:39:16 | 000,205,312 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012.01.20 13:39:04 | 000,254,464 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2012.01.17 15:29:22 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.01.06 09:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.12.29 21:02:18 | 000,292,136 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.01 23:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.11.23 00:59:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.11.23 00:59:48 | 000,410,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.15 10:15:00 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2011.09.15 10:14:58 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2011.09.13 15:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 15:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.05.19 15:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.05.06 09:56:02 | 000,182,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2011.05.02 11:41:22 | 000,040,744 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC600e.sys -- (DC600e)
DRV:64bit: - [2011.05.02 11:41:14 | 000,049,752 | ---- | M] (Dawicontrol GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DC324e.sys -- (DC324e)
DRV:64bit: - [2011.05.02 11:41:06 | 000,040,344 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC300e.sys -- (DC300e)
DRV:64bit: - [2011.05.02 11:40:56 | 000,048,328 | ---- | M] (Dawicontrol GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DC3410.sys -- (DC3410)
DRV:64bit: - [2011.05.02 11:40:50 | 000,048,360 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC4300.sys -- (DC4300)
DRV:64bit: - [2011.05.02 11:40:42 | 000,048,136 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC154.sys -- (DC154)
DRV:64bit: - [2011.05.02 11:40:32 | 000,039,832 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC150.sys -- (DC150)
DRV:64bit: - [2011.05.02 11:40:20 | 000,039,320 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC133.sys -- (DC133)
DRV:64bit: - [2011.04.29 14:34:32 | 000,100,864 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.17 19:04:20 | 000,188,544 | R--- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 19:04:18 | 000,087,168 | R--- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.02.15 11:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.02 18:23:46 | 000,161,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:64bit: - [2010.11.29 03:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.16 18:06:52 | 000,156,256 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr62x.sys -- (rr62x)
DRV:64bit: - [2010.02.11 13:01:20 | 000,026,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:64bit: - [2010.02.11 13:00:22 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:64bit: - [2009.12.31 18:37:56 | 000,168,032 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2522.sys -- (rr2522)
DRV:64bit: - [2009.12.31 18:23:58 | 000,162,400 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2340.sys -- (rr2340)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.11.16 15:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009.11.16 15:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009.11.09 03:24:12 | 000,052,768 | ---- | M] (ARECA Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcm_a64.sys -- (arcm_a64)
DRV:64bit: - [2009.08.01 17:08:26 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisagpx.sys -- (uagp35)
DRV:64bit: - [2009.08.01 17:08:26 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisagpx.sys -- (SISAGP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.12 11:28:24 | 000,170,528 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\2310_00.sys -- (2310_00)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.25 17:56:54 | 000,017,440 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptiop.sys -- (hptiop)
DRV:64bit: - [2009.04.16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (megasr1)
DRV:64bit: - [2009.02.09 10:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.09.29 13:51:18 | 000,061,440 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HWA.sys -- (HWA)
DRV:64bit: - [2008.09.15 11:51:10 | 000,013,312 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuwbmini.sys -- (uwbusb)
DRV:64bit: - [2008.09.11 17:56:28 | 000,503,296 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DfuUWB.sys -- (dfuuwb)
DRV:64bit: - [2008.05.05 17:49:08 | 000,152,096 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr232x.sys -- (rr232x)
DRV:64bit: - [2008.01.09 21:06:10 | 000,015,872 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cbaf.sys -- (cbaf)
DRV:64bit: - [2007.11.13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
DRV:64bit: - [2007.11.01 14:21:14 | 000,152,096 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv6.sys -- (hptmv6)
DRV:64bit: - [2007.11.01 14:20:10 | 000,153,632 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2210.sys -- (rr2210)
DRV:64bit: - [2007.11.01 14:19:44 | 000,159,264 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr174x.sys -- (rr174x)
DRV:64bit: - [2007.11.01 14:19:04 | 000,124,448 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr172x.sys -- (rr172x)
DRV:64bit: - [2007.10.03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007.10.03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007.10.03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2007.04.11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:64bit: - [2007.02.01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
DRV:64bit: - [2006.11.10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
DRV:64bit: - [2006.11.02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
DRV:64bit: - [2006.09.20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2006.09.18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
DRV:64bit: - [2005.09.23 04:50:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2010.10.07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roberto\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roberto\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Roberto\AppData\Local\Google\Chrome\Application\26.0.1386.0\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Roberto\AppData\Local\Google\Chrome\Application\26.0.1386.0\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Roberto\AppData\Local\Google\Chrome\Application\26.0.1386.0\pdf.dll
CHR - Extension: Google Docs = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1706AB22-AC23-44D7-92C2-78CD1E354D40}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1975B2B-5659-4F80-AFCF-3B40E52D7386}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.31 10:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Roberto\Desktop\OTL.exe
[2013.01.31 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\The Creative Assembly
[2013.01.31 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\Assassin's Creed Revelations
[2013.01.31 09:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013.01.30 21:48:02 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Malwarebytes
[2013.01.30 21:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.30 21:47:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.30 21:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.30 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.30 21:47:32 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Programs
[2013.01.30 21:45:32 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\NVIDIA
[2013.01.30 21:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z
[2013.01.30 21:41:15 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Media Player Classic
[2013.01.30 21:39:48 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Secunia PSI
[2013.01.30 21:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.01.30 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\ANNO 2070
[2013.01.30 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Ubisoft Game Launcher
[2013.01.30 21:01:01 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Ubisoft
[2013.01.30 20:11:27 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.30 20:11:26 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.01.30 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\WinRAR
[2013.01.30 19:41:52 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\PunkBuster
[2013.01.30 18:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.01.30 17:24:59 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\FUSSBALL MANAGER 11
[2013.01.30 17:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS
[2013.01.30 16:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2013.01.30 16:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock Games
[2013.01.30 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2013.01.30 16:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock Games
[2013.01.30 16:24:27 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\G DATA
[2013.01.30 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\GameStop
[2013.01.30 16:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\GameStop
[2013.01.30 16:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2013.01.30 16:08:06 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.30 16:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.30 16:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.30 16:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.01.30 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.01.30 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.01.30 16:04:37 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Stardock
[2013.01.30 16:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013.01.30 16:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2013.01.30 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2013.01.30 16:04:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{19DFF2E9-B443-44CA-AB80-E968934E1428}
[2013.01.30 16:04:17 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\PackageAware
[2013.01.30 15:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.01.30 15:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.01.30 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013.01.30 15:40:15 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Windows Live Writer
[2013.01.30 15:40:15 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Windows Live Writer
[2013.01.30 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.01.30 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.30 15:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.01.30 15:37:08 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Windows Live
[2013.01.30 15:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.01.30 15:23:34 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.01.29 14:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera Recorder
[2013.01.29 14:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camera Recorder
[2013.01.29 13:27:30 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\BMExplorer
[2013.01.29 13:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013.01.29 13:27:27 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Atheros
[2013.01.29 13:23:35 | 000,135,832 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_rcp.sys
[2013.01.29 13:23:02 | 000,076,952 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_lwflt.sys
[2013.01.29 13:22:46 | 000,178,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_hcrp.sys
[2013.01.29 13:22:14 | 000,088,728 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_flt.sys
[2013.01.29 13:21:33 | 000,344,216 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_a2dp.sys
[2013.01.29 13:21:33 | 000,114,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_avdt.sys
[2013.01.29 13:17:28 | 000,033,944 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_bus.sys
[2013.01.29 13:17:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\Bluetooth Folder
[2013.01.29 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2013.01.29 13:16:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2013.01.29 13:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\QCA_Bluetooth
[2013.01.29 13:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2013.01.29 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm Atheros
[2013.01.29 13:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Bigfoot Networks
[2013.01.29 12:24:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.01.29 12:18:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.22 19:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.01.22 19:21:37 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.01.22 19:11:16 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.22 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Google
[2013.01.22 18:57:31 | 000,029,672 | ---- | C] (REALiX(tm)) -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS
[2013.01.22 18:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[2013.01.22 18:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64
[2013.01.22 18:34:26 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.01.22 18:34:22 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2013.01.22 18:34:22 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.01.22 18:34:22 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.01.22 18:34:22 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.01.22 18:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\TuneUp Software
[2013.01.22 18:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2013.01.22 18:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.22 18:27:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2013.01.22 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
[2013.01.22 13:25:22 | 000,011,240 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2013.01.22 13:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2013
[2013.01.22 13:11:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BioAPIFFDB
[2013.01.22 13:11:08 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2013.01.22 13:11:06 | 000,062,368 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.01.22 13:10:59 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.01.22 13:10:59 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.01.22 13:10:59 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.01.22 13:10:52 | 000,065,008 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.01.22 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software
[2013.01.22 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2013.01.22 13:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2013.01.22 13:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2013.01.22 13:09:44 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Downloaded Installations
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Virtual Machines
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Searches
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.22 12:40:14 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Identities
[2013.01.22 12:40:12 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Contacts
[2013.01.22 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\VirtualStore
[2013.01.22 12:40:09 | 000,000,000 | --SD | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Videos
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Saved Games
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Pictures
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Music
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Links
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Favorites
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Downloads
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Documents
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Desktop
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Vorlagen
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\AppData\Local\Verlauf
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\AppData\Local\Temporary Internet Files
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Startmenü
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\SendTo
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Recent
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Netzwerkumgebung
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Lokale Einstellungen
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Documents\Eigene Videos
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Documents\Eigene Musik
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Eigene Dateien
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Documents\Eigene Bilder
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Druckumgebung
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Cookies
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\AppData\Local\Anwendungsdaten
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Anwendungsdaten
[2013.01.22 12:40:09 | 000,000,000 | -H-D | C] -- C:\Users\Roberto\AppData
[2013.01.22 12:40:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Temp
[2013.01.22 12:40:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Microsoft
[2013.01.22 12:40:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Media Center Programs
[2013.01.21 10:53:20 | 002,603,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.01.21 10:53:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.21 10:53:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.21 10:53:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.21 10:53:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.21 10:53:19 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.21 10:53:19 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.21 10:53:19 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.21 10:53:19 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.21 10:53:19 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.21 10:53:19 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.21 10:53:18 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.01.21 10:53:18 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.21 10:53:18 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.21 10:53:17 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.21 10:53:16 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.01.21 10:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.21 10:48:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.21 10:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.21 10:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.01.21 10:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.01.21 10:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.21 10:37:58 | 000,000,000 | ---D | C] -- C:\temp
[2013.01.21 10:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.01.21 10:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.01.21 10:36:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.21 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.01.21 10:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.01.21 10:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.21 10:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.01.21 10:27:09 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2013.01.21 10:27:09 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2013.01.21 10:26:58 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\Intel_OpenCL_ICD64.dll
[2013.01.21 10:26:58 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll
[2013.01.21 10:26:06 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.21 10:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013.01.21 10:23:16 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.01.21 10:23:16 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\ssleay32.dll
[2013.01.21 10:23:15 | 002,288,181 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll
[2013.01.21 10:23:15 | 001,178,112 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libeay32.dll
[2013.01.21 10:23:15 | 001,008,128 | ---- | C] (GnuWin32 <hxxp://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\libiconv2.dll
[2013.01.21 10:23:15 | 000,325,376 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
[2013.01.21 10:23:15 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libssl32.dll
[2013.01.21 10:23:15 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll
[2013.01.21 10:23:15 | 000,103,424 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll
[2013.01.21 10:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.21 10:20:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013.01.21 10:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.01.21 10:18:19 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.21 10:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.21 10:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.21 10:05:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.21 10:01:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.21 10:00:20 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.21 09:59:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
========== Files - Modified Within 30 Days ==========
[2013.01.31 10:30:38 | 000,000,000 | ---- | M] () -- C:\Users\Roberto\defogger_reenable
[2013.01.31 10:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roberto\Desktop\OTL.exe
[2013.01.31 10:18:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004UA.job
[2013.01.31 09:17:21 | 000,021,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 09:17:21 | 000,021,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 09:17:13 | 001,647,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.31 09:17:13 | 000,711,268 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.31 09:17:13 | 000,663,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.31 09:17:13 | 000,154,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.31 09:17:13 | 000,126,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.31 09:15:11 | 000,963,465 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.01.31 09:15:11 | 000,051,602 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.01.31 09:10:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 09:09:56 | 4210,737,150 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.31 01:54:23 | 000,000,244 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed III.lnk
[2013.01.31 01:39:17 | 000,000,216 | ---- | M] () -- C:\Users\Roberto\Desktop\FUSSBALL MANAGER 11.lnk
[2013.01.31 01:35:45 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.31 01:35:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.31 01:34:07 | 003,123,272 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.30 22:28:17 | 000,009,514 | ---- | M] () -- C:\Users\Roberto\Documents\Ubisoft - Auftragsbestätigung (Bestellung Nr_ 20335450524).eml
[2013.01.30 21:47:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.30 21:45:20 | 000,000,963 | ---- | M] () -- C:\Users\Roberto\Desktop\TechPowerUp GPU-Z.lnk
[2013.01.30 21:42:55 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.30 21:01:47 | 000,000,196 | ---- | M] () -- C:\Users\Roberto\Desktop\ANNO 2070.lnk
[2013.01.30 20:42:18 | 000,002,256 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed Revelations.lnk
[2013.01.30 20:11:27 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.30 20:11:26 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.01.30 19:42:20 | 000,001,818 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed Brotherhood.lnk
[2013.01.30 19:18:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004Core.job
[2013.01.30 19:04:37 | 000,001,290 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed II.lnk
[2013.01.30 16:45:18 | 000,000,222 | ---- | M] () -- C:\Users\Roberto\Desktop\Sins of a Solar Empire Rebellion.url
[2013.01.30 16:29:35 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.01.30 16:04:35 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\GameStop.lnk
[2013.01.30 15:57:31 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Magical Defrag 3.lnk
[2013.01.30 15:21:00 | 001,625,256 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.29 14:52:30 | 000,002,793 | ---- | M] () -- C:\Users\Public\Desktop\CameraRecorder.lnk
[2013.01.29 13:15:57 | 000,002,268 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.29 13:15:57 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.22 19:13:41 | 000,002,375 | ---- | M] () -- C:\Users\Roberto\Desktop\Google Chrome.lnk
[2013.01.22 18:57:31 | 000,029,672 | ---- | M] (REALiX(tm)) -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS
[2013.01.22 18:34:21 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.22 18:34:21 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2013.01.22 13:26:23 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.01.22 13:25:31 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.01.22 13:25:22 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.01.22 13:25:22 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.01.22 13:25:22 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.01.22 13:19:44 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.22 13:11:08 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2013.01.22 13:10:47 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2013.01.22 12:37:52 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.22 12:37:52 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.21 11:28:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.21 10:45:43 | 000,019,114 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.01.21 10:23:34 | 000,021,731 | ---- | M] () -- C:\Windows\unins002.dat
[2013.01.21 10:23:19 | 001,199,175 | ---- | M] () -- C:\Windows\unins002.exe
[2013.01.21 10:23:19 | 000,010,926 | ---- | M] () -- C:\Windows\unins001.dat
[2013.01.21 10:23:14 | 001,187,609 | ---- | M] () -- C:\Windows\unins001.exe
[2013.01.21 10:23:14 | 000,007,960 | ---- | M] () -- C:\Windows\unins000.dat
[2013.01.21 10:23:13 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013.01.21 10:07:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.10 14:35:41 | 000,011,240 | ---- | M] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
========== Files Created - No Company Name ==========
[2013.01.31 10:30:38 | 000,000,000 | ---- | C] () -- C:\Users\Roberto\defogger_reenable
[2013.01.31 01:54:23 | 000,000,244 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed III.lnk
[2013.01.31 01:39:17 | 000,000,216 | ---- | C] () -- C:\Users\Roberto\Desktop\FUSSBALL MANAGER 11.lnk
[2013.01.31 01:35:43 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.30 22:28:11 | 000,009,514 | ---- | C] () -- C:\Users\Roberto\Documents\Ubisoft - Auftragsbestätigung (Bestellung Nr_ 20335450524).eml
[2013.01.30 21:47:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.30 21:45:20 | 000,000,963 | ---- | C] () -- C:\Users\Roberto\Desktop\TechPowerUp GPU-Z.lnk
[2013.01.30 21:39:43 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.30 21:39:43 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.30 21:01:47 | 000,000,196 | ---- | C] () -- C:\Users\Roberto\Desktop\ANNO 2070.lnk
[2013.01.30 20:42:18 | 000,002,256 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed Revelations.lnk
[2013.01.30 19:42:20 | 000,001,818 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed Brotherhood.lnk
[2013.01.30 19:41:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.30 19:41:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.30 19:04:37 | 000,001,290 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed II.lnk
[2013.01.30 16:45:18 | 000,000,222 | ---- | C] () -- C:\Users\Roberto\Desktop\Sins of a Solar Empire Rebellion.url
[2013.01.30 16:07:52 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.01.30 16:04:35 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\GameStop.lnk
[2013.01.30 15:57:31 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Magical Defrag 3.lnk
[2013.01.30 15:39:13 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.01.29 14:52:30 | 000,002,793 | ---- | C] () -- C:\Users\Public\Desktop\CameraRecorder.lnk
[2013.01.29 13:15:57 | 000,002,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.29 13:15:57 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.22 19:13:10 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004UA.job
[2013.01.22 19:13:08 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004Core.job
[2013.01.22 19:11:16 | 000,002,375 | ---- | C] () -- C:\Users\Roberto\Desktop\Google Chrome.lnk
[2013.01.22 18:34:21 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.22 18:34:21 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2013.01.22 18:34:21 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2013.01.22 18:23:49 | 000,963,465 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2013.01.22 18:23:49 | 000,051,602 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2013.01.22 13:10:47 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2013.01.22 12:40:28 | 000,001,405 | ---- | C] () -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.22 12:40:25 | 000,001,439 | ---- | C] () -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.21 11:28:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.21 10:53:22 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat
[2013.01.21 10:53:19 | 000,323,169 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.21 10:45:43 | 000,019,114 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.01.21 10:38:06 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.01.21 10:37:44 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.01.21 10:26:59 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2013.01.21 10:26:59 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2013.01.21 10:26:59 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2013.01.21 10:26:58 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013.01.21 10:26:58 | 000,223,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2013.01.21 10:26:58 | 000,209,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2013.01.21 10:26:58 | 000,193,862 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2013.01.21 10:26:58 | 000,165,865 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2013.01.21 10:26:58 | 000,163,120 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2013.01.21 10:26:58 | 000,158,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2013.01.21 10:26:58 | 000,149,390 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2013.01.21 10:26:58 | 000,147,759 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2013.01.21 10:26:58 | 000,147,101 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2013.01.21 10:26:58 | 000,147,010 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2013.01.21 10:26:58 | 000,145,715 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2013.01.21 10:26:58 | 000,145,211 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2013.01.21 10:26:58 | 000,144,378 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2013.01.21 10:26:58 | 000,143,976 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2013.01.21 10:26:58 | 000,143,730 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2013.01.21 10:26:58 | 000,143,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2013.01.21 10:26:58 | 000,142,990 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2013.01.21 10:26:58 | 000,142,617 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2013.01.21 10:26:58 | 000,142,423 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2013.01.21 10:26:58 | 000,142,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2013.01.21 10:26:58 | 000,141,739 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2013.01.21 10:26:58 | 000,141,574 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2013.01.21 10:26:58 | 000,140,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2013.01.21 10:26:58 | 000,137,621 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2013.01.21 10:26:58 | 000,137,534 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2013.01.21 10:26:58 | 000,136,873 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2013.01.21 10:26:58 | 000,132,360 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2013.01.21 10:26:58 | 000,126,035 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2013.01.21 10:26:58 | 000,124,403 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2013.01.21 10:26:58 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2013.01.21 10:26:58 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013.01.21 10:26:58 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013.01.21 10:26:58 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013.01.21 10:26:58 | 000,000,259 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2013.01.21 10:23:19 | 001,199,175 | ---- | C] () -- C:\Windows\unins002.exe
[2013.01.21 10:23:19 | 000,021,731 | ---- | C] () -- C:\Windows\unins002.dat
[2013.01.21 10:23:16 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2013.01.21 10:23:15 | 001,187,609 | ---- | C] () -- C:\Windows\unins001.exe
[2013.01.21 10:23:15 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll
[2013.01.21 10:23:15 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll
[2013.01.21 10:23:15 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2013.01.21 10:23:15 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll
[2013.01.21 10:23:15 | 000,010,926 | ---- | C] () -- C:\Windows\unins001.dat
[2013.01.21 10:23:14 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013.01.21 10:23:14 | 000,007,960 | ---- | C] () -- C:\Windows\unins000.dat
[2013.01.21 10:20:52 | 001,625,256 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.21 10:10:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.21 10:10:11 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.21 10:07:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.21 10:00:20 | 4210,737,150 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.24 14:39:39 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.24 15:04:44 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.24 15:04:44 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.01.30 19:41:52 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\PunkBuster
[2013.01.30 16:06:22 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\Stardock
[2013.01.31 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\The Creative Assembly
[2013.01.30 15:29:06 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\TuneUp Software
[2013.01.31 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\Ubisoft
[2013.01.30 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 1057 bytes -> C:\Users\Roberto\Documents\Ubisoft - Auftragsbestätigung (Bestellung Nr_ 20335450524).eml:OECustomProperty
< End of report >
|
|
31.01.2013, 12:33
| #3 |
| /// Malware-holic   | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d hi
__________________stammt das Spiel denn aus einer legalen Quelle?
__________________ |
|
31.01.2013, 12:55
| #4 |
| | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d Ja das spiel stammt aus einer legalen Quelle (ist mein selbstgekauftes) ich habe mir allerdings eine MOD-Datei aus dem TWC-Forum heruntergeladen die nannte sich Darthmod Empire 8 platinum, beim entpacken war auch keine Viruswarnung gemeldet worden. Als ich dann aber die Instalationsanleitung folgte bekamm ich oben genannte Meldung über einen Virus..... und Gdata sperrte und als es die Datei nich säubern konnte hat es sie komplett gelöscht. |
|
31.01.2013, 12:57
| #5 |
| /// Malware-holic | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d kannst du aus der Gdata quarantäne dateien als Fehlalarm einsenden? (nutze das programm selbst nicht) dann das mal probieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.01.2013, 19:15
| #6 |
| | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d hab ich versucht aber mein emailclient sagt die datei wäre viel zu groß zum einsenden |
|
31.01.2013, 19:22
| #7 |
| /// Malware-holic | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d packe sie mal mit winrar
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.02.2013, 11:52
| #8 |
| | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d hab ich getan aber ließ sich nicht versenden, ich kann die Datei nur versenden wenn ich sie über die Quarantäne direkt einsende, und da ist sie zu groß. wie sieht es denn bis jetzt aus? ist das system noch infiziert?? |
|
02.02.2013, 19:38
| #9 |
| /// Malware-holic | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d hast du die Datei eingesendet?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.02.2013, 15:58
| #10 |
| | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d hab ich doch geschrieben sie lässt sich nicht versenden, warum weiß auch nicht! ich kann sie auch nicht mehr aus der Quarantäne holen nur noch manuel löschen wird mir angezeigt mehr leider nicht MfG Devilspearl |
|
04.02.2013, 11:06
| #11 | |
| /// Malware-holic | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d du hast geschrieben: Zitat:
ist auf jeden fall ein Fehlalarm.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 15:40
| #12 |
| | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d ok Danke heißt also ich muß keine weiteren Maßnahmen ergreifen, wie tds Killer combofix malware antirootkit etc .... dann macht weiter so ich hoffe ihr bildet bald wieder Schüler aus,damit ich mich ebenfalls der Bekämpfung widmen kann. Mfg Devilspearl |
|
04.02.2013, 15:51
| #13 |
| /// Malware-holic | Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d nein musst du nicht. wegen der Datei kannst du ja mal direkt bei G-data anfragen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d |
| antivierensoftware, appdata, code, datei, dateien, defender, downloader, festplatte, firewall, folge, infizierte, internet, log, logfiles, nvidia, nvidia update, opera, prozesse, prüfen, roaming, software, system volume information, system32, temp, totalprotection, trojan.generic., virus, windows, wmi |
Linear-Darstellung
