Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.01.2013, 11:03   #1
Devilspearl
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



[CODEVirenprüfung mit G Data TotalProtection 2013
Version 23.1.0.2 (16.01.2013)
Virensignaturen vom 31.01.2013
Startzeit: 31.01.2013 09:58:11
Engine(s): Engine A (AVA 22.7643), Engine B (AVL 22.1504)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 31.01.2013 10:16:16
145376 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden


–Archiv: DME_launcher.exe
Pfad: C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\Data
Status: Virus, Datei gelöscht
Virus: Trojan.Generic.8347442 (Engine A)
Objekt: Trojan.Generic.8347442 =>autorun.exe
In Archiv: C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\Data\DME_launcher.exe
Status: Virus gefunden
Virus: Trojan.Generic.8347442 (Engine A)

–Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\log\log.txt
C:\Program Files (x86)\G Data\TotalProtection\Firewall\GdFwSvc.dat
C:\Program Files (x86)\Steam\debug.log
C:\Program Files (x86)\Steam\steam.log
C:\Program Files (x86)\Steam\config\htmlcache\Cookies
C:\Program Files (x86)\Steam\logs\connection_log.txt
C:\Program Files (x86)\Steam\logs\content_log.txt
C:\Windows\WindowsUpdate.log
C:\Windows\CSC\v2.0.6\pq
C:\Windows\CSC\v2.0.6\temp\ea-{f5a31fbc-63a8-11e2-ba10-f6e26b7f2ac9}
C:\Windows\CSC\v2.0.6\pq
C:\Windows\debug\PASSWD.LOG
C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-571990867-4251336482-3981496003-1004.dat
C:\Windows\SoftwareDistribution\ReportingEvents.log
C:\Windows\System32\config\TxR\{6ff4c446-6a0c-11e2-b655-806e6f6e6963}.TxR.0.regtrans-ms
C:\Windows\System32\config\TxR\{6ff4c447-6a0c-11e2-b655-806e6f6e6963}.TM.blf
C:\Windows\System32\config\TxR\{6ff4c446-6a0c-11e2-b655-806e6f6e6963}.TxR.blf
C:\Windows\System32\config\TxR\{6ff4c446-6a0c-11e2-b655-806e6f6e6963}.TxR.2.regtrans-ms
C:\Windows\System32\config\TxR\{6ff4c447-6a0c-11e2-b655-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSteam Event Tracing.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSteam Event Tracing.etl
C:\Windows\System32\wbem\Repository\MAPPING2.MAP
C:\Windows\System32\wbem\Repository\MAPPING1.MAP
C:\Windows\System32\wbem\Repository\INDEX.BTR
C:\Windows\System32\wbem\Repository\OBJECTS.DATA
C:\Windows\System32\wbem\Repository\MAPPING3.MAP
C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
C:\Windows\System32\wfp\wfpdiag.etl
C:\Windows\System32\winevt\Logs\Application.evtx
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx
C:\Windows\System32\winevt\Logs\Key Management Service.evtx
C:\Windows\System32\winevt\Logs\Media Center.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
C:\Windows\System32\winevt\Logs\System.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
C:\Windows\System32\winevt\Logs\Security.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
C:\Windows\System32\winevt\Logs\TuneUp.evtx
C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Temp\JET6132.tmp
C:\Windows\Temp\tmp000037cc\tmp00000000
C:\ProgramData\G DATA\AVKBackup\AVKBackup.ldb
C:\ProgramData\G DATA\AVK\Log\AVKLog\0000000029.log
C:\ProgramData\G DATA\AVKBackup\AVKBackup.mdb
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52340ee08ec8b4c0267e3794afb0b91a_cc41fb77-c238-4a18-8672-6d1b49959637
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\716c4779faf8d1177afc1f89494f4752_cc41fb77-c238-4a18-8672-6d1b49959637
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0df0c8013ab2eefb44197793c87b77e_cc41fb77-c238-4a18-8672-6d1b49959637
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e467402e980b732d7375cb2110f91bb5_cc41fb77-c238-4a18-8672-6d1b49959637
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fbe7a6e53acfc9ba1d5e29ad845e8832_cc41fb77-c238-4a18-8672-6d1b49959637
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.67
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.7E
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.80
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.87
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.A0
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.VE0
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.VE1
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-239AA41DCB6FA1B377CAED351F6C10C5EAD8A329.bin.VF
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log
C:\ProgramData\NVIDIA\Updatus\journalBS.jour.dat
C:\ProgramData\NVIDIA\Updatus\updtclient.log
C:\ProgramData\TuneUp Software\TuneUp Utilities\TUProgMan.10.tudb
C:\ProgramData\TuneUp Software\TuneUp Utilities\TUTuningIndex.10.2.tudb
C:\ProgramData\TuneUp Software\TuneUp Utilities\TUUtilitiesSvc.10.tudb
C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.10.tudb
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\Syscache.hve
C:\System Volume Information\Syscache.hve.LOG1
C:\System Volume Information\Syscache.hve.LOG2
C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
C:\Users\Roberto\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
C:\Users\Roberto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Roberto\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\Roberto\AppData\Local\Temp\FXSAPIDebugLogFile.txt
C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

–Die folgenden Dateien sind Passwortgeschützt:
C:\Program Files (x86)\Stardock\Impulse\app.dat
C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\DME Platinum.cdd
C:\Program Files (x86)\Steam\steamapps\common\empire total war\data\DME\Data\DME_launcher.exe
C:\Users\Roberto\Downloads\Manager_11_Update_2 824.exe
C:\Users\Roberto\Downloads\Manager_11_Update_3.exe
C:\Users\Roberto\Downloads\Manager_11_Update_1.exe]

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Roberto :: GAMING-PC [Administrator]

31.01.2013 10:52:11
mbam-log-2013-01-31 (10-52-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255367
Laufzeit: 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:31 on 31/01/2013 (Roberto)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 10:49:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000088 ATA_____ rev.SD28 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Roberto\AppData\Local\Temp\awdiapod.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077241401 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077241419 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077241431 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007724144a 2 bytes [24, 77]
.text  ...                                                                                                                                            * 9
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000772414dd 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000772414f5 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007724150d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077241525 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007724153d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077241555 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007724156d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077241585 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007724159d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000772415b5 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000772415cd 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000772416b2 2 bytes [24, 77]
.text  C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000772416bd 2 bytes [24, 77]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                               0000000071df17fa 2 bytes [DF, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                           0000000071df1860 2 bytes [DF, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                         0000000071df1942 2 bytes [DF, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                        0000000071df194d 2 bytes [DF, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHAddressToString + 85                                                000000006fee128e 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetSockaddrType + 85                                                000000006fee12fb 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHStringToAddress + 68                                                000000006fee1364 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHOpenSocket2 + 33                                                    000000006fee1405 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHOpenSocket2 + 59                                                    000000006fee141f 2 bytes [EE, 6F]
.text  ...                                                                                                                                            * 12
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHSetSocketInformation + 61                                           000000006fee15f6 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHSetSocketInformation + 78                                           000000006fee1607 2 bytes [EE, 6F]
.text  ...                                                                                                                                            * 15
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWinsockMapping + 24                                              000000006fee1902 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWinsockMapping + 35                                              000000006fee190d 2 bytes [EE, 6F]
.text  ...                                                                                                                                            * 3
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHNotify + 18                                                         000000006fee195c 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHNotify + 36                                                         000000006fee196e 2 bytes [EE, 6F]
.text  ...                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHJoinLeaf + 128                                                      000000006fee1a0e 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHJoinLeaf + 139                                                      000000006fee1a19 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWSAProtocolInfo + 30                                             000000006fee1a49 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetWSAProtocolInfo + 39                                             000000006fee1a52 2 bytes [EE, 6F]
.text  ...                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetProviderGuid + 22                                                000000006fee1a95 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHGetProviderGuid + 31                                                000000006fee1a9e 2 bytes [EE, 6F]
.text  ...                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHEnumProtocols + 190                                                 000000006fee1c04 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wshtcpip.DLL!WSHEnumProtocols + 245                                                 000000006fee1c3b 2 bytes [EE, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetSockaddrType + 90                                                  000000006fed1277 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHAddressToString + 90                                                  000000006fed132d 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHStringToAddress + 71                                                  000000006fed1397 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket2 + 33                                                      000000006fed1435 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket2 + 59                                                      000000006fed144f 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 12
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWildcardSockaddr + 119                                             000000006fed168a 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWildcardSockaddr + 136                                             000000006fed169b 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 4
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHSetSocketInformation + 137                                            000000006fed17f7 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHSetSocketInformation + 165                                            000000006fed1813 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 10
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWinsockMapping + 24                                                000000006fed197f 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWinsockMapping + 35                                                000000006fed198a 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 3
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHNotify + 18                                                           000000006fed19d9 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHNotify + 36                                                           000000006fed19eb 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHJoinLeaf + 11                                                         000000006fed1a16 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHJoinLeaf + 147                                                        000000006fed1a9e 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWSAProtocolInfo + 30                                               000000006fed1ae5 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetWSAProtocolInfo + 39                                               000000006fed1aee 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetProviderGuid + 22                                                  000000006fed1b31 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHGetProviderGuid + 31                                                  000000006fed1b3a 2 bytes [ED, 6F]
.text  ...                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHEnumProtocols + 190                                                   000000006fed1ca0 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHEnumProtocols + 245                                                   000000006fed1cd7 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket + 46                                                       000000006fed1d85 2 bytes [ED, 6F]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2176] C:\Windows\SysWOW64\wship6.dll!WSHOpenSocket + 52                                                       000000006fed1d8b 2 bytes [ED, 6F]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                      0000000077241401 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                        0000000077241419 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                      0000000077241431 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                      000000007724144a 2 bytes [24, 77]
.text  ...                                                                                                                                            * 9
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                         00000000772414dd 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                  00000000772414f5 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                         000000007724150d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                  0000000077241525 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                        000000007724153d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                             0000000077241555 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                      000000007724156d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                        0000000077241585 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                           000000007724159d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                        00000000772415b5 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                      00000000772415cd 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                  00000000772416b2 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                  00000000772416bd 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                  0000000077241401 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                    0000000077241419 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                  0000000077241431 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                  000000007724144a 2 bytes [24, 77]
.text  ...                                                                                                                                            * 9
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                     00000000772414dd 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                              00000000772414f5 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                     000000007724150d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                              0000000077241525 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                    000000007724153d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                         0000000077241555 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                  000000007724156d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                    0000000077241585 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                       000000007724159d 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                    00000000772415b5 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                  00000000772415cd 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                              00000000772416b2 2 bytes [24, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                              00000000772416bd 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17        0000000077241401 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17          0000000077241419 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17        0000000077241431 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42        000000007724144a 2 bytes [24, 77]
.text  ...                                                                                                                                            * 9
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17           00000000772414dd 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17    00000000772414f5 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17           000000007724150d 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17    0000000077241525 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17          000000007724153d 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17               0000000077241555 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17        000000007724156d 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17          0000000077241585 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17             000000007724159d 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17          00000000772415b5 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17        00000000772415cd 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20    00000000772416b2 2 bytes [24, 77]
.text  C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31    00000000772416bd 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17         0000000077241401 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17           0000000077241419 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17         0000000077241431 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42         000000007724144a 2 bytes [24, 77]
.text  ...                                                                                                                                            * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17            00000000772414dd 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17     00000000772414f5 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17            000000007724150d 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17     0000000077241525 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17           000000007724153d 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                0000000077241555 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17         000000007724156d 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17           0000000077241585 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17              000000007724159d 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17           00000000772415b5 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17         00000000772415cd 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20     00000000772416b2 2 bytes [24, 77]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31     00000000772416bd 2 bytes [24, 77]

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036dd68ec3b                                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a417310f9f94                                                                    
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036dd68ec3b (not active ControlSet)                                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a417310f9f94 (not active ControlSet)                                                

---- EOF - GMER 2.0 ----
         

Alt 31.01.2013, 11:09   #2
Devilspearl
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.01.2013 10:21:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roberto\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,90 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 84,29% Memory free
31,79 Gb Paging File | 28,84 Gb Available in Paging File | 90,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 344,72 Gb Free Space | 74,03% Space Free | Partition Type: NTFS
 
Computer Name: GAMING-PC | User Name: Roberto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FDEA83-5456-4E4D-9077-59882378120F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0EFE8952-28F4-400D-A522-29B9C7305A6C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{167C1F5E-20AF-4D85-A8E1-A8FEBA2E3BD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20605654-D562-40A0-9BFC-1D159EA991A3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{279E224B-7D8A-4531-8C7A-30B12BF9132C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5844AC76-7E4C-4BB7-964F-C0DAAADF2311}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{80BB5983-DB16-416C-B9B8-E99AB1625445}" = rport=445 | protocol=6 | dir=out | app=system | 
"{87E275B9-60C8-4079-96EC-BCEA0676FCB3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BC98645F-E0FB-4D1A-986C-27D16E6EB19C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D02F382E-71B0-481A-BE71-D85CF45DDF66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D9BB52E1-A9E1-470F-88B4-C47D54238BFC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E28226D6-ED19-45AC-A176-A1044182DEFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F21DF4C8-940D-43E9-9D5B-80F392D7CB45}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F92CA64F-846D-4BE2-BD8E-B246976C17C5}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006D2760-1E81-4261-9F1A-5464A5503DA4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{04E7C090-D7B4-46D2-9FFA-A16742FB4AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{10294D27-76AC-4E67-B6C6-EC3AC5D9F303}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{10D21765-C04E-465A-995E-280328C7F536}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{18F44372-1881-4DFC-92FA-E56DA3BD1D41}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{209FAA06-BC54-481B-9970-4B42EE2D805F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{3062E101-5316-46CD-A2E3-2BED491B7D72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{307FBB93-7499-4120-9848-8EDB77058E68}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{39BAFB49-C39A-4D81-99E4-10AF38588E45}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{3CB7C1D3-29D4-41C2-9C28-6E8CA202A1B2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3D20E1EF-78E7-49FB-ACD1-74E1B0EF7B41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe | 
"{3F044CD7-F1DD-44CF-9347-C9D5513A571F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{414BBB79-17AC-4854-BA1F-6553CAB30400}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{461E2035-DED4-4763-87B7-22D9F8809991}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{4809DC90-E5FF-4C34-AADA-82EEBB5470A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{48590286-6D38-459F-B965-21005CB524D8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{4E10B1F3-9F57-4996-8A77-03433A16E2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe | 
"{53A71F76-D8F2-4111-ABC7-CADDE8AB727D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{53C36373-12E3-4308-AFBB-C5FFB2B29FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{5482AC16-F3EB-468D-A06C-FA9F4F54DD20}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{55103F56-1119-44DA-8CFE-E8056ADE260C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{5C6255C4-C762-4A61-82A2-C3D5DAACFDC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5C9D398B-2364-4344-A035-DF6707D27E63}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{5F50DD00-F08A-4B38-B36C-564B8EB57908}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{66F21980-A26D-4707-8733-82E1AD7BE8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{676FEF4C-4252-4AFC-9EE6-0FE362EFD817}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{6C3B8B7A-3383-47D5-BC19-18DA96E8CDEC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{713F21B5-DE33-41C6-91DC-6036B041C36E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{7157EA9F-3DD0-46B7-9C28-F579B1D6EE65}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{72E0C5BC-8AF3-4DE5-9EAA-A7D0DDE87246}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{739B2FD0-D2B4-4D20-AEA2-0C44C5645624}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{76480EDA-580D-484C-95AD-DF101598113B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D3B5A2C-7D89-4D88-B1B7-3E9358096CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{807A4A3D-B557-47ED-93DE-B9AB91E53270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{895DD938-B7D8-4547-89C7-E68E01404CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{8DC9EBA3-6E4E-4F4C-9DEC-23F00273B2B2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{91C4B993-2CD2-4C4C-974D-5C4647341652}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{99387812-9EFF-4D97-863C-1CEACB70C1F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{994EC673-0655-4E59-9E28-04C921DD5040}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{9D9C0AAB-9E56-470C-8D37-90E81BD42233}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{9DBB438F-45CF-40D3-8DFD-B8FC62994E96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FFBA421-CDAF-419E-B2AC-FBC66B6DD8BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A1D6F72A-3899-4E6B-A3B0-66B89EB72F1A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AA60E507-6661-4EF1-8D50-AD48B1C668F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{AA8A9B38-5A91-4D61-BEC0-CBF0EA2B079F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{B0B76BBB-D5E9-4F80-B852-3896D97EFC0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B14FD12F-0BF9-4078-96A7-2BDFD571D4B9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{B54560BF-013C-451E-9396-708FEF787961}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{B60166D7-3C17-4D94-93B9-B0505B54AA13}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{B842BC9A-352B-4C9A-88CC-A2B7631CFA19}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C193C885-2A03-487A-8722-654AFA0767E7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{C2B12D1D-E826-4775-8848-02F871A0BBD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{CF27BBBB-0126-41AB-9581-38547FC74516}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E29889C5-7DCA-4111-BCBA-4A8DD8DBAA10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EC614742-249B-4B3F-80A2-4BB075991763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F279CEAE-4864-4AE9-9CDE-09D137D06BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{F976B605-1A68-4608-B928-C372054CFB7B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"HWiNFO64_is1" = HWiNFO64 Version 4.08
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{ac3600d2-e1b3-4573-bef7-73f9409d6393}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE6217F3-6072-40E2-9157-A4695C334F8E}" = G Data TotalProtection 2013
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Ashampoo Magical Defrag 3_is1" = Ashampoo Magical Defrag 3
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"EA Installer.-1797597899" = EA Installer
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Impulse" = Impulse
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"PunkBusterSvc" = PunkBuster Services
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Steam App 204880" = Sins of a Solar Empire: Rebellion
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.01.2013 06:46:54 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 06:48:03 | Computer Name = Gaming-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KillerNetManager.exe, Version: 0.0.0.0,
 Zeitstempel: 0x500dc3af  Name des fehlerhaften Moduls: modNetwork.dll, Version: 0.0.0.0,
 Zeitstempel: 0x500dc388  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000005a47
ID
 des fehlerhaften Prozesses: 0xe30  Startzeit der fehlerhaften Anwendung: 0x01cdfe0dbcb5e842
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
Berichtskennung:
 5ac5b216-6a01-11e2-822c-a417310f9f94
 
Error - 29.01.2013 07:21:29 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 07:23:35 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 11719
Description = 
 
Error - 29.01.2013 07:24:01 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 11719
Description = 
 
Error - 29.01.2013 08:09:21 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 08:14:48 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 08:15:06 | Computer Name = Gaming-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 29.01.2013 08:28:39 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 09:59:43 | Computer Name = Gaming-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 29.01.2013 07:22:57 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 29.01.2013 07:22:57 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 29.01.2013 07:23:25 | Computer Name = Gaming-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 29.01.2013 08:05:31 | Computer Name = Gaming-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 29.01.2013 08:05:38 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 29.01.2013 08:07:31 | Computer Name = Gaming-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?01.?2013 um 13:06:22 unerwartet heruntergefahren.
 
Error - 29.01.2013 08:07:32 | Computer Name = Gaming-PC | Source = BugCheck | ID = 1005
Description = 
 
Error - 29.01.2013 08:07:32 | Computer Name = Gaming-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 29.01.2013 08:07:38 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
Error - 29.01.2013 08:13:01 | Computer Name = Gaming-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   GLogin
 
 OTL logfile created on: 31.01.2013 10:33:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roberto\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,90 Gb Total Physical Memory | 13,30 Gb Available Physical Memory | 83,65% Memory free
31,79 Gb Paging File | 28,77 Gb Available in Paging File | 90,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 344,50 Gb Free Space | 73,98% Space Free | Partition Type: NTFS
 
Computer Name: GAMING-PC | User Name: Roberto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.31 10:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roberto\Desktop\OTL.exe
PRC - [2013.01.31 01:35:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.01.30 16:10:03 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.01.30 16:09:29 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013.01.16 11:18:33 | 001,650,128 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2013.01.10 14:35:48 | 000,257,512 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.11.29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009.12.16 10:21:36 | 000,927,072 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe
PRC - [2009.12.16 10:21:36 | 000,890,208 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe
PRC - [2009.12.16 10:21:34 | 000,132,448 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
PRC - [2009.12.16 10:21:30 | 000,083,296 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.30 16:10:10 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2013.01.30 16:10:02 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.01.30 16:10:02 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013.01.30 16:10:02 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.01.30 16:10:02 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013.01.30 16:10:02 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.08.27 21:04:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2009.12.16 10:21:36 | 000,927,072 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe
MOD - [2009.12.16 10:21:34 | 000,132,448 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exe
MOD - [2009.12.16 10:21:30 | 000,083,296 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.11.24 14:39:10 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.01.31 01:35:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.01.30 16:10:03 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.16 11:18:33 | 001,650,128 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2013.01.10 14:35:48 | 000,257,512 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.30 05:30:54 | 001,219,096 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2012.11.29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.24 23:08:16 | 000,490,496 | ---- | M] () [Auto | Running] -- C:\Programme\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.08.10 18:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.03.29 03:42:26 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.12.13 09:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.12.16 10:21:36 | 000,890,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe -- (Ashampoo Defrag Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.30 20:11:26 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.01.22 18:57:31 | 000,029,672 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013.01.22 13:26:23 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.22 13:25:31 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.22 13:25:22 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.22 13:25:22 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.22 13:25:22 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.01.22 13:11:08 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2012.12.29 11:34:47 | 000,030,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.11.24 15:09:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.11.24 15:09:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.11.24 14:47:44 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.11.24 14:41:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.24 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2012.11.24 14:34:02 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2012.11.24 14:34:00 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2012.11.24 14:34:00 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.24 23:09:26 | 000,066,928 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2012.09.24 23:09:24 | 000,157,552 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (L1C)
DRV:64bit: - [2012.09.24 23:09:18 | 003,364,720 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2012.08.10 18:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.08.10 18:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.08.10 18:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.08.10 18:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.08.10 18:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.08.10 18:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.08.10 18:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012.07.09 21:43:10 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.09 21:43:07 | 000,027,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.07.03 01:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.29 19:27:54 | 000,651,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS)
DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.05.21 08:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 08:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 08:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.04.24 17:40:26 | 000,240,960 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr278x.sys -- (rr278x)
DRV:64bit: - [2012.04.24 17:39:12 | 000,241,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr276x.sys -- (rr276x)
DRV:64bit: - [2012.04.24 17:37:54 | 000,240,960 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\274x_3x.sys -- (274x_3x)
DRV:64bit: - [2012.04.24 17:01:44 | 000,612,672 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\272x_1x.sys -- (272x_1x)
DRV:64bit: - [2012.04.23 07:31:22 | 000,087,168 | R--- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.04.23 07:31:22 | 000,064,384 | R--- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.04.11 02:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.04.11 02:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.03.26 05:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.03.08 10:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:64bit: - [2012.03.02 10:37:58 | 000,221,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2012.03.02 10:37:58 | 000,065,536 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2012.03.01 18:46:54 | 000,108,840 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.02.28 21:42:29 | 000,051,496 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas2.sys -- (megasas2)
DRV:64bit: - [2012.02.23 04:20:36 | 000,317,744 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2012.02.23 04:20:36 | 000,027,440 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2012.02.22 17:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)
DRV:64bit: - [2012.02.22 17:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)
DRV:64bit: - [2012.02.21 19:46:18 | 000,396,776 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012.02.21 19:46:18 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012.01.24 16:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.01.20 13:39:16 | 000,205,312 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012.01.20 13:39:04 | 000,254,464 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2012.01.17 15:29:22 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.01.06 09:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.12.29 21:02:18 | 000,292,136 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.01 23:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.11.23 00:59:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.11.23 00:59:48 | 000,410,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.15 10:15:00 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2011.09.15 10:14:58 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2011.09.13 15:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 15:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.05.19 15:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.05.06 09:56:02 | 000,182,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2011.05.02 11:41:22 | 000,040,744 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC600e.sys -- (DC600e)
DRV:64bit: - [2011.05.02 11:41:14 | 000,049,752 | ---- | M] (Dawicontrol GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DC324e.sys -- (DC324e)
DRV:64bit: - [2011.05.02 11:41:06 | 000,040,344 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC300e.sys -- (DC300e)
DRV:64bit: - [2011.05.02 11:40:56 | 000,048,328 | ---- | M] (Dawicontrol GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DC3410.sys -- (DC3410)
DRV:64bit: - [2011.05.02 11:40:50 | 000,048,360 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC4300.sys -- (DC4300)
DRV:64bit: - [2011.05.02 11:40:42 | 000,048,136 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC154.sys -- (DC154)
DRV:64bit: - [2011.05.02 11:40:32 | 000,039,832 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC150.sys -- (DC150)
DRV:64bit: - [2011.05.02 11:40:20 | 000,039,320 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC133.sys -- (DC133)
DRV:64bit: - [2011.04.29 14:34:32 | 000,100,864 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.17 19:04:20 | 000,188,544 | R--- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 19:04:18 | 000,087,168 | R--- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.02.15 11:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.02 18:23:46 | 000,161,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
DRV:64bit: - [2010.11.29 03:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.16 18:06:52 | 000,156,256 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr62x.sys -- (rr62x)
DRV:64bit: - [2010.02.11 13:01:20 | 000,026,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
DRV:64bit: - [2010.02.11 13:00:22 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
DRV:64bit: - [2009.12.31 18:37:56 | 000,168,032 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2522.sys -- (rr2522)
DRV:64bit: - [2009.12.31 18:23:58 | 000,162,400 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2340.sys -- (rr2340)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.11.16 15:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009.11.16 15:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009.11.09 03:24:12 | 000,052,768 | ---- | M] (ARECA Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcm_a64.sys -- (arcm_a64)
DRV:64bit: - [2009.08.01 17:08:26 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisagpx.sys -- (uagp35)
DRV:64bit: - [2009.08.01 17:08:26 | 000,067,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisagpx.sys -- (SISAGP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.12 11:28:24 | 000,170,528 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\2310_00.sys -- (2310_00)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.25 17:56:54 | 000,017,440 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptiop.sys -- (hptiop)
DRV:64bit: - [2009.04.16 11:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (megasr1)
DRV:64bit: - [2009.02.09 10:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.09.29 13:51:18 | 000,061,440 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HWA.sys -- (HWA)
DRV:64bit: - [2008.09.15 11:51:10 | 000,013,312 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuwbmini.sys -- (uwbusb)
DRV:64bit: - [2008.09.11 17:56:28 | 000,503,296 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DfuUWB.sys -- (dfuuwb)
DRV:64bit: - [2008.05.05 17:49:08 | 000,152,096 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr232x.sys -- (rr232x)
DRV:64bit: - [2008.01.09 21:06:10 | 000,015,872 | ---- | M] (Intel Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cbaf.sys -- (cbaf)
DRV:64bit: - [2007.11.13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
DRV:64bit: - [2007.11.01 14:21:14 | 000,152,096 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv6.sys -- (hptmv6)
DRV:64bit: - [2007.11.01 14:20:10 | 000,153,632 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2210.sys -- (rr2210)
DRV:64bit: - [2007.11.01 14:19:44 | 000,159,264 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr174x.sys -- (rr174x)
DRV:64bit: - [2007.11.01 14:19:04 | 000,124,448 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr172x.sys -- (rr172x)
DRV:64bit: - [2007.10.03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007.10.03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007.10.03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2007.04.11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:64bit: - [2007.02.01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
DRV:64bit: - [2006.11.10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
DRV:64bit: - [2006.11.02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
DRV:64bit: - [2006.09.20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2006.09.18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
DRV:64bit: - [2005.09.23 04:50:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2010.10.07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roberto\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roberto\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Roberto\AppData\Local\Google\Chrome\Application\26.0.1386.0\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Roberto\AppData\Local\Google\Chrome\Application\26.0.1386.0\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Roberto\AppData\Local\Google\Chrome\Application\26.0.1386.0\pdf.dll
CHR - Extension: Google Docs = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Roberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1706AB22-AC23-44D7-92C2-78CD1E354D40}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1975B2B-5659-4F80-AFCF-3B40E52D7386}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.31 10:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Roberto\Desktop\OTL.exe
[2013.01.31 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\The Creative Assembly
[2013.01.31 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\Assassin's Creed Revelations
[2013.01.31 09:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013.01.30 21:48:02 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Malwarebytes
[2013.01.30 21:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.30 21:47:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.30 21:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.30 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.30 21:47:32 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Programs
[2013.01.30 21:45:32 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\NVIDIA
[2013.01.30 21:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z
[2013.01.30 21:41:15 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Media Player Classic
[2013.01.30 21:39:48 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Secunia PSI
[2013.01.30 21:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.01.30 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\ANNO 2070
[2013.01.30 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Ubisoft Game Launcher
[2013.01.30 21:01:01 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Ubisoft
[2013.01.30 20:11:27 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.30 20:11:26 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.01.30 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\WinRAR
[2013.01.30 19:41:52 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\PunkBuster
[2013.01.30 18:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.01.30 17:24:59 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\FUSSBALL MANAGER 11
[2013.01.30 17:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS
[2013.01.30 16:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2013.01.30 16:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock Games
[2013.01.30 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2013.01.30 16:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock Games
[2013.01.30 16:24:27 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\G DATA
[2013.01.30 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\GameStop
[2013.01.30 16:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\GameStop
[2013.01.30 16:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2013.01.30 16:08:06 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.30 16:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.30 16:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.30 16:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.01.30 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.01.30 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.01.30 16:04:37 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Stardock
[2013.01.30 16:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013.01.30 16:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2013.01.30 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2013.01.30 16:04:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{19DFF2E9-B443-44CA-AB80-E968934E1428}
[2013.01.30 16:04:17 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\PackageAware
[2013.01.30 15:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.01.30 15:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.01.30 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013.01.30 15:40:15 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Windows Live Writer
[2013.01.30 15:40:15 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Windows Live Writer
[2013.01.30 15:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.01.30 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.30 15:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.01.30 15:37:08 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Windows Live
[2013.01.30 15:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.01.30 15:23:34 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.01.29 14:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera Recorder
[2013.01.29 14:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camera Recorder
[2013.01.29 13:27:30 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\BMExplorer
[2013.01.29 13:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013.01.29 13:27:27 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Atheros
[2013.01.29 13:23:35 | 000,135,832 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_rcp.sys
[2013.01.29 13:23:02 | 000,076,952 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_lwflt.sys
[2013.01.29 13:22:46 | 000,178,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_hcrp.sys
[2013.01.29 13:22:14 | 000,088,728 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_flt.sys
[2013.01.29 13:21:33 | 000,344,216 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_a2dp.sys
[2013.01.29 13:21:33 | 000,114,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_avdt.sys
[2013.01.29 13:17:28 | 000,033,944 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_bus.sys
[2013.01.29 13:17:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\Documents\Bluetooth Folder
[2013.01.29 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2013.01.29 13:16:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2013.01.29 13:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\QCA_Bluetooth
[2013.01.29 13:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2013.01.29 13:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm Atheros
[2013.01.29 13:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Bigfoot Networks
[2013.01.29 12:24:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.01.29 12:18:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.22 19:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.01.22 19:21:37 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.01.22 19:11:16 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.22 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Google
[2013.01.22 18:57:31 | 000,029,672 | ---- | C] (REALiX(tm)) -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS
[2013.01.22 18:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[2013.01.22 18:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64
[2013.01.22 18:34:26 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.01.22 18:34:22 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2013.01.22 18:34:22 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.01.22 18:34:22 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.01.22 18:34:22 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.01.22 18:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2013.01.22 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\TuneUp Software
[2013.01.22 18:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2013.01.22 18:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.22 18:27:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2013.01.22 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
[2013.01.22 13:25:22 | 000,011,240 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2013.01.22 13:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2013
[2013.01.22 13:11:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BioAPIFFDB
[2013.01.22 13:11:08 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2013.01.22 13:11:06 | 000,062,368 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.01.22 13:10:59 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.01.22 13:10:59 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.01.22 13:10:59 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.01.22 13:10:52 | 000,065,008 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.01.22 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software
[2013.01.22 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2013.01.22 13:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2013.01.22 13:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2013.01.22 13:09:44 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Downloaded Installations
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Virtual Machines
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Searches
[2013.01.22 12:40:23 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.22 12:40:14 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Identities
[2013.01.22 12:40:12 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Contacts
[2013.01.22 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\VirtualStore
[2013.01.22 12:40:09 | 000,000,000 | --SD | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Videos
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Saved Games
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Pictures
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Music
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Links
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Favorites
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Downloads
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Documents
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\Desktop
[2013.01.22 12:40:09 | 000,000,000 | R--D | C] -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Vorlagen
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\AppData\Local\Verlauf
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\AppData\Local\Temporary Internet Files
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Startmenü
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\SendTo
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Recent
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Netzwerkumgebung
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Lokale Einstellungen
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Documents\Eigene Videos
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Documents\Eigene Musik
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Eigene Dateien
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Documents\Eigene Bilder
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Druckumgebung
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Cookies
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\AppData\Local\Anwendungsdaten
[2013.01.22 12:40:09 | 000,000,000 | -HSD | C] -- C:\Users\Roberto\Anwendungsdaten
[2013.01.22 12:40:09 | 000,000,000 | -H-D | C] -- C:\Users\Roberto\AppData
[2013.01.22 12:40:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Temp
[2013.01.22 12:40:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Local\Microsoft
[2013.01.22 12:40:09 | 000,000,000 | ---D | C] -- C:\Users\Roberto\AppData\Roaming\Media Center Programs
[2013.01.21 10:53:20 | 002,603,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.01.21 10:53:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.21 10:53:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.21 10:53:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.21 10:53:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.21 10:53:19 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.21 10:53:19 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.21 10:53:19 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.21 10:53:19 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.21 10:53:19 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.21 10:53:19 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.21 10:53:18 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.01.21 10:53:18 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.21 10:53:18 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.21 10:53:17 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.21 10:53:16 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.01.21 10:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.21 10:48:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.21 10:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.21 10:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.01.21 10:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.01.21 10:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.21 10:37:58 | 000,000,000 | ---D | C] -- C:\temp
[2013.01.21 10:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.01.21 10:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.01.21 10:36:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.21 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.01.21 10:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.01.21 10:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.21 10:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.01.21 10:27:09 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2013.01.21 10:27:09 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2013.01.21 10:26:58 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\Intel_OpenCL_ICD64.dll
[2013.01.21 10:26:58 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll
[2013.01.21 10:26:06 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.21 10:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013.01.21 10:23:16 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.01.21 10:23:16 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\ssleay32.dll
[2013.01.21 10:23:15 | 002,288,181 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll
[2013.01.21 10:23:15 | 001,178,112 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libeay32.dll
[2013.01.21 10:23:15 | 001,008,128 | ---- | C] (GnuWin32 <hxxp://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\libiconv2.dll
[2013.01.21 10:23:15 | 000,325,376 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
[2013.01.21 10:23:15 | 000,265,216 | ---- | C] (The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS) -- C:\Windows\SysWow64\libssl32.dll
[2013.01.21 10:23:15 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll
[2013.01.21 10:23:15 | 000,103,424 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll
[2013.01.21 10:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.21 10:20:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013.01.21 10:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.01.21 10:18:19 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.21 10:12:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.21 10:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.21 10:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.21 10:05:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.21 10:01:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.21 10:00:20 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.21 09:59:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 10:30:38 | 000,000,000 | ---- | M] () -- C:\Users\Roberto\defogger_reenable
[2013.01.31 10:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roberto\Desktop\OTL.exe
[2013.01.31 10:18:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004UA.job
[2013.01.31 09:17:21 | 000,021,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 09:17:21 | 000,021,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 09:17:13 | 001,647,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.31 09:17:13 | 000,711,268 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.31 09:17:13 | 000,663,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.31 09:17:13 | 000,154,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.31 09:17:13 | 000,126,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.31 09:15:11 | 000,963,465 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.01.31 09:15:11 | 000,051,602 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.01.31 09:10:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 09:09:56 | 4210,737,150 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.31 01:54:23 | 000,000,244 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed III.lnk
[2013.01.31 01:39:17 | 000,000,216 | ---- | M] () -- C:\Users\Roberto\Desktop\FUSSBALL MANAGER 11.lnk
[2013.01.31 01:35:45 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.31 01:35:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.31 01:34:07 | 003,123,272 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.30 22:28:17 | 000,009,514 | ---- | M] () -- C:\Users\Roberto\Documents\Ubisoft - Auftragsbestätigung (Bestellung Nr_ 20335450524).eml
[2013.01.30 21:47:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.30 21:45:20 | 000,000,963 | ---- | M] () -- C:\Users\Roberto\Desktop\TechPowerUp GPU-Z.lnk
[2013.01.30 21:42:55 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.30 21:01:47 | 000,000,196 | ---- | M] () -- C:\Users\Roberto\Desktop\ANNO 2070.lnk
[2013.01.30 20:42:18 | 000,002,256 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed Revelations.lnk
[2013.01.30 20:11:27 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.30 20:11:26 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.01.30 19:42:20 | 000,001,818 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed Brotherhood.lnk
[2013.01.30 19:18:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004Core.job
[2013.01.30 19:04:37 | 000,001,290 | ---- | M] () -- C:\Users\Roberto\Desktop\Assassin's Creed II.lnk
[2013.01.30 16:45:18 | 000,000,222 | ---- | M] () -- C:\Users\Roberto\Desktop\Sins of a Solar Empire Rebellion.url
[2013.01.30 16:29:35 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.01.30 16:04:35 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\GameStop.lnk
[2013.01.30 15:57:31 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Magical Defrag 3.lnk
[2013.01.30 15:21:00 | 001,625,256 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.29 14:52:30 | 000,002,793 | ---- | M] () -- C:\Users\Public\Desktop\CameraRecorder.lnk
[2013.01.29 13:15:57 | 000,002,268 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.29 13:15:57 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.22 19:13:41 | 000,002,375 | ---- | M] () -- C:\Users\Roberto\Desktop\Google Chrome.lnk
[2013.01.22 18:57:31 | 000,029,672 | ---- | M] (REALiX(tm)) -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS
[2013.01.22 18:34:21 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.22 18:34:21 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2013.01.22 13:26:23 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.01.22 13:25:31 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.01.22 13:25:22 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.01.22 13:25:22 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.01.22 13:25:22 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.01.22 13:19:44 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.22 13:11:08 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2013.01.22 13:10:47 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2013.01.22 12:37:52 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.22 12:37:52 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.21 11:28:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.21 10:45:43 | 000,019,114 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.01.21 10:23:34 | 000,021,731 | ---- | M] () -- C:\Windows\unins002.dat
[2013.01.21 10:23:19 | 001,199,175 | ---- | M] () -- C:\Windows\unins002.exe
[2013.01.21 10:23:19 | 000,010,926 | ---- | M] () -- C:\Windows\unins001.dat
[2013.01.21 10:23:14 | 001,187,609 | ---- | M] () -- C:\Windows\unins001.exe
[2013.01.21 10:23:14 | 000,007,960 | ---- | M] () -- C:\Windows\unins000.dat
[2013.01.21 10:23:13 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013.01.21 10:07:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.10 14:35:41 | 000,011,240 | ---- | M] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.31 10:30:38 | 000,000,000 | ---- | C] () -- C:\Users\Roberto\defogger_reenable
[2013.01.31 01:54:23 | 000,000,244 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed III.lnk
[2013.01.31 01:39:17 | 000,000,216 | ---- | C] () -- C:\Users\Roberto\Desktop\FUSSBALL MANAGER 11.lnk
[2013.01.31 01:35:43 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.30 22:28:11 | 000,009,514 | ---- | C] () -- C:\Users\Roberto\Documents\Ubisoft - Auftragsbestätigung (Bestellung Nr_ 20335450524).eml
[2013.01.30 21:47:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.30 21:45:20 | 000,000,963 | ---- | C] () -- C:\Users\Roberto\Desktop\TechPowerUp GPU-Z.lnk
[2013.01.30 21:39:43 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.30 21:39:43 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.30 21:01:47 | 000,000,196 | ---- | C] () -- C:\Users\Roberto\Desktop\ANNO 2070.lnk
[2013.01.30 20:42:18 | 000,002,256 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed Revelations.lnk
[2013.01.30 19:42:20 | 000,001,818 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed Brotherhood.lnk
[2013.01.30 19:41:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.30 19:41:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.30 19:04:37 | 000,001,290 | ---- | C] () -- C:\Users\Roberto\Desktop\Assassin's Creed II.lnk
[2013.01.30 16:45:18 | 000,000,222 | ---- | C] () -- C:\Users\Roberto\Desktop\Sins of a Solar Empire Rebellion.url
[2013.01.30 16:07:52 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.01.30 16:04:35 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\GameStop.lnk
[2013.01.30 15:57:31 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Magical Defrag 3.lnk
[2013.01.30 15:39:13 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.01.29 14:52:30 | 000,002,793 | ---- | C] () -- C:\Users\Public\Desktop\CameraRecorder.lnk
[2013.01.29 13:15:57 | 000,002,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.29 13:15:57 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2013.01.22 19:13:10 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004UA.job
[2013.01.22 19:13:08 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-571990867-4251336482-3981496003-1004Core.job
[2013.01.22 19:11:16 | 000,002,375 | ---- | C] () -- C:\Users\Roberto\Desktop\Google Chrome.lnk
[2013.01.22 18:34:21 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.22 18:34:21 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2013.01.22 18:34:21 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2013.01.22 18:23:49 | 000,963,465 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2013.01.22 18:23:49 | 000,051,602 | ---- | C] () -- C:\Windows\SysWow64\nmp.map
[2013.01.22 13:10:47 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalProtection.lnk
[2013.01.22 12:40:28 | 000,001,405 | ---- | C] () -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.22 12:40:25 | 000,001,439 | ---- | C] () -- C:\Users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.21 11:28:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.21 10:53:22 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat
[2013.01.21 10:53:19 | 000,323,169 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.21 10:45:43 | 000,019,114 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.01.21 10:38:06 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.01.21 10:37:44 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.01.21 10:26:59 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2013.01.21 10:26:59 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2013.01.21 10:26:59 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2013.01.21 10:26:58 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013.01.21 10:26:58 | 000,223,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2013.01.21 10:26:58 | 000,209,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2013.01.21 10:26:58 | 000,193,862 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2013.01.21 10:26:58 | 000,165,865 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2013.01.21 10:26:58 | 000,163,120 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2013.01.21 10:26:58 | 000,158,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2013.01.21 10:26:58 | 000,149,390 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2013.01.21 10:26:58 | 000,147,759 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2013.01.21 10:26:58 | 000,147,101 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2013.01.21 10:26:58 | 000,147,010 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2013.01.21 10:26:58 | 000,145,715 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2013.01.21 10:26:58 | 000,145,211 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2013.01.21 10:26:58 | 000,144,378 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2013.01.21 10:26:58 | 000,143,976 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2013.01.21 10:26:58 | 000,143,730 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2013.01.21 10:26:58 | 000,143,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2013.01.21 10:26:58 | 000,142,990 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2013.01.21 10:26:58 | 000,142,617 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2013.01.21 10:26:58 | 000,142,423 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2013.01.21 10:26:58 | 000,142,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2013.01.21 10:26:58 | 000,141,739 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2013.01.21 10:26:58 | 000,141,574 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2013.01.21 10:26:58 | 000,140,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2013.01.21 10:26:58 | 000,137,621 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2013.01.21 10:26:58 | 000,137,534 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2013.01.21 10:26:58 | 000,136,873 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2013.01.21 10:26:58 | 000,132,360 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2013.01.21 10:26:58 | 000,126,035 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2013.01.21 10:26:58 | 000,124,403 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2013.01.21 10:26:58 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2013.01.21 10:26:58 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013.01.21 10:26:58 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013.01.21 10:26:58 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013.01.21 10:26:58 | 000,000,259 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2013.01.21 10:23:19 | 001,199,175 | ---- | C] () -- C:\Windows\unins002.exe
[2013.01.21 10:23:19 | 000,021,731 | ---- | C] () -- C:\Windows\unins002.dat
[2013.01.21 10:23:16 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2013.01.21 10:23:15 | 001,187,609 | ---- | C] () -- C:\Windows\unins001.exe
[2013.01.21 10:23:15 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll
[2013.01.21 10:23:15 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll
[2013.01.21 10:23:15 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2013.01.21 10:23:15 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll
[2013.01.21 10:23:15 | 000,010,926 | ---- | C] () -- C:\Windows\unins001.dat
[2013.01.21 10:23:14 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013.01.21 10:23:14 | 000,007,960 | ---- | C] () -- C:\Windows\unins000.dat
[2013.01.21 10:20:52 | 001,625,256 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.21 10:10:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.21 10:10:11 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.21 10:07:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.21 10:00:20 | 4210,737,150 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.24 14:39:39 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.24 15:04:44 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.24 15:04:44 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.30 19:41:52 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\PunkBuster
[2013.01.30 16:06:22 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\Stardock
[2013.01.31 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\The Creative Assembly
[2013.01.30 15:29:06 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\TuneUp Software
[2013.01.31 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\Ubisoft
[2013.01.30 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Roberto\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1057 bytes -> C:\Users\Roberto\Documents\Ubisoft - Auftragsbestätigung (Bestellung Nr_ 20335450524).eml:OECustomProperty

< End of report >
         
--- --- ---
__________________


Alt 31.01.2013, 12:33   #3
markusg
/// Malware-holic
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



hi
stammt das Spiel denn aus einer legalen Quelle?
__________________
__________________

Alt 31.01.2013, 12:55   #4
Devilspearl
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



Ja das spiel stammt aus einer legalen Quelle (ist mein selbstgekauftes) ich habe mir allerdings eine MOD-Datei aus dem TWC-Forum heruntergeladen die nannte sich Darthmod Empire 8 platinum, beim entpacken war auch keine Viruswarnung gemeldet worden.
Als ich dann aber die Instalationsanleitung folgte bekamm ich oben genannte Meldung über einen Virus..... und Gdata sperrte und als es die Datei nich säubern konnte hat es sie komplett gelöscht.

Alt 31.01.2013, 12:57   #5
markusg
/// Malware-holic
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



kannst du aus der Gdata quarantäne dateien als Fehlalarm einsenden? (nutze das programm selbst nicht) dann das mal probieren.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.01.2013, 19:15   #6
Devilspearl
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



hab ich versucht aber mein emailclient sagt die datei wäre viel zu groß zum einsenden

Alt 31.01.2013, 19:22   #7
markusg
/// Malware-holic
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



packe sie mal mit winrar
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.02.2013, 11:52   #8
Devilspearl
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



hab ich getan aber ließ sich nicht versenden, ich kann die Datei nur versenden wenn ich sie über die Quarantäne direkt einsende, und da ist sie zu groß.
wie sieht es denn bis jetzt aus? ist das system noch infiziert??

Alt 02.02.2013, 19:38   #9
markusg
/// Malware-holic
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



hast du die Datei eingesendet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.02.2013, 15:58   #10
Devilspearl
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



hab ich doch geschrieben sie lässt sich nicht versenden, warum weiß auch nicht!

ich kann sie auch nicht mehr aus der Quarantäne holen nur noch manuel löschen wird mir angezeigt mehr leider nicht

MfG
Devilspearl

Alt 04.02.2013, 11:06   #11
markusg
/// Malware-holic
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



du hast geschrieben:
Zitat:
Zitat von Devilspearl Beitrag anzeigen
hab ich getan aber ließ sich nicht versenden, ich kann die Datei nur versenden wenn ich sie über die Quarantäne direkt einsende, und da ist sie zu groß.
wie sieht es denn bis jetzt aus? ist das system noch infiziert??
wo steht da, dass du die Datei nicht aus der Quarantäne hohlen kannst?
ist auf jeden fall ein Fehlalarm.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 15:40   #12
Devilspearl
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



ok Danke heißt also ich muß keine weiteren Maßnahmen ergreifen, wie tds Killer combofix malware antirootkit etc ....

dann macht weiter so ich hoffe ihr bildet bald wieder Schüler aus,damit ich mich ebenfalls der Bekämpfung widmen kann.

Mfg Devilspearl

Alt 04.02.2013, 15:51   #13
markusg
/// Malware-holic
 
Trojan.Generic.8347442  Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - Standard

Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d



nein musst du nicht.
wegen der Datei kannst du ja mal direkt bei G-data anfragen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d
antivierensoftware, appdata, code, datei, dateien, defender, downloader, festplatte, firewall, folge, infizierte, internet, log, logfiles, nvidia, nvidia update, opera, prozesse, prüfen, roaming, software, system volume information, system32, temp, totalprotection, trojan.generic., virus, windows, wmi



Ähnliche Themen: Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d


  1. Ominöse .js-Datei im E-Mail-Anhang. Leider schon geöffnet, was ist das?
    Plagegeister aller Art und deren Bekämpfung - 13.04.2015 (17)
  2. PUP.Nextlive.a mit MAM erfolgreich gelöscht, aber noch in der Systemkonfig vorhanden
    Plagegeister aller Art und deren Bekämpfung - 09.06.2014 (11)
  3. Trojaner und Malware gefunden, wurden gelöscht, Pc-Probleme sind aber noch da
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (18)
  4. System noch mit Schadsoftware befallen? Scan-tools um dies auszuschließen und wirklich sicher zu gehen
    Plagegeister aller Art und deren Bekämpfung - 04.05.2013 (2)
  5. PWS:Win32/Zbot.gen!AJ schon gelöscht oder versteckt er sich noch?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (9)
  6. My start incredibar leider daten schon gelöscht
    Log-Analyse und Auswertung - 21.11.2012 (27)
  7. RECYCLER Ordner auf externen Datenträgern, Nur noch Verknüpfungen..Wo sind meine Daten hin?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (4)
  8. Meine Musikordner auf den externen Festplatten sind nur noch Verknüpfungen
    Log-Analyse und Auswertung - 07.05.2012 (2)
  9. Dateien auf dem USB stick sind nur noch als Verknüpfungen vorhanden
    Log-Analyse und Auswertung - 22.11.2011 (18)
  10. Teile meines Laptops sind nur noch als Verknüpfungen da!?!
    Log-Analyse und Auswertung - 26.10.2011 (8)
  11. Data Recovery entfernt. In Startmenü, auf Desktop und Rundll sind noch vorhanden.
    Log-Analyse und Auswertung - 24.09.2011 (6)
  12. Trojan Win32 Generic BT noch vorhanden oder sicher gelöscht?
    Log-Analyse und Auswertung - 15.08.2010 (1)
  13. trojan.tdss gelöscht oder noch vorhanden ???
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (28)
  14. Verschiedene Viren & Backdoorprogramme - sind noch Schädlinge vorhanden?
    Log-Analyse und Auswertung - 02.01.2009 (1)
  15. TR/Rootkit.Gen immer noch da? oder schon gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2008 (12)
  16. Trojaner TR/Dldr.Delf.gmg.1 gefunden/gelöscht noch vorhanden?
    Log-Analyse und Auswertung - 20.04.2008 (1)
  17. Backdoortrojaner gelöscht oder noch vorhanden
    Log-Analyse und Auswertung - 19.02.2008 (1)

Zum Thema Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d - [CODEVirenprüfung mit G Data TotalProtection 2013 Version 23.1.0.2 (16.01.2013) Virensignaturen vom 31.01.2013 Startzeit: 31.01.2013 09:58:11 Engine(s): Engine A (AVA 22.7643), Engine B (AVL 22.1504) Heuristik: Ein Archive: Ein Systembereiche: Ein - Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d...
Archiv
Du betrachtest: Trojan.Generic.8347442 Leider hat meine Antivierensoftware die Datei schon gelöscht. will nur sicher gehen ob noch teile vorhanden sind. d auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.