Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Immer wieder Abstürze einfach so - WIN XP SP3 (https://www.trojaner-board.de/138982-immer-abstuerze-einfach-so-win-xp-sp3.html)

Eule69 29.07.2013 14:48
Immer wieder Abstürze einfach so - WIN XP SP3
 
Hallo Ihr Klugen Schädlingsbekämpfer,

Ich habe immer wieder einfach so Abstürze (PC einfach aus) und teilweise völlig blödsinniges Verhalten von Google Chrome - Monitor 2 24'' 1900*1200 und M2 27'' 2560*1440 (senkrecht ) - wenn ich surfe, kommen einfach so die hinter dem Fenster liegenden Programm teilweise nach vorn, aber nur auf dem 27'' senkrecht - sobald ich den Browser auf M1 verschiebe, dann nicht mehr. Er soll aber auch in einer Länge von 2560 funktionieren.... (Neuester GrafikTreiber ist drauf)

Ich möchte nun erst mal abklären, ob es an einem Schädliing liegen kann, bevor ich die Hardware Stück für Stück prüfe(n muß).


Wäre nett, wenn ihr kurz über mein Log drüberschaut, ob da was verdächtiges drin ist....

EMSI-Soft Anti-Malware hat nichts gefunden, wie diverse andere OnlineScanner auch nicht.
AVIRA DE-Cleaner auch nicht
Bitdefender Online Scanner auch nicht.
ESET Online Scanner auch nicht.

Habe keinen dauerhaften Virenschutz instlalliert, nimmt mir zu viele Ressourcen weg.

Hatte so ein paar kleine Sachen wie snap.do und qv.o6, die habe ich aber alle mit JRT entfernen lassen.

Hier das .log:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:15:14, on 29.07.13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.exe
D:\_faster\CachemanXP\CachemanXP.exe
D:\_improve system\Flashfolder\FlashFolder.exe
C:\Programme\Soluto\SolutoLauncherService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
D:\_improve system\MMTaskbar 3.0\MultiMon.exe
D:\_improve system\WindowManager\WindowManager.exe
Q:\_easywork\ObjectDock\ObjectDock.exe
D:\_easywork\PTFB Pro\PTFBPro.exe
Q:\_system improve\Anvir TaskManager Pro\anvir.exe
D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe
C:\WINDOWS\system32\taskmgr.exe
D:\_improve system\System Explorer\SystemExplorer.exe
D:\_improve system\System Explorer\service\SystemExplorerService.exe
C:\Programme\WebTemp\WebTemp.exe
C:\Programme\WebTemp\HWMonitor32.exe
C:\Programme\TweakRAM\TweakRAM.exe
D:\_improve system\Process Lasso\ProcessLasso.exe
D:\_backup\Desksave821\DeskSave.exe
C:\Programme\Launchy\Launchy.exe
D:\_easywork\ComfortKeys\CKeys.exe
D:\_easywork\activeaid\AutoHotkey\AutoHotkey.exe
D:\_easywork\ComfortKeys\CKeysCm.exe
Q:\_easywork\TaskSwitchXP\TaskSwitchXP.exe
Q:\_easywork\WinSplit Revolution\WinSplit.exe
Q:\_easywork\WinSplit Revolution\WinSplitDrvr32.exe
D:\_improve system\RocketDock\RocketDock.exe
D:\_filemanagement\xplorer² pro\xplorer2_UC.exe
D:\_improve system\Process Lasso\ProcessGovernor.exe
R:\_easywork\Everything\Everything.exe
Q:\_easywork\allsnap150beta\allsnap.exe
D:\_info\TimeLeft3\TimeLeft.exe
D:\_improve system\aborange Scheduler\aboScheduler.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\mmc.exe
C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\TrueImageHomeNotify.exe
C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\TrueImageHomeService.exe
C:\Programme\Emsisoft Anti-Malware\a2service.exe
C:\Programme\Emsisoft Anti-Malware\a2guard.exe
E:\_ dropbox _\Dropbox\_ install new\__new\HiJackThis204.exe
R:\GoogleChromePortable 28 final\GoogleChromePortable.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\Office 2003\OFFICE11\WINWORD.EXE
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=395049983_134962_1A3A1AE6&ts=1373469190
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=395049983_134962_1A3A1AE6&ts=1373469190
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\programme\soluto\soluto.exe /userinit
O1 - Hosts: # Copyright (c) 1993-1999 Microsoft Corp.
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\z_rest\Java 7.25 - 2\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - D:\Programme\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\z_rest\Java 7.25 - 2\bin\jp2ssv.dll
O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [amd_dc_opt] D:\_hardware\AMD Dual Core optimizer 1.1.4\amd_dc_opt.exe
O4 - HKLM\..\Run: [nwiz] "C:\Programme\NVIDIA Corporation\nview\nwiz.exe" /installquiet
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: WindowManager.lnk = D:\_improve system\WindowManager\WindowManager.exe
O4 - Global Startup: MultiMon Taskbar.lnk = D:\_improve system\MMTaskbar 3.0\MultiMon.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - res://D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - res://D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: PDF-Datei erstellen - res://D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - res://D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\Programme\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373592075671
O18 - Protocol: AnVirDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programme\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: ArchiCrypt Ultimate RAM-Disk 3 - Realisiert RAM-Disk (ArchiCrypt Ultimate RAM-Disk 3) - Softwareentwicklung Remus - ArchiCrypt - C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.exe
O23 - Service: BootlogService - Greatis Software (c) - D:\_faster\BootLog XP\BootLogService.exe
O23 - Service: BWMeter Connections Service (BWMeterConSvc) - Unknown owner - D:\_faster\BWMeter\BWMeterConSvc.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - D:\_faster\CachemanXP\CachemanXP.exe
O23 - Service: FlashFolder - zett42 - D:\_improve system\Flashfolder\FlashFolder.exe
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Programme\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - GlavSoft LLC. - C:\Programme\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Programme\Soluto\SolutoService.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - D:\_improve system\System Explorer\service\SystemExplorerService.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows (R) Codename Longhorn DDK provider - D:\_maintenance\UPHClean\uphclean.exe

--
End of file - 9822 bytes
Hier das Log.file von JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Microsoft Windows XP x86
Ran by Elmar-Admin on 29.07.13 at 14:46:09,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\ieplugin.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\gencrawler_gc.gencrawler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ieplugin.iewebhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ieplugin.iewebhook.1

~~~ Files
~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.13 at 14:52:12,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

================================================================

Hier das Log.file von ADWCleaner

[CODE]JRTAdwCleaner Logfile:
Code:
# AdwCleaner v2.306 - Datei am 29/07/2013 um 15:50:48 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Elmar-Admin - ASUS-A8N
# Bootmodus : Normal
# Ausgeführt unter : E:\_ dropbox _\Dropbox\_ install new\_security\adwcleaner06.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gefunden : C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gefunden : C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\PackageAware

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Programme\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=395049983_134962_1A3A1AE6&ts=1373469190
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\FoxyDeal
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-854245398-1960408961-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=395049983_134962_1A3A1AE6&ts=1373469190
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=395049983_134962_1A3A1AE6&ts=1373469190

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\75mu9wvt.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.71

Datei : C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Chromium v26.0.1450.0

Datei : C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4483 octets] - [29/07/2013 15:50:48]

########## EOF - C:\AdwCleaner[R1].txt - [4543 octets] ##########
--- --- ---


======================================================================

Systemlook meldet Fehler "Script required" - geht also nicht....

======================================================================


====================================

Kasperskay TDSSKiller

Code:
16:13:02.0109 3368  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:13:02.0531 3368  ============================================================
16:13:02.0531 3368  Current date / time: 2013/07/29 16:13:02.0531
16:13:02.0531 3368  SystemInfo:
16:13:02.0531 3368 
16:13:02.0531 3368  OS Version: 5.1.2600 ServicePack: 3.0
16:13:02.0531 3368  Product type: Workstation
16:13:02.0531 3368  ComputerName: ASUS-A8N
16:13:02.0531 3368  UserName: Elmar-Admin
16:13:02.0531 3368  Windows directory: C:\WINDOWS
16:13:02.0531 3368  System windows directory: C:\WINDOWS
16:13:02.0531 3368  Processor architecture: Intel x86
16:13:02.0531 3368  Number of processors: 2
16:13:02.0531 3368  Page size: 0x1000
16:13:02.0531 3368  Boot type: Normal boot
16:13:02.0531 3368  ============================================================
16:13:04.0734 3368  Drive \Device\Harddisk1\DR1 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3C94, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:13:04.0734 3368  Drive \Device\Harddisk2\DR2 - Size: 0x14F61AE000 (83.85 Gb), SectorSize: 0x200, Cylinders: 0x2D6D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000058
16:13:04.0765 3368  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
16:13:04.0765 3368  Drive \Device\Harddisk4\DR16 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:13:04.0781 3368  Drive \Device\Harddisk5\DR18 - Size: 0x950B055E00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:13:04.0828 3368  ============================================================
16:13:04.0828 3368  \Device\Harddisk1\DR1:
16:13:04.0828 3368  MBR partitions:
16:13:04.0828 3368  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x29F9B30, BlocksNum 0xB5A4A10
16:13:04.0828 3368  \Device\Harddisk2\DR2:
16:13:04.0828 3368  MBR partitions:
16:13:04.0828 3368  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x51360, BlocksNum 0x3376A10
16:13:04.0828 3368  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x33C7DAF, BlocksNum 0xC069E1
16:13:04.0828 3368  \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x3FCE7CF, BlocksNum 0x2A0FD11
16:13:04.0828 3368  \Device\Harddisk2\DR2\Partition4: MBR, Type 0x7, StartLBA 0x69DE51F, BlocksNum 0x3DD10B1
16:13:04.0828 3368  \Device\Harddisk3\DR3:
16:13:04.0828 3368  MBR partitions:
16:13:04.0828 3368  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x332FC8E
16:13:04.0843 3368  \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0xA3CF503, BlocksNum 0x2FFB573E
16:13:04.0843 3368  \Device\Harddisk4\DR16:
16:13:04.0843 3368  MBR partitions:
16:13:04.0843 3368  \Device\Harddisk4\DR16\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:13:04.0843 3368  \Device\Harddisk5\DR18:
16:13:04.0843 3368  MBR partitions:
16:13:04.0843 3368  \Device\Harddisk5\DR18\Partition1: MBR, Type 0x7, StartLBA 0x3F07, BlocksNum 0x4A852FBA
16:13:04.0843 3368  ============================================================
16:13:04.0843 3368  F: <-> \Device\Harddisk2\DR2\Partition4
16:13:04.0875 3368  V: <-> \Device\Harddisk5\DR18\Partition1
16:13:04.0921 3368  I: <-> \Device\Harddisk1\DR1\Partition1
16:13:04.0953 3368  T: <-> \Device\Harddisk4\DR16\Partition1
16:13:04.0984 3368  W: <-> \Device\Harddisk3\DR3\Partition1
16:13:05.0000 3368  U: <-> \Device\Harddisk3\DR3\Partition2
16:13:05.0000 3368  E: <-> \Device\Harddisk2\DR2\Partition3
16:13:05.0000 3368  D: <-> \Device\Harddisk2\DR2\Partition2
16:13:05.0000 3368  C: <-> \Device\Harddisk2\DR2\Partition1
16:13:05.0000 3368  ============================================================
16:13:05.0000 3368  Initialize success
16:13:05.0000 3368  ============================================================
16:13:26.0281 5228  ============================================================
16:13:26.0281 5228  Scan started
16:13:26.0281 5228  Mode: Manual; SigCheck; TDLFS;
16:13:26.0281 5228  ============================================================
16:13:26.0359 5228  ================ Scan system memory ========================
16:13:26.0390 5228  System memory - ok
16:13:26.0421 5228  ================ Scan services =============================
16:13:26.0703 5228  [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc          C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys
16:13:27.0109 5228  a2acc - ok
16:13:27.0281 5228  [ 4B9C5EEBEE862574CF794582104F0C91 ] a2AntiMalware  C:\Programme\Emsisoft Anti-Malware\a2service.exe
16:13:27.0718 5228  a2AntiMalware - ok
16:13:27.0796 5228  [ B0CC0B50441372157F31C4C023D43A3E ] A2DDA          C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys
16:13:27.0953 5228  A2DDA - ok
16:13:27.0984 5228  [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Programme\Emsisoft Anti-Malware\a2dix86.sys
16:13:28.0140 5228  a2injectiondriver - ok
16:13:28.0265 5228  [ 8DEA3FE12A6686573F16A06AD95D7AB9 ] a2util          C:\Programme\Emsisoft Anti-Malware\a2util32.sys
16:13:28.0359 5228  a2util - ok
16:13:28.0718 5228  Abiosdsk - ok
16:13:28.0781 5228  abp480n5 - ok
16:13:28.0796 5228  [ C975B7FB61CE1674C7308DE4CF698F03 ] ACMoFlex32RD3  C:\WINDOWS\system32\drivers\ACMoFlex32RD3.sys
16:13:28.0890 5228  ACMoFlex32RD3 - ok
16:13:28.0906 5228  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:13:29.0109 5228  ACPI - ok
16:13:29.0140 5228  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
16:13:29.0328 5228  ACPIEC - ok
16:13:29.0406 5228  [ 35BCB0F33FABA91F93C062FBE7EA1EAC ] AcrSch2Svc      C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
16:13:29.0515 5228  AcrSch2Svc - ok
16:13:29.0546 5228  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:13:29.0609 5228  AdobeFlashPlayerUpdateSvc - ok
16:13:29.0640 5228  adpu160m - ok
16:13:29.0656 5228  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
16:13:29.0875 5228  aec - ok
16:13:29.0906 5228  [ DF139E5866C19E0B3217EF210198D875 ] afcdp          C:\WINDOWS\system32\DRIVERS\afcdp.sys
16:13:30.0015 5228  afcdp - ok
16:13:30.0109 5228  [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv        C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
16:13:30.0578 5228  afcdpsrv - ok
16:13:30.0625 5228  [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
16:13:30.0906 5228  AFD - ok
16:13:30.0953 5228  Aha154x - ok
16:13:31.0046 5228  [ 1CC3E547FE3DEC8272780F24F3059519 ] AHDDC2          D:\_maintenance\Ashampoo HDD Control 2\AHDDC2_Service.exe
16:13:32.0109 5228  AHDDC2 - ok
16:13:32.0328 5228  aic78u2 - ok
16:13:32.0359 5228  aic78xx - ok
16:13:32.0515 5228  [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM        C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:13:34.0062 5228  ALCXWDM - ok
16:13:34.0078 5228  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
16:13:34.0453 5228  Alerter - ok
16:13:35.0078 5228  [ 190CD73D4984F94D823F9444980513E5 ] ALG            C:\WINDOWS\System32\alg.exe
16:13:35.0218 5228  ALG - ok
16:13:35.0421 5228  AliIde - ok
16:13:35.0437 5228  [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8          C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:13:35.0578 5228  AmdK8 - ok
16:13:35.0593 5228  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD          C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
16:13:35.0703 5228  AmdLLD - ok
16:13:36.0015 5228  [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:13:36.0156 5228  AmdPPM - ok
16:13:36.0234 5228  amsint - ok
16:13:36.0250 5228  AnvirRun - ok
16:13:36.0312 5228  [ BCF37763868AB5ED70B392D3F101D44D ] AnyDVD          C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:13:36.0421 5228  AnyDVD - ok
16:13:36.0453 5228  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
16:13:36.0609 5228  AppMgmt - ok
16:13:36.0812 5228  [ A751D72D0D72FB3CE529F2097EC1E662 ] ArchiCrypt Ultimate RAM-Disk 3 C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.exe
16:13:37.0000 5228  ArchiCrypt Ultimate RAM-Disk 3 - ok
16:13:37.0015 5228  [ CA3F6CB8472A2E5F0B37FBFB8C7D8A2A ] ArgusMonitor    C:\WINDOWS\system32\drivers\ArgusMonitor.sys
16:13:37.0125 5228  ArgusMonitor - ok
16:13:37.0125 5228  asc - ok
16:13:37.0140 5228  asc3350p - ok
16:13:37.0156 5228  asc3550 - ok
16:13:37.0250 5228  [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO            C:\WINDOWS\system32\drivers\AsIO.sys
16:13:37.0375 5228  AsIO - ok
16:13:37.0406 5228  [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32          C:\WINDOWS\system32\drivers\Aspi32.sys
16:13:37.0437 5228  Aspi32 ( UnsignedFile.Multi.Generic ) - warning
16:13:37.0437 5228  Aspi32 - detected UnsignedFile.Multi.Generic (1)
16:13:37.0468 5228  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:13:37.0656 5228  aspnet_state - ok
16:13:38.0125 5228  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:13:38.0703 5228  AsyncMac - ok
16:13:38.0750 5228  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
16:13:39.0000 5228  atapi - ok
16:13:39.0078 5228  Atdisk - ok
16:13:39.0109 5228  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:13:39.0390 5228  Atmarpc - ok
16:13:39.0578 5228  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:13:39.0843 5228  AudioSrv - ok
16:13:39.0859 5228  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
16:13:40.0031 5228  audstub - ok
16:13:40.0046 5228  [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt        C:\WINDOWS\System32\Drivers\BANTExt.sys
16:13:40.0078 5228  BANTExt ( UnsignedFile.Multi.Generic ) - warning
16:13:40.0078 5228  BANTExt - detected UnsignedFile.Multi.Generic (1)
16:13:40.0093 5228  [ FF1B04E478694FE92E6D1EC025EAB7FD ] BITS            C:\WINDOWS\system32\qmgr.dll
16:13:40.0296 5228  BITS - ok
16:13:40.0453 5228  [ 2F64EAE8C8864AAA3AE8CE0E58B8CC68 ] BootlogService  D:\_faster\BootLog XP\BootLogService.exe
16:13:40.0875 5228  BootlogService - ok
16:13:41.0062 5228  [ 63D495ED7E4D46B780CB57ACD46B8AC9 ] BootRacerServ  C:\Programme\BootRacer\BootRacerServ.exe
16:13:41.0968 5228  BootRacerServ - ok
16:13:41.0984 5228  [ B2CC8D85D27BF10C5FAF5B98C335978E ] Browser        C:\WINDOWS\System32\browser.dll
16:13:42.0218 5228  Browser - ok
16:13:42.0234 5228  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\Drivers\BrScnUsb.sys
16:13:42.0281 5228  BrScnUsb ( UnsignedFile.Multi.Generic ) - warning
16:13:42.0281 5228  BrScnUsb - detected UnsignedFile.Multi.Generic (1)
16:13:42.0296 5228  [ 29FD9BF519CEE9CFF4F8E0264B136598 ] BWMeterConSvc  D:\_faster\BWMeter\BWMeterConSvc.exe
16:13:42.0390 5228  BWMeterConSvc ( UnsignedFile.Multi.Generic ) - warning
16:13:42.0390 5228  BWMeterConSvc - detected UnsignedFile.Multi.Generic (1)
16:13:42.0609 5228  [ 8E6ACE12CADB0B9E6F1B703798EE913E ] CachemanXPService D:\_faster\CachemanXP\CachemanXP.exe
16:13:42.0781 5228  CachemanXPService ( UnsignedFile.Multi.Generic ) - warning
16:13:42.0781 5228  CachemanXPService - detected UnsignedFile.Multi.Generic (1)
16:13:42.0843 5228  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
16:13:43.0593 5228  cbidf2k - ok
16:13:43.0609 5228  cd20xrnt - ok
16:13:43.0687 5228  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
16:13:43.0875 5228  Cdaudio - ok
16:13:43.0906 5228  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:13:44.0234 5228  Cdfs - ok
16:13:44.0312 5228  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:13:44.0421 5228  Cdrom - ok
16:13:44.0453 5228  [ 81CCDDF83C67BD4F39DE02DD2045AE4E ] cFosSpeed      C:\WINDOWS\system32\DRIVERS\cfosspeed.sys
16:13:44.0937 5228  cFosSpeed - ok
16:13:44.0953 5228  [ 3B746A0F0B5CB78458E5AB4AEC101799 ] cFosSpeedS      C:\Programme\cFosSpeed\spd.exe
16:13:45.0062 5228  cFosSpeedS - ok
16:13:45.0078 5228  Changer - ok
16:13:45.0093 5228  [ 333A88E0227007E2E0677A92057A6D90 ] cleanhlp        C:\Programme\Emsisoft Anti-Malware\cleanhlp32.sys
16:13:45.0156 5228  cleanhlp - ok
16:13:45.0203 5228  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
16:13:45.0671 5228  ClipSrv - ok
16:13:45.0718 5228  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:45.0812 5228  clr_optimization_v2.0.50727_32 - ok
16:13:45.0828 5228  [ 3FB186A7A9728102181334336B364BE5 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:45.0906 5228  clr_optimization_v4.0.30319_32 - ok
16:13:45.0921 5228  CmdIde - ok
16:13:45.0937 5228  COMSysApp - ok
16:13:45.0953 5228  Cpqarray - ok
16:13:45.0953 5228  cpuz126 - ok
16:13:45.0968 5228  cpuz133 - ok
16:13:46.0046 5228  cpuz136 - ok
16:13:46.0062 5228  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:13:46.0453 5228  CryptSvc - ok
16:13:46.0468 5228  dac2w2k - ok
16:13:46.0484 5228  dac960nt - ok
16:13:46.0484 5228  [ B7EF38C2C22A7805DE919CFF5E16A372 ] dc3d            C:\WINDOWS\system32\DRIVERS\dc3d.sys
16:13:46.0546 5228  dc3d - ok
16:13:46.0578 5228  [ D3D765E8455A961AE567B408F767D4F9 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:13:46.0734 5228  DcomLaunch - ok
16:13:46.0921 5228  [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS          D:\_maintenance\Ashampoo HDD Control 2\DfSdkS.exe
16:13:46.0984 5228  DfSdkS ( UnsignedFile.Multi.Generic ) - warning
16:13:46.0984 5228  DfSdkS - detected UnsignedFile.Multi.Generic (1)
16:13:47.0031 5228  [ 820110CFFEE9690D64F67D941DDB7879 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:13:47.0125 5228  Dhcp - ok
16:13:47.0140 5228  [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:13:47.0250 5228  Disk - ok
16:13:47.0250 5228  dmadmin - ok
16:13:47.0281 5228  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:13:47.0656 5228  dmboot - ok
16:13:47.0796 5228  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:13:48.0015 5228  dmio - ok
16:13:48.0046 5228  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:13:48.0234 5228  dmload - ok
16:13:48.0250 5228  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:13:48.0671 5228  dmserver - ok
16:13:48.0906 5228  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:13:49.0234 5228  DMusic - ok
16:13:49.0343 5228  [ 4548494812BA3B416D489E0C6AF8D643 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:13:49.0484 5228  Dnscache - ok
16:13:49.0531 5228  [ E568A4BFA2C23B29A0F41E00F1E92249 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
16:13:49.0640 5228  Dot3svc - ok
16:13:49.0656 5228  dpti2o - ok
16:13:49.0671 5228  [ CCA30A1F8398B46431A03CF6BB0F8789 ] DragonSvc      C:\Programme\Gemeinsame Dateien\Nuance\dgnsvc.exe
16:13:49.0859 5228  DragonSvc - ok
16:13:49.0953 5228  [ 0071F8825D14B16955CD0A0699AB7A6C ] drhard          C:\WINDOWS\system32\drivers\drhard.sys
16:13:50.0015 5228  drhard ( UnsignedFile.Multi.Generic ) - warning
16:13:50.0015 5228  drhard - detected UnsignedFile.Multi.Generic (1)
16:13:50.0062 5228  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
16:13:50.0296 5228  drmkaud - ok
16:13:50.0312 5228  [ 8810CBE07A85CF1998750252A8B1F3C4 ] dsnpfd          C:\WINDOWS\system32\DRIVERS\dsnpfd.sys
16:13:50.0375 5228  dsnpfd ( UnsignedFile.Multi.Generic ) - warning
16:13:50.0375 5228  dsnpfd - detected UnsignedFile.Multi.Generic (1)
16:13:50.0453 5228  [ 8810CBE07A85CF1998750252A8B1F3C4 ] dsnpfdMP        C:\WINDOWS\system32\DRIVERS\dsnpfd.sys
16:13:50.0484 5228  dsnpfdMP ( UnsignedFile.Multi.Generic ) - warning
16:13:50.0484 5228  dsnpfdMP - detected UnsignedFile.Multi.Generic (1)
16:13:50.0515 5228  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost        C:\WINDOWS\System32\eapsvc.dll
16:13:50.0828 5228  EapHost - ok
16:13:50.0984 5228  [ B83BDCCBACB65BAA9E20888DD0083A16 ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:13:51.0046 5228  ElbyCDIO - ok
16:13:51.0062 5228  [ D57F1811D8258D8D277CD9F53657EEF9 ] epmntdrv        C:\WINDOWS\system32\epmntdrv.sys
16:13:51.0156 5228  epmntdrv - ok
16:13:51.0234 5228  [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard      C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys
16:13:51.0312 5228  esgiguard - ok
16:13:51.0328 5228  [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner      C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
16:13:51.0500 5228  EsgScanner - ok
16:13:52.0031 5228  [ F1DE3EEF501DDA7DDF99F2EDF0C5540E ] EuGdiDrv        C:\WINDOWS\system32\EuGdiDrv.sys
16:13:52.0578 5228  EuGdiDrv - ok
16:13:52.0796 5228  [ F0A7D59AF279326528715B206669B86C ] Eventlog        C:\WINDOWS\system32\services.exe
16:13:53.0062 5228  Eventlog - ok
16:13:53.0093 5228  [ ADA7241C16F3F42C7F210539FAD5F3AA ] EventSystem    C:\WINDOWS\system32\es.dll
16:13:53.0640 5228  EventSystem - ok
16:13:53.0671 5228  [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat          C:\WINDOWS\system32\drivers\exFat.sys
16:13:53.0796 5228  exFat - ok
16:13:54.0578 5228  [ 402BE3BC2E9612629CC26314502A7309 ] FancyCcD        C:\WINDOWS\system32\DRIVERS\rxfcd.sys
16:13:54.0875 5228  FancyCcD - ok
16:13:54.0921 5228  [ CD0D94EC608B33C665B43ED24D114B4D ] FancyRd        C:\WINDOWS\system32\DRIVERS\fancyrd.sys
16:13:55.0140 5228  FancyRd - ok
16:13:55.0640 5228  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
16:13:55.0859 5228  Fastfat - ok
16:13:55.0875 5228  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:13:56.0015 5228  FastUserSwitchingCompatibility - ok
16:13:56.0078 5228  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
16:13:56.0546 5228  Fdc - ok
16:13:56.0593 5228  [ F2B9FEF35C5B151FB4A18C1575E5F7FB ] fexservice      D:\_filemanagement\FontExplorer X Pro\FontManagementServices.exe
16:13:56.0687 5228  fexservice - ok
16:13:56.0718 5228  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:13:56.0968 5228  Fips - ok
16:13:57.0093 5228  [ 6EA7BC2CD83A6C170422F8F0D67500DA ] FlashFolder    D:\_improve system\Flashfolder\FlashFolder.exe
16:13:57.0203 5228  FlashFolder ( UnsignedFile.Multi.Generic ) - warning
16:13:57.0203 5228  FlashFolder - detected UnsignedFile.Multi.Generic (1)
16:13:57.0234 5228  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:13:57.0453 5228  Flpydisk - ok
16:13:57.0468 5228  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:13:57.0656 5228  FltMgr - ok
16:13:57.0953 5228  [ E20D64EDF74D80874837B16506D58166 ] fltsrv          C:\WINDOWS\system32\DRIVERS\fltsrv.sys
16:13:58.0046 5228  fltsrv - ok
16:13:58.0078 5228  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:13:58.0156 5228  FontCache3.0.0.0 - ok
16:13:58.0171 5228  [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:13:58.0640 5228  Fs_Rec - ok
16:13:58.0671 5228  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:13:58.0953 5228  Ftdisk - ok
16:13:59.0109 5228  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
16:13:59.0171 5228  giveio ( UnsignedFile.Multi.Generic ) - warning
16:13:59.0171 5228  giveio - detected UnsignedFile.Multi.Generic (1)
16:13:59.0171 5228  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:13:59.0390 5228  Gpc - ok
16:13:59.0406 5228  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
16:13:59.0437 5228  gupdatem - ok
16:13:59.0453 5228  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:13:59.0625 5228  HDAudBus - ok
16:13:59.0828 5228  [ ED44EC68D7F7FFC6659F5DA3C5EC68B3 ] HDDlife HDD Access service C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe
16:14:00.0578 5228  HDDlife HDD Access service - ok
16:14:00.0734 5228  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:14:00.0953 5228  helpsvc - ok
16:14:00.0984 5228  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ        C:\WINDOWS\System32\hidserv.dll
16:14:01.0203 5228  HidServ - ok
16:14:01.0218 5228  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:14:01.0484 5228  hidusb - ok
16:14:01.0578 5228  [ 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 ] hitmanpro37    C:\WINDOWS\system32\drivers\hitmanpro37.sys
16:14:01.0656 5228  hitmanpro37 - ok
16:14:01.0984 5228  [ 0011AC7B83C557D3273A1E093BD46F8E ] HitmanPro37CrusaderBoot C:\Programme\HitmanPro\HitmanPro.exe
16:14:02.0937 5228  HitmanPro37CrusaderBoot - ok
16:14:03.0093 5228  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:14:03.0328 5228  hkmsvc - ok
16:14:03.0343 5228  hpn - ok
16:14:03.0359 5228  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:14:03.0578 5228  HTTP - ok
16:14:03.0625 5228  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:14:03.0875 5228  HTTPFilter - ok
16:14:03.0890 5228  [ DE3FF0AB0C551D7E00E250E81169996A ] HWiNFO32        C:\WINDOWS\system32\drivers\HWiNFO32.SYS
16:14:03.0984 5228  HWiNFO32 - ok
16:14:04.0000 5228  i2omgmt - ok
16:14:04.0015 5228  i2omp - ok
16:14:04.0031 5228  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:14:04.0109 5228  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:14:04.0109 5228  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:14:04.0140 5228  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc          C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:14:04.0265 5228  idsvc - ok
16:14:04.0281 5228  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
16:14:04.0500 5228  Imapi - ok
16:14:04.0546 5228  ini910u - ok
16:14:04.0640 5228  IntelIde - ok
16:14:04.0671 5228  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw          C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:14:04.0843 5228  Ip6Fw - ok
16:14:05.0046 5228  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:14:05.0312 5228  IpFilterDriver - ok
16:14:05.0343 5228  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:14:05.0578 5228  IpInIp - ok
16:14:05.0578 5228  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:14:05.0812 5228  IpNat - ok
16:14:05.0953 5228  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:14:06.0187 5228  IPSec - ok
16:14:06.0203 5228  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:14:06.0343 5228  IRENUM - ok
16:14:06.0359 5228  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:14:06.0781 5228  isapnp - ok
16:14:06.0890 5228  [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] JavaQuickStarterService D:\z_rest\Java 7.25 - 2\bin\jqs.exe
16:14:07.0015 5228  JavaQuickStarterService - ok
16:14:07.0031 5228  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:14:07.0250 5228  Kbdclass - ok
16:14:07.0265 5228  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:14:07.0468 5228  kbdhid - ok
16:14:07.0500 5228  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:14:07.0937 5228  kmixer - ok
16:14:07.0953 5228  [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:14:08.0015 5228  KSecDD - ok
16:14:08.0031 5228  [ 6EFBC82722D0F7B35283993189ECE9D0 ] KSS            C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
16:14:08.0187 5228  KSS - ok
16:14:08.0203 5228  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
16:14:08.0265 5228  LanmanServer - ok
16:14:08.0281 5228  [ C9B816901C1ABF28BA6C5B6CB65EB75B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:14:08.0375 5228  lanmanworkstation - ok
16:14:08.0406 5228  [ CF9F4EFDF34FA5BF96FA2AB8F2255CE8 ] LBeepKE        C:\WINDOWS\system32\Drivers\LBeepKE.sys
16:14:08.0484 5228  LBeepKE - ok
16:14:08.0500 5228  lbrtfdc - ok
16:14:08.0531 5228  [ FF9E074CCC950398C7D293E1D4D003B3 ] LBTServ        C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
16:14:08.0671 5228  LBTServ - ok
16:14:08.0906 5228  [ 59CED2543392EB10B2E8FEAE87A5D248 ] LEqdUsb        C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
16:14:09.0062 5228  LEqdUsb - ok
16:14:09.0093 5228  [ 26163F0F1C2636AE3FFF7C54600204A5 ] LHidEqd        C:\WINDOWS\system32\Drivers\LHidEqd.Sys
16:14:09.0171 5228  LHidEqd - ok
16:14:09.0187 5228  [ 74EA099C3D9DAD3A657BD89ED4A81C6D ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
16:14:09.0250 5228  LHidFilt - ok
16:14:09.0296 5228  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
16:14:09.0468 5228  LmHosts - ok
16:14:09.0562 5228  [ E9D42CDD5BD22BE28247B77953735650 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
16:14:09.0640 5228  LMouFilt - ok
16:14:09.0718 5228  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
16:14:09.0890 5228  mnmdd - ok
16:14:09.0968 5228  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
16:14:10.0125 5228  mnmsrvc - ok
16:14:10.0156 5228  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
16:14:10.0343 5228  Modem - ok
16:14:10.0359 5228  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:14:10.0515 5228  Mouclass - ok
16:14:10.0562 5228  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:14:10.0765 5228  mouhid - ok
16:14:10.0859 5228  [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:14:11.0000 5228  MountMgr - ok
16:14:11.0218 5228  [ 55F756E87B2FF0B2E55D909CF6152FF9 ] MouseWithoutBordersSvc C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe
16:14:11.0343 5228  MouseWithoutBordersSvc - ok
16:14:11.0359 5228  mraid35x - ok
16:14:11.0375 5228  [ 65E818C473E220B6AB762E1966296FD1 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:14:11.0515 5228  MRxDAV - ok
16:14:12.0500 5228  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:14:12.0718 5228  MRxSmb - ok
16:14:12.0875 5228  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
16:14:13.0140 5228  MSDTC - ok
16:14:13.0171 5228  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:14:13.0406 5228  Msfs - ok
16:14:13.0437 5228  MSIServer - ok
16:14:13.0546 5228  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:14:13.0718 5228  MSKSSRV - ok
16:14:13.0734 5228  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:14:13.0906 5228  MSPCLOCK - ok
16:14:13.0953 5228  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
16:14:14.0125 5228  MSPQM - ok
16:14:14.0250 5228  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:14:14.0390 5228  mssmbios - ok
16:14:14.0406 5228  [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401      C:\WINDOWS\system32\drivers\msmpu401.sys
16:14:14.0562 5228  ms_mpu401 - ok
16:14:14.0625 5228  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:14:14.0687 5228  MTsensor - ok
16:14:14.0859 5228  [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
16:14:15.0062 5228  Mup - ok
16:14:15.0218 5228  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:14:15.0515 5228  napagent - ok
16:14:15.0703 5228  [ B5B1080D35974C0E718D64280761BCD5 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:14:15.0796 5228  NDIS - ok
16:14:15.0953 5228  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:14:16.0140 5228  NdisTapi - ok
16:14:16.0156 5228  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:14:16.0406 5228  Ndisuio - ok
16:14:16.0609 5228  [ B053A8411045FD0664B389A090CB2BBC ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:14:16.0671 5228  NdisWan - ok
16:14:16.0859 5228  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
16:14:17.0031 5228  NDProxy - ok
16:14:17.0109 5228  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
16:14:17.0359 5228  NetBIOS - ok
16:14:17.0406 5228  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
16:14:17.0656 5228  NetBT - ok
16:14:17.0703 5228  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:14:17.0890 5228  NetDDE - ok
16:14:17.0921 5228  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:14:18.0109 5228  NetDDEdsdm - ok
16:14:18.0125 5228  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:14:18.0593 5228  Netlogon - ok
16:14:18.0671 5228  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
16:14:18.0890 5228  Netman - ok
16:14:18.0984 5228  [ DFE18F2BFD60DA638F24A0776A60F9E3 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:14:19.0109 5228  NetTcpPortSharing - ok
16:14:19.0125 5228  [ 4AA50627B01C0E9C6B4C6BD3AF648F12 ] Nla            C:\WINDOWS\System32\mswsock.dll
16:14:19.0359 5228  Nla - ok
16:14:19.0453 5228  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:14:19.0656 5228  Npfs - ok
16:14:20.0203 5228  [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:14:20.0625 5228  Ntfs - ok
16:14:20.0703 5228  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
16:14:20.0906 5228  NtLmSsp - ok
16:14:20.0921 5228  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
16:14:21.0109 5228  NtmsSvc - ok
16:14:21.0125 5228  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:14:21.0296 5228  Null - ok
16:14:21.0609 5228  [ A613A14FB4D9117F42A3A280F64E9EC4 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:14:22.0859 5228  nv - ok
16:14:22.0937 5228  [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata          C:\WINDOWS\system32\DRIVERS\nvata.sys
16:14:23.0093 5228  nvata ( UnsignedFile.Multi.Generic ) - warning
16:14:23.0093 5228  nvata - detected UnsignedFile.Multi.Generic (1)
16:14:23.0390 5228  [ FB8595EF3CEB81F0DA3F6F211B2DF932 ] nvax            C:\WINDOWS\system32\drivers\nvax.sys
16:14:23.0531 5228  nvax - ok
16:14:23.0640 5228  [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:14:23.0875 5228  NVENETFD - ok
16:14:23.0890 5228  [ 75E2E77C5497F34E60491D27BF03F1CB ] nvgts          C:\WINDOWS\system32\DRIVERS\nvgts.sys
16:14:24.0234 5228  nvgts - ok
16:14:24.0312 5228  [ EDDE04805AC865AC8465388DC4A4CCC7 ] NVHDA          C:\WINDOWS\system32\drivers\nvhda32.sys
16:14:24.0406 5228  NVHDA - ok
16:14:24.0421 5228  [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:14:24.0765 5228  nvnetbus - ok
16:14:25.0031 5228  [ D2315CD3053FC3B4250DC2DBD0AC49E4 ] nvnforce        C:\WINDOWS\system32\drivers\nvapu.sys
16:14:25.0250 5228  nvnforce - ok
16:14:25.0296 5228  [ F1AE0BC50661BE09E7BC5919F4C05505 ] NVSvc          C:\WINDOWS\system32\nvsvc32.exe
16:14:25.0359 5228  NVSvc - ok
16:14:25.0796 5228  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:14:26.0078 5228  nvUpdatusService - ok
16:14:26.0109 5228  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:14:26.0593 5228  NwlnkFlt - ok
16:14:27.0421 5228  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:14:27.0734 5228  NwlnkFwd - ok
16:14:27.0812 5228  [ 3BBBC02D84AC98AF93F2F4D00EC347F0 ] O&O CleverCache D:\_faster\OO CleverCache\ooccag.exe
16:14:27.0968 5228  O&O CleverCache - ok
16:14:28.0140 5228  [ FD85186C9F1ABE012DDF44C233552129 ] OS Selector    D:\_maintenance\Acronis ADD 11\OSS\reinstall_svc.exe
16:14:28.0687 5228  OS Selector - ok
16:14:28.0812 5228  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
16:14:29.0156 5228  ose - ok
16:14:29.0984 5228  [ F84785660305B9B903FB3BCA8BA29837 ] Parport        C:\WINDOWS\system32\drivers\Parport.sys
16:14:30.0468 5228  Parport - ok
16:14:30.0796 5228  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
16:14:31.0015 5228  PartMgr - ok
16:14:31.0312 5228  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:14:31.0890 5228  ParVdm - ok
16:14:32.0031 5228  pccsmcfd - ok
16:14:32.0062 5228  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
16:14:33.0000 5228  PCI - ok
16:14:33.0250 5228  PCIDump - ok
16:14:33.0281 5228  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:14:33.0562 5228  PCIIde - ok
16:14:34.0062 5228  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:14:34.0453 5228  Pcmcia - ok
16:14:34.0531 5228  PDCOMP - ok
16:14:34.0562 5228  [ 5BC43398DD26836739C4C030767031B7 ] PDFProFiltSrvPP D:\Programme\Nuance Paperport 14\PaperPort\PDFProFiltSrvPP.exe
16:14:34.0625 5228  PDFProFiltSrvPP - ok
16:14:34.0656 5228  PDFRAME - ok
16:14:34.0671 5228  PDRELI - ok
16:14:34.0687 5228  PDRFRAME - ok
16:14:34.0703 5228  perc2 - ok
16:14:34.0718 5228  perc2hib - ok
16:14:35.0468 5228  [ F0A7D59AF279326528715B206669B86C ] PlugPlay        C:\WINDOWS\system32\services.exe
16:14:35.0562 5228  PlugPlay - ok
16:14:35.0953 5228  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
16:14:36.0250 5228  PolicyAgent - ok
16:14:36.0281 5228  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:14:36.0453 5228  PptpMiniport - ok
16:14:36.0859 5228  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor      C:\WINDOWS\system32\DRIVERS\processr.sys
16:14:37.0265 5228  Processor - ok
16:14:37.0359 5228  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:14:38.0015 5228  PSched - ok
16:14:38.0390 5228  [ 68B57D7C11277EA89F78255480376B4D ] PSI            C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys
16:14:38.0468 5228  PSI - ok
16:14:38.0656 5228  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:14:38.0828 5228  Ptilink - ok
16:14:38.0968 5228  ql1080 - ok
16:14:38.0984 5228  Ql10wnt - ok
16:14:39.0000 5228  ql12160 - ok
16:14:39.0015 5228  ql1240 - ok
16:14:39.0031 5228  ql1280 - ok
16:14:39.0046 5228  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:14:39.0296 5228  RasAcd - ok
16:14:39.0734 5228  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
16:14:39.0968 5228  RasAuto - ok
16:14:40.0109 5228  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:14:40.0343 5228  Rasl2tp - ok
16:14:40.0859 5228  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:14:41.0343 5228  RasMan - ok
16:14:41.0640 5228  [ 2C9D4620A0FD35DE1828370B392F6E2D ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:14:41.0718 5228  RasPppoe - ok
16:14:41.0796 5228  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:14:42.0031 5228  Raspti - ok
16:14:43.0265 5228  [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:14:44.0062 5228  Rdbss - ok
16:14:44.0406 5228  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:14:44.0562 5228  RDPCDD - ok
16:14:44.0609 5228  [ C694A927EB7C354F7AE97955043A9641 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:14:44.0765 5228  rdpdr - ok
16:14:45.0281 5228  [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
16:14:45.0375 5228  RDPWD - ok
16:14:46.0890 5228  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
16:14:47.0593 5228  RDSessMgr - ok
16:14:48.0062 5228  [ ED761D453856F795A7FE056E42C36365 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
16:14:48.0703 5228  redbook - ok
16:14:48.0750 5228  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:14:50.0281 5228  RemoteAccess - ok
16:14:50.0593 5228  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
16:14:51.0031 5228  RemoteRegistry - ok
16:14:52.0265 5228  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM      C:\WINDOWS\system32\Drivers\RootMdm.sys
16:14:52.0750 5228  ROOTMODEM - ok
16:14:52.0953 5228  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:14:53.0125 5228  RpcLocator - ok
16:14:53.0343 5228  [ D3D765E8455A961AE567B408F767D4F9 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
16:14:53.0500 5228  RpcSs - ok
16:14:53.0593 5228  [ 743D7D59767073A617B1DCC6C546F234 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
16:14:53.0781 5228  rspndr - ok
16:14:53.0968 5228  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:14:54.0078 5228  RSVP - ok
16:14:54.0500 5228  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs          C:\WINDOWS\system32\lsass.exe
16:14:54.0734 5228  SamSs - ok
16:14:54.0781 5228  [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA          D:\_info\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys
16:14:54.0906 5228  SANDRA - ok
16:14:55.0421 5228  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:14:55.0640 5228  SCardSvr - ok
16:14:55.0765 5228  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:14:55.0984 5228  Schedule - ok
16:14:56.0171 5228  [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService D:\_security\Spybot - Search & Destroy 2\SDFSSvc.exe
16:14:56.0437 5228  SDScannerService - ok
16:14:56.0890 5228  [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService D:\_security\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:14:57.0109 5228  SDUpdateService - ok
16:14:57.0171 5228  [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService    D:\_security\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:14:57.0406 5228  SDWSCService - ok
16:14:57.0453 5228  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:14:57.0703 5228  Secdrv - ok
16:14:57.0921 5228  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:14:58.0171 5228  seclogon - ok
16:14:58.0687 5228  [ 86C9FD4982D0BEAEDF0C8BBF02AA148B ] Secunia PSI Agent D:\_security\PSI 2.x\PSIA.exe
16:14:58.0968 5228  Secunia PSI Agent - ok
16:14:59.0031 5228  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
16:14:59.0234 5228  SENS - ok
16:14:59.0437 5228  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
16:14:59.0671 5228  Serial - ok
16:14:59.0812 5228  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
16:15:00.0015 5228  Sfloppy - ok
16:15:00.0062 5228  [ 65746507B64818A0DBAF7607C0D07C54 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:15:00.0156 5228  SharedAccess - ok
16:15:00.0359 5228  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:15:00.0484 5228  ShellHWDetection - ok
16:15:00.0593 5228  Simbad - ok
16:15:00.0625 5228  [ 43DC393F21345B6DE59517BD27E2B10F ] SIVDriver      C:\WINDOWS\system32\Drivers\SIVX32.sys
16:15:00.0687 5228  SIVDriver - ok
16:15:00.0750 5228  [ 851310C1B742D2DF2D334603836FFDF5 ] snapman        C:\WINDOWS\system32\DRIVERS\snapman.sys
16:15:00.0812 5228  snapman - ok
16:15:00.0937 5228  [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto          C:\WINDOWS\system32\DRIVERS\Soluto.sys
16:15:01.0015 5228  Soluto - ok
16:15:01.0046 5228  [ 64853507E75D5DCA9F2CD5BEDD672A3D ] SolutoLauncherService C:\Programme\Soluto\SolutoLauncherService.exe
16:15:01.0203 5228  SolutoLauncherService - ok
16:15:01.0281 5228  SolutoRemoteService - ok
16:15:01.0375 5228  [ 350BA5FDCE5D9C6BEE0312955D0DE1C8 ] SolutoService  C:\Programme\Soluto\SolutoService.exe
16:15:01.0578 5228  SolutoService - ok
16:15:01.0593 5228  Sparrow - ok
16:15:01.0609 5228  [ DC8D2952FB6FFBAEC67BD1B93A34DF11 ] speedfan        C:\WINDOWS\system32\speedfan.sys
16:15:01.0671 5228  speedfan - ok
16:15:01.0687 5228  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:15:01.0843 5228  splitter - ok
16:15:01.0953 5228  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
16:15:02.0015 5228  Spooler - ok
16:15:02.0125 5228  [ 8494B173DD812F7F6A87F2385E444B18 ] SpyHunter 4 Service C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe
16:15:02.0375 5228  SpyHunter 4 Service - ok
16:15:02.0484 5228  [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2      C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
16:15:02.0531 5228  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
16:15:02.0531 5228  sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
16:15:02.0562 5228  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:15:02.0718 5228  sr - ok
16:15:02.0734 5228  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice      C:\WINDOWS\system32\srsvc.dll
16:15:02.0843 5228  srservice - ok
16:15:02.0859 5228  [ 9B390283569EA58D43D2586032B892F5 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
16:15:02.0953 5228  Srv - ok
16:15:03.0046 5228  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
16:15:03.0171 5228  SSDPSRV - ok
16:15:03.0218 5228  [ 9CB7C63FD9D5AE484E318F9296279C52 ] ST2012_Svc      C:\Programme\Spyware Terminator\st_rsser.exe
16:15:03.0484 5228  ST2012_Svc - ok
16:15:03.0593 5228  [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
16:15:03.0656 5228  StarOpen ( UnsignedFile.Multi.Generic ) - warning
16:15:03.0656 5228  StarOpen - detected UnsignedFile.Multi.Generic (1)
16:15:03.0703 5228  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:15:03.0953 5228  stisvc - ok
16:15:03.0984 5228  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:15:04.0218 5228  swenum - ok
16:15:04.0250 5228  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:15:04.0437 5228  swmidi - ok
16:15:04.0500 5228  SwPrv - ok
16:15:04.0515 5228  symc810 - ok
16:15:04.0531 5228  symc8xx - ok
16:15:04.0546 5228  sym_hi - ok
16:15:04.0562 5228  sym_u3 - ok
16:15:04.0796 5228  [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv    C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
16:15:05.0562 5228  syncagentsrv - ok
16:15:05.0625 5228  [ EF13D05B6F4C629D7A6D3E9B94F10E99 ] Synergy        D:\_improve system\Synergy\synergyd.exe
16:15:05.0703 5228  Synergy - ok
16:15:05.0734 5228  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:15:05.0921 5228  sysaudio - ok
16:15:06.0000 5228  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
16:15:06.0171 5228  SysmonLog - ok
16:15:06.0296 5228  [ 7EAEF49D206899909EB63014FC8DC19A ] SystemExplorerHelpService D:\_improve system\System Explorer\service\SystemExplorerService.exe
16:15:06.0625 5228  SystemExplorerHelpService - ok
16:15:06.0812 5228  [ 5C7C939BBD03784FE58C80578D065CC9 ] tap0901        C:\WINDOWS\system32\DRIVERS\tap0901.sys
16:15:06.0906 5228  tap0901 ( UnsignedFile.Multi.Generic ) - warning
16:15:06.0906 5228  tap0901 - detected UnsignedFile.Multi.Generic (1)
16:15:07.0140 5228  [ 6C02B5D856674ECCCE64CE8BB8DCE8D9 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
16:15:07.0218 5228  TapiSrv - ok
16:15:07.0312 5228  [ AD978A1B783B5719720CFF204B666C8E ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:15:07.0468 5228  Tcpip - ok
16:15:07.0546 5228  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:15:07.0718 5228  TDPIPE - ok
16:15:07.0859 5228  [ 6345E3829FD130A144454F9F5C2A3B9E ] tdrpman        C:\WINDOWS\system32\DRIVERS\tdrpman.sys
16:15:08.0015 5228  tdrpman - ok
16:15:08.0062 5228  [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
16:15:08.0156 5228  TDTCP - ok
16:15:08.0390 5228  [ 402794A75A899E296AB3EDEC4ECCB9A8 ] TeamViewer8    C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
16:15:09.0625 5228  TeamViewer8 - ok
16:15:09.0640 5228  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:15:09.0796 5228  TermDD - ok
16:15:09.0937 5228  [ 3AE5A27A6A16640BE3FC015DF4DB68DE ] TermService    C:\WINDOWS\System32\termsrv.dll
16:15:10.0031 5228  TermService - ok
16:15:10.0062 5228  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:15:10.0156 5228  Themes - ok
16:15:10.0187 5228  [ A8C31102F448231596168FFC9F568B9A ] tib_mounter    C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
16:15:10.0359 5228  tib_mounter - ok
16:15:10.0406 5228  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
16:15:10.0531 5228  TlntSvr - ok
16:15:10.0546 5228  [ A31246180E61140AD7FF9DD7EDF1F6A1 ] tmcomm          C:\WINDOWS\system32\drivers\tmcomm.sys
16:15:10.0671 5228  tmcomm - ok
16:15:10.0781 5228  TosIde - ok
16:15:10.0828 5228  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:15:11.0078 5228  TrkWks - ok
16:15:11.0187 5228  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:15:11.0375 5228  Udfs - ok
16:15:11.0546 5228  [ 048835A65968E9EA872130AEAA727DED ] uigxrdr        C:\WINDOWS\system32\DRIVERS\uigxrdr.sys
16:15:12.0265 5228  uigxrdr ( UnsignedFile.Multi.Generic ) - warning
16:15:12.0265 5228  uigxrdr - detected UnsignedFile.Multi.Generic (1)
16:15:12.0312 5228  ultra - ok
16:15:12.0343 5228  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 D:\_filemanagement\Unlocker\UnlockerDriver5.sys
16:15:12.0781 5228  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
16:15:12.0781 5228  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
16:15:12.0828 5228  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:15:13.0156 5228  Update - ok
16:15:13.0265 5228  [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean        D:\_maintenance\UPHClean\uphclean.exe
16:15:13.0765 5228  UPHClean ( UnsignedFile.Multi.Generic ) - warning
16:15:13.0765 5228  UPHClean - detected UnsignedFile.Multi.Generic (1)
16:15:13.0812 5228  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:15:14.0234 5228  upnphost - ok
16:15:14.0296 5228  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS            C:\WINDOWS\System32\ups.exe
16:15:14.0812 5228  UPS - ok
16:15:14.0828 5228  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
16:15:15.0406 5228  usbaudio - ok
16:15:15.0421 5228  [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:15:15.0609 5228  usbccgp - ok
16:15:15.0640 5228  [ 52674B5DBEE499342A599C7771ABECAA ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:15:15.0703 5228  usbehci - ok
16:15:15.0781 5228  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:15:16.0171 5228  usbhub - ok
16:15:16.0312 5228  [ C5E11CD822ADF0019A5A862D9C4E2222 ] usbohci        C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:15:16.0859 5228  usbohci - ok
16:15:18.0031 5228  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:15:18.0250 5228  usbprint - ok
16:15:18.0468 5228  [ 1D8BA46A4F57234597DAA834FDDBFB84 ] USBSafelyRemoveService D:\_improve system\USB Safely Remove 5.1.2\USBSRService.exe
16:15:19.0421 5228  USBSafelyRemoveService - ok
16:15:19.0687 5228  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:15:20.0187 5228  usbscan - ok
16:15:20.0640 5228  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:15:21.0000 5228  USBSTOR - ok
16:15:21.0171 5228  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:15:21.0390 5228  usbuhci - ok
16:15:21.0546 5228  [ 200847985E963EA9634C1B81A21A4DA6 ] VBoxDrv        C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
16:15:21.0656 5228  VBoxDrv - ok
16:15:21.0890 5228  [ 2A29B5D722D6B7F688507393E5D4166B ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
16:15:22.0046 5228  VBoxNetAdp - ok
16:15:22.0140 5228  [ 40458859BA17FC8ACBFEB65A967363E4 ] VBoxNetFlt      C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
16:15:22.0781 5228  VBoxNetFlt - ok
16:15:23.0062 5228  [ A714B5E3AF7F9C54D6D4F4C1F3DD574A ] VBoxUSB        C:\WINDOWS\system32\Drivers\VBoxUSB.sys
16:15:23.0687 5228  VBoxUSB - ok
16:15:23.0921 5228  [ E973E67E29344A198FB17351C5CD9320 ] VBoxUSBMon      C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
16:15:24.0109 5228  VBoxUSBMon - ok
16:15:24.0125 5228  [ B252DD05C8B1D64239EE8A93C4BC5AD4 ] VClone          C:\WINDOWS\system32\DRIVERS\VClone.sys
16:15:24.0171 5228  VClone ( UnsignedFile.Multi.Generic ) - warning
16:15:24.0171 5228  VClone - detected UnsignedFile.Multi.Generic (1)
16:15:24.0203 5228  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
16:15:24.0375 5228  VgaSave - ok
16:15:24.0390 5228  ViaIde - ok
16:15:24.0484 5228  [ 26B75DCB58B006867EFD659E845CD65E ] vididr          C:\WINDOWS\system32\DRIVERS\vididr.sys
16:15:24.0718 5228  vididr - ok
16:15:24.0765 5228  [ 40AFA68F81F90636D1300099E9CFC8CE ] vidsflt        C:\WINDOWS\system32\DRIVERS\vidsflt.sys
16:15:24.0859 5228  vidsflt - ok
16:15:24.0921 5228  [ F714D4F456A6B91212966B3CA19F720C ] vkservice      D:\_security\VirusKeeper 2011 Pro Probeversion\vk_service.exe
16:15:25.0234 5228  vkservice - ok
16:15:25.0531 5228  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
16:15:25.0875 5228  VolSnap - ok
16:15:26.0343 5228  [ 68F106273BE29E7B7EF8266977268E78 ] VSS            C:\WINDOWS\System32\vssvc.exe
16:15:26.0453 5228  VSS - ok
16:15:26.0531 5228  [ C0F55CC0903CFDC819F6D857402B697C ] vulfnths        C:\WINDOWS\System32\Drivers\vulfnth.sys
16:15:26.0656 5228  vulfnths ( UnsignedFile.Multi.Generic ) - warning
16:15:26.0656 5228  vulfnths - detected UnsignedFile.Multi.Generic (1)
16:15:27.0046 5228  [ 545D98A7F61AF1C7C4AD38B8F333E0B7 ] vulfntrs        C:\WINDOWS\System32\Drivers\vulfntr.sys
16:15:27.0140 5228  vulfntrs ( UnsignedFile.Multi.Generic ) - warning
16:15:27.0140 5228  vulfntrs - detected UnsignedFile.Multi.Generic (1)
16:15:27.0343 5228  [ E2E2D6B1C3BA607E297C26139CB4AA58 ] W32Time        C:\WINDOWS\system32\w32time.dll
16:15:27.0437 5228  W32Time - ok
16:15:27.0500 5228  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:15:27.0718 5228  Wanarp - ok
16:15:28.0000 5228  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
16:15:28.0296 5228  Wdf01000 - ok
16:15:28.0859 5228  WDICA - ok
16:15:28.0875 5228  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:15:29.0234 5228  wdmaud - ok
16:15:29.0593 5228  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient      C:\WINDOWS\System32\webclnt.dll
16:15:29.0812 5228  WebClient - ok
16:15:29.0875 5228  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
16:15:30.0046 5228  winmgmt - ok
16:15:30.0421 5228  [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM          C:\WINDOWS\system32\WsmSvc.dll
16:15:30.0656 5228  WinRM - ok
16:15:30.0718 5228  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:15:30.0843 5228  WinUSB - ok
16:15:30.0906 5228  [ A7C993F86BE5AF035DE06DF9160D7008 ] WiseBootAssistant D:\_tweak\Wise Care 365\BootTime.exe
16:15:31.0078 5228  WiseBootAssistant - ok
16:15:31.0203 5228  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
16:15:31.0312 5228  WmdmPmSN - ok
16:15:31.0390 5228  [ 54F2088EF92BA975E3147C417EE0E0C3 ] Wmi            C:\WINDOWS\System32\advapi32.dll
16:15:31.0578 5228  Wmi - ok
16:15:31.0609 5228  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:15:31.0968 5228  WmiApSrv - ok
16:15:32.0015 5228  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc  C:\Programme\Windows Media Player\WMPNetwk.exe
16:15:32.0125 5228  WMPNetworkSvc - ok
16:15:32.0156 5228  [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm      D:\_hardware\Zune - Nokia 800\WMZuneComm.exe
16:15:32.0296 5228  WMZuneComm - ok
16:15:33.0125 5228  [ 120F3B596F79FC990B7D808857A8B3BC ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:15:33.0265 5228  WPFFontCache_v0400 - ok
16:15:33.0312 5228  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:15:33.0468 5228  wscsvc - ok
16:15:33.0703 5228  [ AAE1A6FFBA2B0436E91795120F48C461 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:15:33.0812 5228  wuauserv - ok
16:15:34.0359 5228  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:15:34.0421 5228  WudfPf - ok
16:15:34.0468 5228  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:15:34.0546 5228  WudfRd - ok
16:15:34.0609 5228  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc        C:\WINDOWS\System32\WUDFSvc.dll
16:15:34.0687 5228  WudfSvc - ok
16:15:34.0843 5228  [ DEE347DC347C633AA04E2FDA8AF332CC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:15:35.0093 5228  WZCSVC - ok
16:15:35.0109 5228  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
16:15:35.0343 5228  xmlprov - ok
16:15:35.0375 5228  [ 87F126D0F8DC176B282924DF0417075E ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
16:15:35.0468 5228  yukonwxp - ok
16:15:35.0531 5228  [ AE279CD76B38FC079EEC3CA6D65A5926 ] zumbus          C:\WINDOWS\system32\DRIVERS\zumbus.sys
16:15:35.0625 5228  zumbus - ok
16:15:35.0843 5228  [ 37F339B64F19E2775284ED7161B96683 ] ZuneBusEnum    D:\_hardware\Zune - Nokia 800\ZuneBusEnum.exe
16:15:35.0921 5228  ZuneBusEnum - ok
16:15:36.0125 5228  [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc  D:\_hardware\Zune - Nokia 800\ZuneNss.exe
16:15:37.0375 5228  ZuneNetworkSvc - ok
16:15:38.0000 5228  [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc  D:\_hardware\Zune - Nokia 800\ZuneWlanCfgSvc.exe
16:15:38.0218 5228  ZuneWlanCfgSvc - ok
16:15:38.0343 5228  ================ Scan global ===============================
16:15:38.0390 5228  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
16:15:38.0406 5228  [ 935B583E1E780BDB75718EAFD9667366 ] C:\WINDOWS\system32\winsrv.dll
16:15:38.0421 5228  [ 935B583E1E780BDB75718EAFD9667366 ] C:\WINDOWS\system32\winsrv.dll
16:15:38.0562 5228  [ F0A7D59AF279326528715B206669B86C ] C:\WINDOWS\system32\services.exe
16:15:38.0578 5228  [Global] - ok
16:15:38.0765 5228  ================ Scan MBR ==================================
16:15:38.0812 5228  [ 3E4114A2BACAE892982C85C4DD4DEB37 ] \Device\Harddisk1\DR1
16:15:39.0453 5228  \Device\Harddisk1\DR1 - ok
16:15:39.0453 5228  [ 8726B7B9EF886270DBDDBBDA1C4F3288 ] \Device\Harddisk2\DR2
16:15:39.0562 5228  \Device\Harddisk2\DR2 - ok
16:15:39.0609 5228  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk3\DR3
16:15:40.0140 5228  \Device\Harddisk3\DR3 - ok
16:15:40.0171 5228  [ A6E521BDA384C6B28CA63A1F6BC15630 ] \Device\Harddisk4\DR16
16:15:41.0078 5228  \Device\Harddisk4\DR16 - ok
16:15:41.0312 5228  [ 4E800BC56057CADF2FCDFC8F093595DC ] \Device\Harddisk5\DR18
16:15:41.0437 5228  \Device\Harddisk5\DR18 - ok
16:15:41.0437 5228  ================ Scan VBR ==================================
16:15:41.0484 5228  [ 5F37297695F57CB0DCA4AA92421774F1 ] \Device\Harddisk1\DR1\Partition1
16:15:41.0484 5228  \Device\Harddisk1\DR1\Partition1 - ok
16:15:41.0531 5228  [ DECB7FCF2A7FB4EE1AD70905ABEB803F ] \Device\Harddisk2\DR2\Partition1
16:15:41.0531 5228  \Device\Harddisk2\DR2\Partition1 - ok
16:15:41.0578 5228  [ A1E9F76B1DEF1B25A58EB8F8E39E2FF1 ] \Device\Harddisk2\DR2\Partition2
16:15:41.0593 5228  \Device\Harddisk2\DR2\Partition2 - ok
16:15:41.0625 5228  [ ACF26D8E903C6D0E7DE674C7C95CB536 ] \Device\Harddisk2\DR2\Partition3
16:15:41.0625 5228  \Device\Harddisk2\DR2\Partition3 - ok
16:15:41.0625 5228  [ E9D00B83F72052EEBD7085319B2809C9 ] \Device\Harddisk2\DR2\Partition4
16:15:41.0640 5228  \Device\Harddisk2\DR2\Partition4 - ok
16:15:41.0671 5228  [ 69BBF11388EEC996391A7EF5C88F00D4 ] \Device\Harddisk3\DR3\Partition1
16:15:41.0687 5228  \Device\Harddisk3\DR3\Partition1 - ok
16:15:41.0687 5228  [ 1BCE5FAD044C85E69B9A2A0DA894A510 ] \Device\Harddisk3\DR3\Partition2
16:15:41.0687 5228  \Device\Harddisk3\DR3\Partition2 - ok
16:15:41.0718 5228  [ 857215B03D76075F3480FAB465BC1BF6 ] \Device\Harddisk4\DR16\Partition1
16:15:41.0734 5228  \Device\Harddisk4\DR16\Partition1 - ok
16:15:41.0765 5228  [ 01DBB0202DBD4285C00DF65596BBDFFE ] \Device\Harddisk5\DR18\Partition1
16:15:41.0781 5228  \Device\Harddisk5\DR18\Partition1 - ok
16:15:41.0843 5228  ============================================================
16:15:41.0843 5228  Scan finished
16:15:41.0843 5228  ============================================================
16:15:42.0078 6128  Detected object count: 22
16:15:42.0078 6128  Actual detected object count: 22
16:16:04.0890 6128  Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0890 6128  Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0890 6128  BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0890 6128  BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0890 6128  BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0890 6128  BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0906 6128  BWMeterConSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0906 6128  BWMeterConSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0937 6128  CachemanXPService ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0937 6128  CachemanXPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0937 6128  DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0937 6128  DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0953 6128  drhard ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0953 6128  drhard ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0953 6128  dsnpfd ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0953 6128  dsnpfd ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0953 6128  dsnpfdMP ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0953 6128  dsnpfdMP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0968 6128  FlashFolder ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0968 6128  FlashFolder ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0968 6128  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0968 6128  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0984 6128  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0984 6128  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0984 6128  nvata ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0984 6128  nvata ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:04.0984 6128  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:04.0984 6128  sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0000 6128  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0000 6128  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0000 6128  tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0000 6128  tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0000 6128  uigxrdr ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0000 6128  uigxrdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0000 6128  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0000 6128  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0015 6128  UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0015 6128  UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0031 6128  VClone ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0031 6128  VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0031 6128  vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0031 6128  vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:05.0031 6128  vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:05.0031 6128  vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip
=======================

GMER: braucht auch ewig, kommt noch


aswMBR.exe Download dauert noch 50 Minuten, kommt später....


Vielen herzlichen Dank fürs Lesen und Antworten!

Elmar

cosinus 29.07.2013 14:52
Hallo und :hallo:

Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!

Zitat:
Zitat von Larusso (Beitrag 614538)
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke :daumenhoc




Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Eule69 29.07.2013 15:24
Und nochn Scan, weoiße nicht von wem:

Code:
QuickScan 32-bit v0.9.9.131
---------------------------
Überprüfungsdatum:  Mon Jul 29 15:25:18 2013
Computer ID: C87F518A

Keine Infizierungen gefunden.
-----------------------------


Prozesse
--------
(unsigniert) aborange Scheduler                      3432    D:\_improve system\aborange Scheduler\aboScheduler.exe
(unsigniert) allSnap                                  2820    Q:\_easywork\allsnap150beta\allsnap.exe
(unsigniert) CachemanXP - controls File Cache and re  896    D:\_faster\CachemanXP\CachemanXP.exe
(unsigniert) Everything                              1044    R:\_easywork\Everything\Everything.exe
(unsigniert) FreePDF_Assistant                        4908    C:\Programme\FreePDF_XP\fpassist.exe
(unsigniert) HijackThis                                628    E:\_ dropbox _\Dropbox\_ install new\__new\HiJackThis204.exe
(unsigniert) Launchy.exe                              3188    C:\Programme\Launchy\Launchy.exe
(unsigniert) MultiMon Application                    3952    D:\_improve system\MMTaskbar 3.0\MultiMon.exe
(unsigniert) TweakRAM                                2960    C:\Programme\TweakRAM\TweakRAM.exe
(unsigniert) WebTemp                                  2776    C:\Programme\WebTemp\WebTemp.exe
(unsigniert) WindowManager                            2052    D:\_improve system\WindowManager\WindowManager.exe
(unsigniert) WinSplit Revolution                      3176    Q:\_easywork\WinSplit Revolution\WinSplit.exe
(unsigniert) WinSplit Revolution                      2900    Q:\_easywork\WinSplit Revolution\WinSplitDrvr32.exe

(verifiziert) Acronis Scheduler 2                      700    C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(verifiziert) Acronis Scheduler Helper                5580    C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
(verifiziert) Acronis Sync Agent                      2264    C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
(verifiziert) Acronis Tib Mounter                      5132    C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe
(verifiziert) AnVir Task Manager Pro                  2108    Q:\_system improve\Anvir TaskManager Pro\AnVir.exe
(verifiziert) ArchiCrypt Ultimate RAM-Disk              844    C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.exe
(verifiziert) AutoHotkey                              2560    D:\_easywork\activeaid\AutoHotkey\AutoHotkey.exe
(verifiziert) Avira DE-Cleaner                        5332    R:\z_temp\decleaner\decleaner\setup\decleaner.exe
(verifiziert) Betriebssystem Microsoft® Windows®      4296    C:\WINDOWS\explorer.exe
(verifiziert) Betriebssystem Microsoft® Windows®      3444    C:\WINDOWS\explorer.exe
(verifiziert) Betriebssystem Microsoft® Windows®      2780    C:\WINDOWS\system32\mmc.exe
(verifiziert) Betriebssystem Microsoft® Windows®      3232    C:\WINDOWS\system32\rundll32.exe
(verifiziert) Betriebssystem Microsoft® Windows®      1476    C:\WINDOWS\system32\services.exe
(verifiziert) Betriebssystem Microsoft® Windows®      1012    C:\WINDOWS\system32\smss.exe
(verifiziert) Betriebssystem Microsoft® Windows®      1716    C:\WINDOWS\system32\taskmgr.exe
(verifiziert) Betriebssystem Microsoft® Windows®      1412    C:\WINDOWS\system32\winlogon.exe
(verifiziert) CKeysCm.exe                              2364    D:\_easywork\ComfortKeys\CKeysCm.exe
(verifiziert) Comfort Keys Pro                        1660    D:\_easywork\ComfortKeys\CKeys.exe
(verifiziert) CPUID Hardware Monitor                  2940    C:\Programme\WebTemp\HWMonitor32.exe
(verifiziert) DE-Cleaner powered by Avira              4992    R:\z_temp\decleaner\avwebloader.exe
(verifiziert) DE-Cleaner powered by Avira              4736    R:\z_temp\decleaner\decleaner\setup\avscan.exe
(verifiziert) DeskSave.exe                            2788    D:\_backup\Desksave821\DeskSave.exe
(verifiziert) Dropbox                                  4644    C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(verifiziert) Emsisoft Anti-Malware                    4372    C:\Programme\Emsisoft Anti-Malware\a2guard.exe
(verifiziert) Emsisoft Anti-Malware                    6032    C:\Programme\Emsisoft Anti-Malware\a2service.exe
(verifiziert) Emsisoft Anti-Malware                    3804    C:\Programme\Emsisoft Anti-Malware\a2start.exe
(verifiziert) Extensions for Windows                  2252    D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe
(verifiziert) FlashFolder                              1392    D:\_improve system\Flashfolder\FlashFolder.exe
(verifiziert) Google Chrome                            5720    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            1684    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            1728    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            4016    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            2892    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            5120    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            5004    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            2808    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            5000    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            5196    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            2768    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            4888    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            4852    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            4768    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            4680    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            3600    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome                            5880    R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(verifiziert) Google Chrome Portable                  3628    R:\GoogleChromePortable 28 final\GoogleChromePortable.exe
(verifiziert) Microsoft IntelliType Pro                2280    C:\Programme\Microsoft IntelliType Pro\itype.exe
(verifiziert) Microsoft Office 2003                    5572    R:\Office 2003\OFFICE11\WINWORD.EXE
(verifiziert) Microsoft® Windows® Operating System    2236    C:\WINDOWS\system32\alg.exe
(verifiziert) Microsoft® Windows® Operating System    1380    C:\WINDOWS\system32\csrss.exe
(verifiziert) Microsoft® Windows® Operating System    2004    C:\WINDOWS\system32\locator.exe
(verifiziert) Microsoft® Windows® Operating System    1500    C:\WINDOWS\system32\lsass.exe
(verifiziert) Microsoft® Windows® Operating System      572    C:\WINDOWS\system32\spoolsv.exe
(verifiziert) Microsoft® Windows® Operating System    1880    C:\WINDOWS\system32\svchost.exe
(verifiziert) Microsoft® Windows® Operating System    1840    C:\WINDOWS\system32\svchost.exe
(verifiziert) Microsoft® Windows® Operating System    1052    C:\WINDOWS\system32\svchost.exe
(verifiziert) Microsoft® Windows® Operating System    1708    C:\WINDOWS\system32\svchost.exe
(verifiziert) Microsoft® Windows® Operating System      768    C:\WINDOWS\system32\svchost.exe
(verifiziert) Microsoft® Windows® Operating System      728    C:\WINDOWS\system32\svchost.exe
(verifiziert) Mouse without Borders                    3524    C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(verifiziert) Mouse without Borders                    3492    C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(verifiziert) Mouse Without Borders                    3868    C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(verifiziert) Process Lasso core engine                3964    D:\_improve system\Process Lasso\ProcessGovernor.exe
(verifiziert) Process Lasso user interface            3900    D:\_improve system\Process Lasso\ProcessLasso.exe
(verifiziert) PTFBPro                                  3972    D:\_easywork\PTFB Pro\PTFBPro.exe
(verifiziert) RocketDock.exe                          2800    D:\_improve system\RocketDock\RocketDock.exe
(verifiziert) Soluto                                    684    C:\Programme\Soluto\SolutoLauncherService.exe
(verifiziert) Soluto                                  3500    C:\Programme\Soluto\SolutoService.exe
(verifiziert) Stardock ObjectDock                      3020    Q:\_easywork\ObjectDock\ObjectDock.exe
(verifiziert) System Explorer                          3544    D:\_improve system\System Explorer\service\SystemExplorerService.exe
(verifiziert) System Explorer                          2068    D:\_improve system\System Explorer\SystemExplorer.exe
(verifiziert) TaskSwitchXP                            3384    Q:\_easywork\TaskSwitchXP\TaskSwitchXP.exe
(verifiziert) TimeLeft                                1756    D:\_info\TimeLeft3\TimeLeft.exe
(verifiziert) Trend Micro iRobot                      4668    R:\z_temp\HouseCall\housecall.bin
(verifiziert) xplorer²                                2872    D:\_filemanagement\xplorer² pro\xplorer2_UC.exe


Netzwerkaktivität
-----------------
Vorgang MouseWithoutBorders.exe (3492) verbunden mit Anschluss 48000 --> 192.168.178.21
Vorgang MouseWithoutBorders.exe (3492) verbunden mit Anschluss 15101 --> 192.168.178.21
Vorgang Dropbox.exe (4644) verbunden mit Anschluss 80 (HTTP) --> 108.160.162.103
Vorgang Dropbox.exe (4644) verbunden mit Anschluss 443 (HTTP over SSL) --> 107.21.230.213
Vorgang housecall.bin (4668) verbunden mit Anschluss 80 (HTTP) --> 216.104.20.189
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 92.122.97.83
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 84.53.146.8
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 91.225.248.80
Vorgang chrome.exe (5196) verbunden mit Anschluss 443 (HTTP over SSL) --> 173.194.113.152
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 5222 (XMPP/Jabber) --> 173.194.70.125
Vorgang chrome.exe (5196) verbunden mit Anschluss 443 (HTTP over SSL) --> 173.194.70.139
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 84.53.146.76
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 84.53.146.8
Vorgang chrome.exe (5196) verbunden mit Anschluss 443 (HTTP over SSL) --> 88.221.6.110
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 84.53.146.8
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 84.53.146.8
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 84.53.146.8
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 84.53.146.8
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.20.211
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 92.123.179.139
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 23.42.22.41
Vorgang chrome.exe (5196) verbunden mit Anschluss 80 (HTTP) --> 173.194.70.154
Vorgang chrome.exe (5196) verbunden mit Anschluss 443 (HTTP over SSL) --> 173.194.70.132

Vorgang svchost.exe (1840) kontrolliert die Anschlüsse: 135 (RPC)
Vorgang MouseWithoutBorders.exe (3492) kontrolliert die Anschlüsse: 15100


Autoruns und kritische Dateien
------------------------------
(verifiziert) Adobe® Flash® Player Update Service      C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(unsigniert) AMD Dual-Core Optimizer                  D:\_hardware\AMD Dual Core optimizer 1.1.4\amd_dc_opt.exe
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\crypt32.dll
(verifiziert) Glary Utilities 3                        D:\_tweak\Glary Utilities 3\Initialize.exe
(verifiziert) Logitech SetPoint                        C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
(verifiziert) nwiz.exe                                C:\Programme\NVIDIA Corporation\nview\nwiz.exe
(verifiziert) Soluto                                  c:\programme\soluto\soluto.exe
(unsigniert) WindowManager                            D:\_improve system\WindowManager\WindowManager.exe
(unsigniert) MultiMon Application                    D:\_improve system\MMTaskbar 3.0\MultiMon.exe
(unsigniert) XP Services Optimizer                    C:\WINDOWS\system32\WebUpdate.exe

(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\browseui.dll
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\cscdll.dll
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\logon.scr
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\logonui.exe
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\sclgntfy.dll
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\shell32.dll
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\stobject.dll
(verifiziert) Betriebssystem Microsoft® Windows®      c:\windows\system32\userinit.exe
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\wlnotify.dll
(verifiziert) DriverEasy                              D:\_updates\DriverEasy\DriverEasy.exe
(verifiziert) Flash Player Auto-Updater                D:\_updates\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe
(verifiziert) Google Update                            C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
(verifiziert) Google Update                            C:\Programme\Google\Update\GoogleUpdate.exe
(verifiziert) Microsoft IntelliType Pro                C:\Programme\Microsoft IntelliType Pro\itype.exe
(verifiziert) Microsoft® Windows® Operating System    C:\WINDOWS\system32\cryptnet.dll
(verifiziert) Microsoft® Windows® Operating System    C:\WINDOWS\system32\dimsntfy.dll
(verifiziert) Microsoft® Windows® Operating System    C:\WINDOWS\system32\wpdshserviceobj.dll
(verifiziert) Windows Genuine Advantage                C:\WINDOWS\system32\WgaLogon.dll
(verifiziert) Windows® Internet Explorer              C:\WINDOWS\system32\webcheck.dll
(verifiziert) Wise Care 365 Tray                      D:\_tweak\Wise Care 365\WiseTray.exe
(verifiziert) Wise Turob                              D:\_tweak\Wise Care 365\WiseTurbo.exe


Browser Plugins
---------------
(verifiziert) DocuCom PDF Plus                        D:\_pdfs\Nuance PDF Reader\bin\nppdf.dll
(verifiziert) Google Update                            C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.153\npGoogleUpdate3.dll
(verifiziert) Google Update                            C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll
(verifiziert) NPSWF32_11_8_800_94.dll                  C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
(unsigniert) Shockwave for Director                  C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
(verifiziert) Silverlight Plug-In                      C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll
(verifiziert) Windows® Internet Explorer              C:\WINDOWS\system32\ieframe.dll
(unsigniert) VLC Web Plugin                          D:\_show & listen\VLC Player\npvlc.dll

(verifiziert) Adobe Acrobat                            C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
(verifiziert) Betriebssystem Microsoft® Windows®      C:\WINDOWS\system32\mswsock.dll
(verifiziert) Dragon NaturallySpeaking Rich Internet  C:\Programme\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
(verifiziert) Java Deployment Toolkit 7.0.250.16      C:\WINDOWS\system32\npDeployJava1.dll
(verifiziert) Java(TM) Platform SE 7 U25              d:\z_rest\java 7.25 - 2\bin\jp2ssv.dll
(verifiziert) Java(TM) Platform SE 7 U25              D:\z_rest\Java 7.25 - 2\bin\plugin2\npjp2.dll
(verifiziert) Java(TM) Platform SE 7 U25              d:\z_rest\java 7.25 - 2\bin\ssv.dll
(verifiziert) Microsoft® Windows® Operating System    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verifiziert) Microsoft® Windows® Operating System    C:\WINDOWS\system32\rsvpsp.dll
(verifiziert) Microsoft® Windows® Operating System    C:\WINDOWS\system32\winrnr.dll
(verifiziert) MindManager                              d:\programme\mindmanager 6\mm6internetexplorer.dll
(verifiziert) PDF-XChange Viewer                      D:\_pdfs\PDF X-Change Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll
(verifiziert) Picasa                                  D:\_pics\Picasa3\npPicasa3.dll
(verifiziert) PlusIEContextMenu                        c:\programme\nuance\pdf viewer plus\bin\plusiecontextmenu.dll
(verifiziert) Windows Presentation Foundation          C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verifiziert) ZeonIEFavClient                          d:\programme\nuance paperport 14\pdfcreate\bin\zeoniefavclient.dll


fehlende Dateien
----------------
Datei nicht gefunden: C:\WINDOWS\system32\dumprep 0 -k
  --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"KernelFaultCheck"


Überprüfen
----------
MD5: cf36476ff7326f16e22d9afddfd7dd02  C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
MD5: 5434e18b933e03f274d8da59fda4c676  C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Dropbox\bin\icudt.dll
MD5: e9610e3e8ec4043767601f5f16c6d4ec  C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Dropbox\bin\libcef.dll
MD5: 21bfa433415377c6c9e428202bdfa9f9  C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Dropbox\bin\wxmsw28uh_vc.dll
MD5: 101700e93eb905992b518256cb441829  C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.153\npGoogleUpdate3.dll
MD5: 63d495ed7e4d46b780cb57acd46b8ac9  C:\Programme\BootRacer\BootRacerServ.exe
MD5: e255b2cab18194abe1cff3587a9365d9  C:\Programme\Emsisoft Anti-Malware\a2acc.dll
MD5: a8a4e18857cdfd8d9ab81e2c9eaf89b5  C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys
MD5: ee683d2ba1f6459616e7be2098bb2574  C:\Programme\Emsisoft Anti-Malware\a2contmenu.dll
MD5: 0f9f00b5e82cc999272c38b64832d6d3  C:\Programme\Emsisoft Anti-Malware\a2core32.dll
MD5: b0cc0b50441372157f31c4c023d43a3e  C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys
MD5: eb38f568d21259b410d252a40b39366a  C:\Programme\Emsisoft Anti-Malware\a2dix86.dll
MD5: 03bfdfae9d150d43f4a19b5fbb892591  C:\Programme\Emsisoft Anti-Malware\a2dix86.sys
MD5: 1f6209005d2584b1c8359c9b1a568a6b  C:\Programme\Emsisoft Anti-Malware\a2engine.dll
MD5: d5f50a7a00e3006fb23348b642fe180f  C:\Programme\Emsisoft Anti-Malware\a2framework.dll
MD5: 6cd7139f8643f5d048a5d9c0d57e1552  C:\Programme\Emsisoft Anti-Malware\a2guard.exe
MD5: c9a9b7c0beacc25df284fc50f7d4306d  C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll
MD5: 4b9c5eebee862574cf794582104f0c91  C:\Programme\Emsisoft Anti-Malware\a2service.exe
MD5: eb84264f56e347ca09e7dd1f70fe4393  C:\Programme\Emsisoft Anti-Malware\a2start.exe
MD5: 9ca33701da16130cb127fd0c55e53b58  C:\Programme\Emsisoft Anti-Malware\a2update.dll
MD5: 8dea3fe12a6686573f16a06ad95d7ab9  C:\Programme\Emsisoft Anti-Malware\a2util32.sys
MD5: f432eb8d1d84a565167107e2ef001473  C:\Programme\Emsisoft Anti-Malware\a2wsc.dll
MD5: 1755023407fde00d9916505a557569d5  C:\Programme\Emsisoft Anti-Malware\bdcore.dll
MD5: 5d0b4b0a9d015e590bf8671c21d3d75e  C:\Programme\Emsisoft Anti-Malware\clean32.dll
MD5: 7d26d78bd9b16a484b55956fa45fce2a  C:\Programme\Emsisoft Anti-Malware\cleanhlp32.dll
MD5: 333a88e0227007e2e0677a92057a6d90  C:\Programme\Emsisoft Anti-Malware\cleanhlp32.sys
MD5: aa787c5de7f775995fd9e1e66918b507  C:\Programme\Emsisoft Anti-Malware\frme32.dll
MD5: 2407b8164e966755bc6a4242fc9de31e  C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys
MD5: 8494b173dd812f7f6a87f2385e444b18  C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
MD5: 4ac6587e639cd5eab5b657e7c1fbe680  C:\Programme\FreePDF_XP\fpassist.exe
MD5: d623a36247044648977c8688bc3eb53e  C:\Programme\Gemeinsame Dateien\Acronis\Home\libcrypto10.dll
MD5: 4136aaa488720e90b520b09a38cda554  C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
MD5: 4ecedaf47bb2941c8a7520cfd169a2f1  C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\fox.dll
MD5: 97f492ec5ee9c799782ac957b5d49e22  C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icu38.dll
MD5: e9119ad94f2a315765a82e77db9f8c9a  C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\icudt38.dll
MD5: f3f38a2b5540ca45681f9adc9aa0515c  C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\thread_pool.dll
MD5: d345c4ce6dd370fccc78d0b61e5b658a  C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\tib_mounter.dll
MD5: ccc11052d20c42ae1b206ef04b8403eb  C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe
MD5: ff9e074ccc950398c7d293e1d4d003b3  C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
MD5: 65703599e7760ed5eb12ad21f18ebaa3  C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
MD5: 5b8b352435f3e457b8c67b6d02888ca5  C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSO.DLL
MD5: 02c317a415a91112edef07aac78af6d5  C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll
MD5: 6efbc82722d0f7b35283993189ece9d0  C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
MD5: 058ddc41a20cc9f698464d17fb378689  C:\Programme\Launchy\imageformats\qmng4.dll
MD5: d5f90a1f1c14beec118ae3d10e0d2c34  C:\Programme\Launchy\Launchy.exe
MD5: 67637c21ac19be6ca344cc2038c12fea  C:\Programme\Launchy\plugins\calcy.dll
MD5: 59c643f71d46b2aa2323c41f79496f66  C:\Programme\Launchy\plugins\controly.dll
MD5: bdb93d4cd64f12e6e4abaeee2033599c  C:\Programme\Launchy\plugins\gcalc.dll
MD5: 4dbdfc59b86f92d6a96f83657e98ea1e  C:\Programme\Launchy\plugins\runner.dll
MD5: dc508141d62f9ad350e91864aa538edb  C:\Programme\Launchy\plugins\verby.dll
MD5: 896fb77fbeba2b76751ff4220efb5f1b  C:\Programme\Launchy\plugins\weby.dll
MD5: 68f07453f8aabfd28db1e1b22dfcdc5d  C:\Programme\Launchy\QtCore4.dll
MD5: bf783889ffd30dcd089565750e00acf4  C:\Programme\Launchy\QtGui4.dll
MD5: 0b453bec20fcc92c022ee1919eec4e3b  C:\Programme\Launchy\QtNetwork4.dll
MD5: 504d8e73807cfe9938d6be75ff332acf  C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
MD5: 3f2b676285b771538b495c6a71e431fe  C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
MD5: 55f756e87b2ff0b2e55d909cf6152ff9  C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe
MD5: 755fcbe4bc62179ef76ba924abb5f460  C:\Programme\Microsoft IntelliType Pro\Components\Commands\DPGFvs\DPGFvs.dll
MD5: f045df7af127dc4bcc53421850114e15  C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll
MD5: 075eae10b5c91327a20881f9931058fc  C:\Programme\Nuance\NaturallySpeaking12\Program\mfc100deu.dll
MD5: aac63851e6673ceea58657d5d7b7cf2b  C:\Programme\Nuance\NaturallySpeaking12\Program\mfc100u.dll
MD5: 3cd36458d23705706e0ef7ebc29a7c5b  C:\Programme\Nuance\NaturallySpeaking12\Program\msvcp100.dll
MD5: 356404610c0b6565111f292c232d6402  C:\Programme\Nuance\NaturallySpeaking12\Program\msvcr100.dll
MD5: daf3739d403b330e4ee4e64f0b32743d  C:\Programme\NVIDIA Corporation\nview\nView.dll
MD5: 07f4bc741025085e830a2633c78fad71  C:\Programme\NVIDIA Corporation\nview\nvShell.dll
MD5: 59b772a134a8d4ebf44c4bfde0c83200  C:\Programme\NVIDIA Corporation\nview\NVWRSDE.dll
MD5: a23319a38290d9f495a076254d995499  C:\Programme\NVIDIA Corporation\nview\nwiz.exe
MD5: a8528d01a0a1ecffdb44476cff04e931  C:\Programme\Soluto\Community.CsharpSqlite.dll
MD5: bf9cf20f3eb49be39126e3bf8c84463c  C:\Programme\Soluto\Interop.IWshRuntimeLibrary.dll
MD5: 9bad0bee490babbb95ca246d37ae389e  C:\Programme\Soluto\Interop.NetFwTypeLib.dll
MD5: ab909f6ff25685785673b2c8bbf4d399  C:\Programme\Soluto\Ionic.Zip.Reduced.dll
MD5: 347f21144fc4c98f2cf0a1c316349829  C:\Programme\Soluto\Microsoft.ServiceHosting.ServiceRuntime.dll
MD5: 23d63963d014cec9fc6391becdebf27d  C:\Programme\Soluto\Newtonsoft.Json.dll
MD5: c9ed00129c7528e4f666807899985a26  C:\Programme\Soluto\Newtonsoft.Json.Net35.dll
MD5: 7700eba56d21710f637ed6017736823b  C:\Programme\Soluto\PCGAppControlPluginLoader.exe
MD5: 7ca6192086cd589594052d4a90a3865c  C:\Programme\Soluto\PCGAzureEntityFramework.dll
MD5: af53b4b7b5c2a875d4dcbbd1799d8ffe  C:\Programme\Soluto\PCGAzureShared.dll
MD5: fe7f0735f3908e52b19e85eb81ed6517  C:\Programme\Soluto\PCGBootVisualizingCore.dll
MD5: 6c69e7fef58bc582c1d6b270adba9f6a  C:\Programme\Soluto\PCGBrowsersProbe.dll
MD5: fc4f35afa2dc541ffbaabd52a3d150da  C:\Programme\Soluto\PCGCatalogItemCache.dll
MD5: 9b18258e74507c4d4b6a2ef5b02040b9  C:\Programme\Soluto\PCGCatalogItemFootprint.dll
MD5: 528babef2ae7f0f52ae0f1fa15b020b7  C:\Programme\Soluto\PCGClientCommon.dll
MD5: 8e2a281e4b026b88c669650c72586465  C:\Programme\Soluto\PCGClientCommunication.dll
MD5: e4bbc65501ffc1a139a844d51c45b555  C:\Programme\Soluto\PCGCommunication.dll
MD5: 42c69034dd1e49d10185f54e983e74f3  C:\Programme\Soluto\PCGConfiguration.dll
MD5: 74b4123f518059c8ea09395592a375ba  C:\Programme\Soluto\PCGDataAggregation.dll
MD5: b14a5a42ef8ecefe2d57dc89d34ecf6f  C:\Programme\Soluto\PCGDatabase.dll
MD5: bf214c45e3160a2364b9fa78a7d40805  C:\Programme\Soluto\PCGDriverProbe.dll
MD5: 2ede08bbbb35412407efc4d29c7e6aed  C:\Programme\Soluto\PCGEntities.dll
MD5: 24e8c160a318e2855efeeafe6be2232b  C:\Programme\Soluto\PCGFramework.dll
MD5: 85a54ed3bf58f7ac9b86a3375d4036ce  C:\Programme\Soluto\PCGPreCompiled.dll
MD5: 4933b5882a53c63258dff38fb701a97f  C:\Programme\Soluto\PCGPrestoSerializer.dll
MD5: bff44b72ec9cc9000ec5fb11c6189534  C:\Programme\Soluto\PCGSAProbe.dll
MD5: 4a491a15c2ae95e978c103c9b644f424  C:\Programme\Soluto\PCGUpgrader.dll
MD5: 0b33e90c63e0fe25ffe95d38278b9ee1  C:\Programme\Soluto\PCGUsersCenter.dll
MD5: 668faf637d7f896d90dc27956f749676  C:\Programme\Soluto\PCGWuInfo.dll
MD5: 5a120ba8867e7589256aa8e9bc58bd6e  C:\Programme\Soluto\SignalRWrapper.dll
MD5: 8d6b4b337f3e99e1618446ad81240f82  c:\programme\soluto\soluto.exe
MD5: cd7bd355d0f864b94b2dd71486a6a6ee  C:\Programme\Soluto\Soluto.SignalR.Client35.dll
MD5: 52486530ab680f5f56eafc8d3ba1b4bf  C:\Programme\Soluto\SolutoCleanup.exe
MD5: 64853507e75d5dca9f2cd5bedd672a3d  C:\Programme\Soluto\SolutoLauncherService.exe
MD5: 13eeac776482109315082e0430850d11  C:\Programme\Soluto\SolutoRemoteService.exe
MD5: 350ba5fdce5d9c6bee0312955d0de1c8  C:\Programme\Soluto\SolutoService.exe
MD5: eb61d4a7e770d5e0b9a42ca8c653b159  C:\Programme\Soluto\SolutoUpdateService.exe
MD5: f5ee17938d7c545bf62ad955803661c7  C:\Programme\Soluto\System.Threading.dll
MD5: 9cb7c63fd9d5ae484e318f9296279c52  C:\Programme\Spyware Terminator\st_rsser.exe
MD5: f185b0a7f31cea8b7d3764ff2809072a  C:\Programme\Spyware Terminator\STShell.dll
MD5: 402794a75a899e296ab3edec4eccb9a8  C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
MD5: 0b5b6f6dfe055f279e1cad0e8ba6cb61  C:\Programme\TweakRAM\TweakRAM.exe
MD5: 4c444d8207bfe9b4d0c670df5b89f0be  C:\Programme\WebTemp\HWMonitor32.exe
MD5: 7b8186d01e0782372b9fa4e33d08e2fa  C:\Programme\WebTemp\WebTemp.exe
MD5: 212c9c057d9776a665fc2ae49a9597be  C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
MD5: 5d04862a6f0c627f4bf4535295786e5b  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\bf27d0baf78a5b69f1f08c3b6c1142b7\Community.CsharpSqlite.ni.dll
MD5: b868ecbe93038c3999744b356d0e30c4  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\7ea9c8e722d462648db1caaede485b18\Interop.IWshRuntimeLibrary.ni.dll
MD5: a04e239d0aad27369aef8f510b90b1c1  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\46d9c0ce9e5e5a90a55d5588277b0340\Interop.NetFwTypeLib.ni.dll
MD5: f204736a60c51ebc4f57ef3d89051228  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\1a69b73829403a6d7980664fc005abbc\Ionic.Zip.Reduced.ni.dll
MD5: e77b732208efa17f67917eaa03d1db92  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\fef10c14b1bfa97b78ebe93db912c095\mscorlib.ni.dll
MD5: 6664f4b64bd169cf8c8d502000e6152f  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\1beaf757ff6cab5e1d97d072225490e9\Newtonsoft.Json.Net35.ni.dll
MD5: e722e3ea3f476d14d7dbe161ada2c90f  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\031ca8e454a02749bff38de7d4e98ed7\PCGAppControlPluginLoader.ni.dll
MD5: 14154a099a1a44b51a2bc18e37621e98  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\77ac1cd8d68695229b62ac82457bdeb9\PCGAzureEntityFramework.ni.dll
MD5: ef4b0261a9f2af9f91665ad1df6a5bc8  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\f18ce0d8bcb3ba5c99eefc978d5137dd\PCGAzureShared.ni.dll
MD5: e7b001fcfd67e09d967510ce4b7cf02b  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\f438fe859100c14a998663b9ad0d0b1f\PCGBootVisualizingCore.ni.dll
MD5: 9c5b4d2a7406129d6215d0dfbfa20451  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\48a855c29385d364610603dd8d279ac7\PCGBrowsersProbe.ni.dll
MD5: 3576b7c4b9e5c85ee5c2b6c5193a08d6  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\221b2115e7a093cf50e623a3c25ebc43\PCGCatalogItemCache.ni.dll
MD5: a8ca1bfce62045e1b18638fc89ab621e  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\a261f77cb8b9dfee2edbae66b47f6135\PCGCatalogItemFootprint.ni.dll
MD5: e3416cf9a5ef8035064360258d48c5cd  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\9037d10dd58714a968aee508d888b0a5\PCGClientCommon.ni.dll
MD5: 15c966a2929a20f342471b989fa721d1  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\6416e238ba80e81966186a3eccee75af\PCGClientCommunication.ni.dll
MD5: 4eed06a8841438defd12e02188fb54b7  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\8eb6c8b32ce401438691257b5424ac5d\PCGCommunication.ni.dll
MD5: da1508a7cc2e49d780cc49259df8b714  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\dd27a3608f2bd9d8fce3e1efb84de3c3\PCGConfiguration.ni.dll
MD5: cb7bc700fe763e4fb2c9540941906f31  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\4e1f102e17f854ff61f2781ca1d30e3a\PCGDataAggregation.ni.dll
MD5: 97563158447e55cc0561e8349bfa046c  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\9a627a74cf9cc1fcb62f02c88d901ffd\PCGDatabase.ni.dll
MD5: e8b431e82c1e6115caf156ac4ca99a91  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ec61946f684022e445b51c764db9b414\PCGDriverProbe.ni.dll
MD5: 64297f35f25c7aab217216b478078262  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\328336abbe815361f462346b228623cd\PCGEntities.ni.dll
MD5: de0a69f73738c00bbf08e72971dfda6c  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\4e6d5f0eb87f2261983b9c0144da35c3\PCGFramework.ni.dll
MD5: 20253f952ee1c82e7251495f81025ef9  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\b5cfd5b69493d78588d63cc5a268c04c\PCGPreCompiled.ni.dll
MD5: fe0f69bcca1fead5d581cc177844f203  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\c10a9d4653601ad69bb9b8030b68aebe\PCGPrestoSerializer.ni.dll
MD5: 975751768eb0321548e1d74b6c0ad68f  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\f3e61956b4b8570208f3c5a4db0cad63\PCGSAProbe.ni.dll
MD5: 5ffb79e8a487f2351902ccb53e4b66e9  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\d8aff7f7b1533366ff06f3027a35c473\PCGUpgrader.ni.dll
MD5: d10cb85a602b3c2b7b8a4e0ab2c1a4c2  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\593f7fa8523a7cf010fd616f5fabb18c\PCGUsersCenter.ni.dll
MD5: 965db782a134450a143b973b2f189a31  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\5c100535b57b3dfe8c028d53b5a9d9d8\PCGWuInfo.ni.dll
MD5: b331f5d71e5b16d7b077c4e40a9fb44f  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SignalRWrapper\0cdf7e39a31d3b7a1e129ff4b7a3b990\SignalRWrapper.ni.dll
MD5: 60d2bb21fb9d702d3ca613535a72036d  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto.SignalR.Clie#\773cfd8e84cf97394305439da910e220\Soluto.SignalR.Client35.ni.dll
MD5: a694dd333969b58fc4cf2d1eeaec4461  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\654a990c593a4efc1b8ec477499448d8\SolutoCleanup.ni.dll
MD5: f173b9ac885e1c3c958adcfcdad39dfc  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\cb2b3549ae06eff7d713bbf032cd939b\SolutoService.ni.exe
MD5: 061984237e41512e551a3caf9e2a7838  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\674001d4765d9d23e13e38904821cf1f\System.Core.ni.dll
MD5: 4d7ca8f139e54028ce5a01a17bc51c55  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\36a001c088d31c981b24c1edd020788b\System.ServiceProcess.ni.dll
MD5: de0e0a3cd77ac0130ffdb12666e40c35  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6a00dc121491c126faa82c35d16d6eca\System.ni.dll
MD5: c08b69127c2f683ce1f2b05d2089629b  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MD5: f6fdcdd877c5dfdc192c4252819523b6  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\7546a01feb9d477570b883eec56cc673\System.Configuration.ni.dll
MD5: fd5f7b4f1f3c61e2aada55edb77cd719  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\54e91e1cae6e1a6522aa4aa734dc59a1\System.Core.ni.dll
MD5: fe7beb0d9a8ea4c9795db11589f5aa3e  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\da851a56e2eb6cc239c4f018a57eb147\System.Drawing.ni.dll
MD5: fb099c90ae3489084d321cbbd1f62f12  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\2e9b90d387ecd9febb0d8231f4317667\System.Runtime.Remoting.ni.dll
MD5: dab549b60e76ee9b8a34abe7616f675c  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\f12d39d52b197c5ab34e829c16aa95bd\System.Web.ni.dll
MD5: c2b138dddb564a3768bf1969117d09cf  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aa68302abb5a0c4ff09f84b4be6ff459\System.Windows.Forms.ni.dll
MD5: 3d0d3b0897d669fa57e5b366a3339eb8  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\c1c41a9e1a25999e74defafecb2aa0bc\System.Xml.ni.dll
MD5: afcd4497051a598e3de93ab2295b0b4a  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\89445d5b924ad94744d00f1b6cd2285d\System.ni.dll
MD5: c2ab0bf642b86d1915863cdb861df71e  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
MD5: d2f5ea715f155b77fb2d18a70bd7d041  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: f7332055800dade48e0fcae6c2f43fcc  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 5f59a5e21b387b1258f5bc979b6bc5e7  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: e76d3b8b711aad564e2f31655a79c175  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll
MD5: 8a2f574db38876fcb6adfa509ae5c7ef  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
MD5: 92f8656d0167412a2379517c3f704ffb  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 3fb186a7a9728102181334336b364be5  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
MD5: a8f8a187bca7c1dee5638ad2997595ee  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: dfe18f2bfd60da638f24a0776a60f9e3  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
MD5: 120f3b596f79fc990b7d808857a8b3bc  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
MD5: ae7b288233c212c62cd544bf768c45e6  C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
MD5: d2212de58670f43233a97540804c86ac  C:\WINDOWS\system32\asycfilt.dll
MD5: 6586e91828fb64b7236771c0ebe25d4d  C:\WINDOWS\system32\AVSredirect.dll
MD5: 4bc526551b07df63a219b85576568b07  C:\WINDOWS\system32\CNMNPPM.DLL
MD5: b2e8f9564c82f77bce2c144b1983ce7d  C:\WINDOWS\system32\crypt32.dll
MD5: c066da0f6052a5c74c54dab48f8ca8d3  C:\WINDOWS\system32\dfshim.dll
MD5: 84c3bfe972b722532ed9e88d0301a5b1  C:\WINDOWS\system32\dinput8.dll
MD5: 9e1ca3160dafb159ca14f83b1e317f75  C:\WINDOWS\system32\drivers\ACPIEC.sys
MD5: 769844eb65df6a62aa51b886290fe51d  C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: ad8fa28d8ed0d0a689a0559085ce0f18  C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
MD5: bcf37763868ab5ed70b392d3f101d44d  C:\WINDOWS\System32\Drivers\AnyDVD.sys
MD5: 2b4e66fac6503494a2c6f32bb6ab3826  C:\WINDOWS\system32\drivers\ASIO.sys
MD5: b979979ab8027f7f53fb16ec4229b7db  C:\WINDOWS\system32\drivers\ASPI32.sys
MD5: 92a964547b96d697e5e9ed43b4297f5a  C:\WINDOWS\System32\Drivers\BrScnUsb.sys
MD5: 0071f8825d14b16955cd0a0699ab7a6c  C:\WINDOWS\system32\drivers\DRHARD.sys
MD5: 8810cbe07a85cf1998750252a8b1f3c4  C:\WINDOWS\system32\DRIVERS\dsnpfd.sys
MD5: 01ce484ff6d70a39479bc6d619de7ed6  C:\WINDOWS\system32\drivers\ESGSCANNER.sys
MD5: cf9f4efdf34fa5bf96fa2ab8f2255ce8  C:\WINDOWS\System32\Drivers\LBeepKE.sys
MD5: 59ced2543392eb10b2e8feae87a5d248  C:\WINDOWS\System32\Drivers\LEqdUsb.Sys
MD5: 26163f0f1c2636ae3fff7c54600204a5  C:\WINDOWS\System32\Drivers\LHidEqd.Sys
MD5: 74ea099c3d9dad3a657bd89ed4a81c6d  C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
MD5: e9d42cdd5bd22be28247b77953735650  C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
MD5: ca3e22598f411199adc2dfee76cd0ae0  C:\WINDOWS\system32\drivers\msmpu401.sys
MD5: f7b1ad991491f02af6da70b00b8bf114  C:\WINDOWS\system32\drivers\MUP.sys
MD5: 9282bd12dfb069d3889eb3fcc1000a9b  C:\WINDOWS\system32\drivers\NDPROXY.sys
MD5: a613a14fb4d9117f42a3a280f64e9ec4  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: c03e15101f6d9e82cd9b0e7d715f5de3  C:\WINDOWS\system32\DRIVERS\nvata.sys
MD5: c2bf987829099a3eaa2ca6a0a90ecb4f  C:\WINDOWS\system32\drivers\PARVDM.sys
MD5: a2a966b77d61847d61a3051df87c8c97  C:\WINDOWS\system32\drivers\Pcmcia.sys
MD5: c7d9bc54354b8c706abf172d48313f1b  C:\WINDOWS\system32\drivers\RDPWD.sys
MD5: d1facb3c7d12f439c18ef01aa88c2a9d  C:\WINDOWS\system32\drivers\Sdbus.sys
MD5: cf24eb4f0412c82bcd1f4f35a025e31d  C:\WINDOWS\system32\drivers\SERIAL.sys
MD5: 43dc393f21345b6de59517bd27e2b10f  C:\WINDOWS\system32\Drivers\SIVX32.sys
MD5: 7b426b8e809edf081d771ef429345528  C:\WINDOWS\system32\drivers\SP_RSDRV2.sys
MD5: e57b778208c783d8debab320c16a1b82  C:\WINDOWS\system32\drivers\STAROPEN.sys
MD5: 5c7c939bbd03784fe58c80578d065cc9  C:\WINDOWS\system32\DRIVERS\tap0901.sys
MD5: a31246180e61140ad7ff9dd7edf1f6a1  C:\WINDOWS\system32\drivers\TMCOMM.sys
MD5: 048835a65968e9ea872130aeaa727ded  C:\WINDOWS\system32\drivers\UIGXRDR.sys
MD5: 200847985e963ea9634c1b81a21a4da6  C:\WINDOWS\system32\drivers\VBOXDRV.sys
MD5: 2a29b5d722d6b7f688507393e5d4166b  C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
MD5: 40458859ba17fc8acbfeb65a967363e4  C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
MD5: e973e67e29344a198fb17351c5cd9320  C:\WINDOWS\system32\drivers\VBOXUSBMON.sys
MD5: b252dd05c8b1d64239ee8a93c4bc5ad4  C:\WINDOWS\system32\DRIVERS\VClone.sys
MD5: c0f55cc0903cfdc819f6d857402b697c  C:\WINDOWS\System32\Drivers\vulfnth.sys
MD5: 545d98a7f61af1c7c4ad38b8f333e0b7  C:\WINDOWS\System32\Drivers\vulfntr.sys
MD5: fd600b032e741eb6aab509fc630f7c42  C:\WINDOWS\system32\DRIVERS\WinUSB.sys
MD5: ae279cd76b38fc079eec3ca6d65a5926  C:\WINDOWS\system32\DRIVERS\zumbus.sys
MD5: bf8517b249b4b81f72cd659e89e8595a  C:\WINDOWS\system32\filemgmt.dll
MD5: ae98f1471c7836ed5f5aafa2962e5ea7  C:\WINDOWS\system32\hhsetup.dll
MD5: 35ea674e7239b527ad98afd1dbc1efd6  C:\WINDOWS\system32\ieframe.dll
MD5: 81faefc42d0b236c62c3401558867faa  C:\WINDOWS\system32\iertutil.dll
MD5: cd1f8b68515120ebac5a1e3bad5199c4  C:\WINDOWS\system32\loadperf.dll
MD5: 476bb014f3f68c0c15eddd5b444da8ff  C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 0c8597dbc74aaf5179471ba013e3c6b4  C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MD5: 072376b62a8ad268f7f1aeb45f2e7d3b  C:\WINDOWS\system32\MatroskaDX.ax
MD5: 7cfded5c3dc1b5843cbaaecf6868cbd0  C:\WINDOWS\system32\mfc42loc.dll
MD5: 973e32a975effcc4b430ee8e5d2b580b  C:\WINDOWS\system32\mfc42u.dll
MD5: d1ec2800e02e81b0c74e39510e80cf24  C:\WINDOWS\system32\mmc.exe
MD5: f1c8ce383de472818312d289b296e05e  C:\WINDOWS\system32\mmcbase.dll
MD5: b1d4df0c11dc13120f051e8804039ea0  C:\WINDOWS\system32\mmcndmgr.dll
MD5: 4b69d5e6fbb0638b8fa0e2c2afa231b5  C:\WINDOWS\system32\mmcshext.dll
MD5: 45e53033a634317ac04b7ba79ec0749d  C:\WINDOWS\system32\mmfutil.dll
MD5: 9eba8603c3ca00edcdf0f34c6d3044e6  C:\WINDOWS\system32\msdtcprx.dll
MD5: ffe0439805a7db1674bab0a2285c3447  C:\WINDOWS\system32\msdtcuiu.dll
MD5: 2dac1ded391da6687dc4dfad5c029352  C:\WINDOWS\system32\msftedit.dll
MD5: 76a0cf7f71b56cf9ccf46536affe3e26  C:\WINDOWS\system32\mshtml.dll
MD5: 1f15b1d33e0a45b6eb1011cd45c25480  C:\WINDOWS\system32\msvbvm60.dll
MD5: 5a6b199a4e9e4eb24b6138b87ee4da79  C:\WINDOWS\system32\netfxperf.dll
MD5: 25bec0f383359a9806602835cb756652  C:\WINDOWS\system32\nvapi.dll
MD5: f1ae0bc50661be09e7bc5919f4c05505  C:\WINDOWS\system32\nvsvc32.exe
MD5: 7641cbd793459559c7c99481ec3c6803  C:\WINDOWS\system32\nvwddi.dll
MD5: 189b2c9e7551bffefc9af7557a1d89d0  C:\WINDOWS\system32\odbcbcp.dll
MD5: 5ca984ba87d2f268f8dc96a38e67ed34  C:\WINDOWS\system32\pdfcmon.dll
MD5: 594d1ed86a44a1a92ab72bab5db5a726  C:\WINDOWS\system32\pdh.dll
MD5: c47fd93010649ac0d79022d9b69adbe4  C:\WINDOWS\system32\perfctrs.dll
MD5: 4ce772e935114095695d3f75e999631c  C:\WINDOWS\system32\perfdisk.dll
MD5: 5eba4a1e0bec4c3eef814b210b0de871  C:\WINDOWS\system32\perfnet.dll
MD5: d572dc556bb594976d4d179e5b9b41b9  C:\WINDOWS\system32\perfos.dll
MD5: ccb87461ecaa2b5ab7e6f0ba5fc27869  C:\WINDOWS\system32\perfproc.dll
MD5: f938c6ddf7f7791c53bd8e55f723016a  C:\WINDOWS\system32\perfts.dll
MD5: e2ee17f580e02d3997b7352ed02a768b  C:\WINDOWS\system32\pschdprf.dll
MD5: 0b7a5b82fbb8d2d9f7ceefb8a74c06c6  C:\WINDOWS\system32\rasctrs.dll
MD5: 8209c58db27dcd32579f8eeb585f32fe  C:\WINDOWS\system32\rsvpperf.dll
MD5: f6b34cd47caf6d68106b9f8055f35c50  C:\WINDOWS\system32\rundll32.exe
MD5: 62bf9200e1bdf8fb88b41403add33d0c  C:\WINDOWS\system32\servdeps.dll
MD5: fde6990df7ec6db4930addeeab4f5f9f  C:\WINDOWS\system32\snmpsnap.dll
MD5: 71904b089f4a0d8f6bc46ce52a457836  C:\WINDOWS\system32\TAKDSDecoder.ax
MD5: 6d8bdea7fb2e1a8461acd4970627e95a  C:\WINDOWS\system32\TAKDSDecoder.dll
MD5: 78908cc0eeae43de90b07c1a2da298d7  C:\WINDOWS\system32\tapiperf.dll
MD5: b198cb3b0689b10fdc4c8ccf8c3c3289  C:\WINDOWS\system32\taskmgr.exe
MD5: 926f5a50f62b7cdc87beeb3527b4f2a8  C:\WINDOWS\system32\traffic.dll
MD5: a049859689c3a920c8962627c05a2296  C:\WINDOWS\system32\UIGMXMON.DLL
MD5: c0c55f5ef0fe738a50af2f3ff53ad0c1  C:\WINDOWS\system32\uigxnp.dll
MD5: 28f73a450aa227894e2e6288f8681e79  C:\WINDOWS\system32\urlmon.dll
MD5: b0d56545c7297f4328496f4ee9acd36d  C:\WINDOWS\system32\utildll.dll
MD5: 6a554775aefd402c2f311ac820f836ea  C:\WINDOWS\system32\VB6DE.DLL
MD5: c7636ba48f5ba08ad427e6fbecc32679  C:\WINDOWS\system32\wbem\wbemcons.dll
MD5: 696aa05c1fb6a73f553095e217b9b24f  C:\WINDOWS\system32\wbem\wbemdisp.dll
MD5: 45edc8b9c1024ec31165ecaa913170c9  C:\WINDOWS\system32\wbem\wmiaprpl.dll
MD5: c0b9a1f9a7dfdb6fbd72eac6626f76e5  C:\WINDOWS\system32\WebUpdate.exe
MD5: 4af40b1cc33d92fd6f45d8560509cfcb  C:\WINDOWS\system32\winDCE32.dll
MD5: c087cc88d7cd554409cbb5ebc29e8e38  C:\WINDOWS\system32\wininet.dll
MD5: 77f595dee5ffacea72b135b1fce1312e  C:\WINDOWS\system32\xinput1_3.dll
MD5: 38e1a82ea77e591245fd7487a7e32fe8  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952\msvcp80.dll
MD5: 2a617261b0de3b9ac1ee5f83cf1fd830  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952\msvcr80.dll
MD5: 0692f956ba7c7648b30357e154e409cc  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57\mfc80u.dll
MD5: d992f37111edf8442505df287a2b9af0  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555\mfc80DEU.dll
MD5: 45892c984c909bd3c1aa6ae812225553  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.7523_x-ww_c2c04980\atl90.dll
MD5: 13d0c0b903d843d82897c0432c1fcb96  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.7523_x-ww_62205c0c\msvcp90.dll
MD5: 8fb39073ebb7a91a0ec4209edb46d933  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.7523_x-ww_62205c0c\msvcr90.dll
MD5: 75781af15861036424e610a8d89c63e6  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.7523_x-ww_3306cf11\mfc90u.dll
MD5: 4bb88951ddfe5dbdf5c5cddf71a665c1  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.7523_x-ww_a38742d1\mfc90deu.dll
MD5: be80c3b05e526dbf4315823b810b8ce9  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll
MD5: 1b6be2935938d2f656ef83fb1acd99c5  D:\_backup\GMX Upload Messenger\SHNDLERS.DLL
MD5: f00e75266a6a997fd51e7c7fa3456ea9  D:\_easywork\PTFB Pro\libeay32.dll
MD5: 706fbeeb6b66f99652bc0eabbf069878  D:\_easywork\PTFB Pro\PTFBPro.exe
MD5: 2f64eae8c8864aaa3ae8ce0e58b8cc68  D:\_faster\BootLog XP\BootLogService.exe
MD5: 29fd9bf519cee9cff4f8e0264b136598  D:\_faster\BWMeter\BWMeterConSvc.exe
MD5: 8e6ace12cadb0b9e6f1b703798ee913e  D:\_faster\CachemanXP\CachemanXP.exe
MD5: 3bbbc02d84ac98af93f2f4d00ec347f0  D:\_faster\OO CleverCache\ooccag.exe
MD5: 6fa58332c26b00385f8fcd46fbbdf495  D:\_faster\OO CleverCache\ooccguir.dll
MD5: f2b9fef35c5b151fb4a18c1575e5f7fb  D:\_filemanagement\FontExplorer X Pro\FontManagementServices.exe
MD5: c2e81dbc80b42c599ff49c5345454a1e  D:\_filemanagement\Winrar\RarExt.dll
MD5: 3a23a1d4f001962622bae4dddd8663c0  D:\_filemanagement\xplorer² pro\xplorer2_UC.exe
MD5: ebc0e8c0a4dda2c32a7d5863462a321a  D:\_hardware\AMD Dual Core optimizer 1.1.4\amd_dc_opt.exe
MD5: 017695393afffed8de58abd1b085be6d  D:\_hardware\Zune - Nokia 800\WMZuneComm.exe
MD5: 37f339b64f19e2775284ed7161b96683  D:\_hardware\Zune - Nokia 800\ZuneBusEnum.exe
MD5: 1076df9ade4e13ea3bf39d2165aeb903  D:\_hardware\Zune - Nokia 800\ZuneNss.exe
MD5: de1cdb333a402b279f04d627122fa08e  D:\_hardware\Zune - Nokia 800\ZuneWlanCfgSvc.exe
MD5: 035fe30c12ebeea43b4d08067dc7b257  D:\_improve system\aborange Scheduler\aboScheduler.exe
MD5: a6fa3e04721f85de982c74530c330d6b  D:\_improve system\MMTaskbar 3.0\MultiMon.exe
MD5: 168f470a3da98953d6b46c9814c91c69  D:\_improve system\Process Lasso\pl_rsrc_english.dll
MD5: 3db9f6e4eb755ef071cf9eafc57d5c72  D:\_improve system\Process Lasso\pl_rsrc_german.dll
MD5: 11f233ed39533b6d0b38a7ddfb2d8709  D:\_improve system\Process Lasso\ProcessGovernor.exe
MD5: af7d9dfcdc5262aea00f7c8ed6e0adff  D:\_improve system\Process Lasso\ProcessLasso.exe
MD5: 7eaef49d206899909eb63014fc8dc19a  D:\_improve system\System Explorer\service\SystemExplorerService.exe
MD5: 52d1bcab15fbdb9ec4a52c5d42240f17  D:\_improve system\System Explorer\SystemExplorer.exe
MD5: 1d8ba46a4f57234597daa834fddbfb84  D:\_improve system\USB Safely Remove 5.1.2\USBSRService.exe
MD5: 46ab2515e8ebf3d9101c8b94e2519f2d  D:\_improve system\WindowManager\WindowManager.dll
MD5: d15896560a3c53fb7c6593ca2bfd34cf  D:\_improve system\WindowManager\WindowManager.exe
MD5: 230fd3749904ca045ea5ec0aa14006e9  D:\_info\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys
MD5: 10b2d3459ce232fd8375afa0f44a5174  D:\_maintenance\CleanGenius 3\CGUnlockerExtension.dll
MD5: 325fb38c323c63c7f57885b4dfb1b91e  D:\_maintenance\UPHClean\uphclean.exe
MD5: cb862d18bc1359ab6949636aca6a7444  D:\_pdfs\Nuance PDF Reader\bin\nppdf.dll
MD5: edfca3d1cb2147de6ced48284932f5ed  D:\_pics\SageThumbs\32\libgfl340.dll
MD5: 1d3c7d9388fa818ffc7f5bdf0479c05d  D:\_pics\SageThumbs\32\libgfle340.dll
MD5: 54a0a07db35e5cf3b6fb278bdf285eb9  D:\_pics\SageThumbs\32\SageThumbs.dll
MD5: efa5a3068a246d346c4eb7c3f55ce0c6  D:\_pics\SageThumbs\32\sqlite3.dll
MD5: f714d4f456a6b91212966b3ca19f720c  D:\_security\VirusKeeper 2011 Pro Probeversion\vk_service.exe
MD5: 43cebdfa8b91beb5febd4f9e6768aef2  D:\_show & listen\VLC Player\npvlc.dll
MD5: d93eba8a8790c0f9125f434a6e4bbd6f  D:\_tweak\Glary Utilities 3\ContextHandler.dll
MD5: d7db8e1cf0c3554dff2a4a2a340afe84  D:\_tweak\Glary Utilities 3\Initialize.exe
MD5: 9a2347903d6edb84c10f288bc0578c1c  E:\_ dropbox _\Dropbox\_ install new\__new\HiJackThis204.exe
MD5: c04e5e0060cd89537b686b8f17358ddc  Q:\_easywork\allsnap150beta\allsnap.exe
MD5: b4919254bf82c6e05f6cd29c82a5fd1a  Q:\_easywork\allsnap150beta\snap_lib.dll
MD5: c9f3bb7738ccf43a3df75ac1d971c338  Q:\_easywork\ObjectDock\CrashRpt.dll
MD5: 148423fdbc7f0b07d8d166414c95b8ab  Q:\_easywork\ObjectDock\dbghelp.dll
MD5: cf91d64ccce47ca85b7ee14321b8dfe1  Q:\_easywork\ObjectDock\Docklets\Calendar\Calendar.dll
MD5: 9038e4179464283e41f0e17e2288b16d  Q:\_easywork\ObjectDock\Docklets\Clock\Clock.dll
MD5: 78bf85d0ff63979f1995787e87989c0a  Q:\_easywork\ObjectDock\DockShellHook.dll
MD5: 532c34258057696e9247605fe9b34b04  Q:\_easywork\ObjectDock\ObjectDock.exe
MD5: 8f490b403bc61771fe9ebd7d7bc8c130  Q:\_easywork\ObjectDock\StardockTray.dll
MD5: 87eddceb9d22c129e386e652c5cda521  Q:\_easywork\ObjectDock\zlib.dll
MD5: 49abbb2b8ef50aa7a91c6b722c63944f  Q:\_easywork\WinSplit Revolution\WinSplit.exe
MD5: 6e4c258ef2ffcc1abac0fc5e147b5102  Q:\_easywork\WinSplit Revolution\WinSplitDrvr32.exe
MD5: 78d5786d1e88c97208d2465aa3fc5986  Q:\_easywork\WinSplit Revolution\WinSplitHook32.dll
MD5: 864f89a1b188a0efc06a38884a70f56f  Q:\_easywork\WinSplit Revolution\WinSplitLib.dll
MD5: 38974b7cb773cc973647f6238c20ba1b  Q:\_system improve\Anvir TaskManager Pro\AnvirRunServ.exe
MD5: c0b4b422fd58dd80c0fbb72d1821a6b6  R:\_easywork\Everything\Everything.exe
MD5: ac22e3c180d7aa25fe47cdd30f5942a0  R:\GoogleChromePortable 28 final\App\Chrome-bin\28.0.1500.71\chrome.dll
MD5: e661fe228412eb24b499775476b6d51a  R:\GoogleChromePortable 28 final\App\Chrome-bin\28.0.1500.71\ffmpegsumo.dll
MD5: b829290325c603dbd52afa51822d8500  R:\GoogleChromePortable 28 final\App\Chrome-bin\28.0.1500.71\icudt.dll
MD5: f20c275229bf2fec823b1ce3abab4193  R:\GoogleChromePortable 28 final\App\Chrome-bin\28.0.1500.71\libpeerconnection.dll
MD5: 14378bc0434fbd9907d7b469bff8ce3b  R:\GoogleChromePortable 28 final\App\Chrome-bin\28.0.1500.71\pdf.dll
MD5: 723d91b3caeae60926212ce8da54217f  R:\GoogleChromePortable 28 final\App\Chrome-bin\28.0.1500.71\ppgooglenaclpluginchrome.dll
MD5: 815fd68f8a6af88827232c2b94622970  R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
MD5: 6677ef124913dcacc2078b27309edcac  R:\GoogleChromePortable 28 final\Data\profile\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\npqscan.dll
MD5: 9f1cff9f0922a9d22a97791d8cb5e444  R:\GoogleChromePortable 28 final\Data\profile\PepperFlash\11.8.800.97\pepflashplayer.dll
MD5: c94a3239cebefe3ff64e9bfc332da9d3  R:\GoogleChromePortable 28 final\GoogleChromePortable.exe
MD5: 12f4da1ee22bc82825f8134ce4b3f529  R:\z_temp\decleaner\avnetworkloader.dll
MD5: c5d053c589eac6ff38c2ad7b3785e297  R:\z_temp\decleaner\avnetworkLoaderGUI.dll
MD5: 434049e557861645fa160f3035025f51  R:\z_temp\decleaner\decleaner\setup\aebb.dll
MD5: 12206cf57a965bb32f6eeb1841d4180d  R:\z_temp\decleaner\decleaner\setup\aecore.dll
MD5: cd7b65e600b8ebc91b292c1ac9ec1215  R:\z_temp\decleaner\decleaner\setup\aeemu.dll
MD5: 19510247a16be81e66dca0057067e740  R:\z_temp\decleaner\decleaner\setup\aeexp.dll
MD5: 73b4e5ca16aff165b3b3152004255587  R:\z_temp\decleaner\decleaner\setup\aegen.dll
MD5: 20ff9c1ac224a84f3833e6d7b1aded05  R:\z_temp\decleaner\decleaner\setup\aehelp.dll
MD5: 9e8cc9e0660c2687a6fc04c6a3a4ef86  R:\z_temp\decleaner\decleaner\setup\aeheur.dll
MD5: 3580ef6282d1f77116dee2983eeb0751  R:\z_temp\decleaner\decleaner\setup\aeoffice.dll
MD5: 0c3bf6691668478ff6b7e6d40fd04335  R:\z_temp\decleaner\decleaner\setup\aepack.dll
MD5: 9d4db1309bb1d86fdc7cfafb315e3e5a  R:\z_temp\decleaner\decleaner\setup\aerdl.dll
MD5: 64605b72b605dede66d38e3d7094e73b  R:\z_temp\decleaner\decleaner\setup\aesbx.dll
MD5: 25419e7d1ded175b21113d819b3970dc  R:\z_temp\decleaner\decleaner\setup\aescn.dll
MD5: 11eef5b07e552a179b72e2c151de9b49  R:\z_temp\decleaner\decleaner\setup\aescript.dll
MD5: b30f23026aa2f12a690153ffb6983993  R:\z_temp\decleaner\decleaner\setup\aevdf.dll
MD5: 30a6cab7a30023a25e098fafdd32695f  R:\z_temp\decleaner\decleaner\setup\avpref.dll
MD5: c50071befaf3adc7a830ff287a7824a8  R:\z_temp\decleaner\decleaner\setup\avreg.dll
MD5: 0afc48dbc059918f24cb6b534ed79b86  R:\z_temp\decleaner\decleaner\setup\avrep.dll
MD5: 1f008e3d493b775158636f8c26423b71  R:\z_temp\decleaner\decleaner\setup\avscan.dll
MD5: 9f5ead456c5ba8c6a896e2c68d976928  R:\z_temp\decleaner\decleaner\setup\avscplr.dll
MD5: 2fe7faa8733ca80b8a8160e563f8a7b3  R:\z_temp\decleaner\decleaner\setup\avwinll.dll
MD5: 89fccb24f47d96c960a24f3207e32df2  R:\z_temp\decleaner\decleaner\setup\extdlgfw.dll
MD5: f8f3a942f0213f9fb3fc07b1e3c2e093  R:\z_temp\decleaner\decleaner\setup\luke.dll
MD5: c0b9494af817c10f9ea6c5aafc45991e  R:\z_temp\decleaner\decleaner\setup\rcimage.dll
MD5: 26e696e57b9df02a9b0ec41d63186b7f  R:\z_temp\decleaner\rcNwLoad_de.dll
MD5: ff4473ae88eb8643cb9372536852b942  R:\z_temp\decleaner\update.dll
MD5: 6dbc038f15baaa2754810c73e40e5648  R:\z_temp\HouseCall\hc_core.dll
MD5: 890c1da5db5515ebc5e243850a505760  R:\z_temp\HouseCall\housecall.bin
MD5: 75676cfb7d636406059c49280bb00791  R:\z_temp\HouseCall\ICRCHdler.dll
MD5: ee9bf48743dccef46527c54bbd8ba5ae  R:\z_temp\HouseCall\libcurl.dll
MD5: 9aa69a2f61e7c4f1c6d94a6c3e3680e0  R:\z_temp\HouseCall\libeay32.dll
MD5: deca60f8772002cb8a7f7215814ddf77  R:\z_temp\HouseCall\libexpatw.dll
MD5: 743f1aefbfea418a1b80566b22bbab68  R:\z_temp\HouseCall\perfiCrcPerfMonMgr.dll
MD5: df6fefe6f98fafd3e5ce55c81079af23  R:\z_temp\HouseCall\ssleay32.dll
MD5: acc5fad1798dbc029d77f08081e268b9  R:\z_temp\HouseCall\tmfbeng.dll
MD5: 56156e48b13063dc738bc43c38645274  R:\z_temp\HouseCall\tscdll32.dll
MD5: 260b5930258c7cbeeddf8a4f4568d1a8  R:\z_temp\HouseCall\vsapi32.dll
MD5: 24a7a119e289f1b5b69f3d6cf258db7c  R:\z_temp\nsoE.tmp\registry.dll

Folgende Dateien müssen hochgeladen werden für einen Scan vom Server:
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\f3e61956b4b8570208f3c5a4db0cad63\PCGSAProbe.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\c10a9d4653601ad69bb9b8030b68aebe\PCGPrestoSerializer.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SignalRWrapper\0cdf7e39a31d3b7a1e129ff4b7a3b990\SignalRWrapper.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\7ea9c8e722d462648db1caaede485b18\Interop.IWshRuntimeLibrary.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\dd27a3608f2bd9d8fce3e1efb84de3c3\PCGConfiguration.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\d8aff7f7b1533366ff06f3027a35c473\PCGUpgrader.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\5c100535b57b3dfe8c028d53b5a9d9d8\PCGWuInfo.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\f438fe859100c14a998663b9ad0d0b1f\PCGBootVisualizingCore.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\48a855c29385d364610603dd8d279ac7\PCGBrowsersProbe.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\221b2115e7a093cf50e623a3c25ebc43\PCGCatalogItemCache.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ec61946f684022e445b51c764db9b414\PCGDriverProbe.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\654a990c593a4efc1b8ec477499448d8\SolutoCleanup.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\77ac1cd8d68695229b62ac82457bdeb9\PCGAzureEntityFramework.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\a261f77cb8b9dfee2edbae66b47f6135\PCGCatalogItemFootprint.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\46d9c0ce9e5e5a90a55d5588277b0340\Interop.NetFwTypeLib.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\6416e238ba80e81966186a3eccee75af\PCGClientCommunication.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\031ca8e454a02749bff38de7d4e98ed7\PCGAppControlPluginLoader.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\328336abbe815361f462346b228623cd\PCGEntities.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\1a69b73829403a6d7980664fc005abbc\Ionic.Zip.Reduced.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto.SignalR.Clie#\773cfd8e84cf97394305439da910e220\Soluto.SignalR.Client35.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\593f7fa8523a7cf010fd616f5fabb18c\PCGUsersCenter.ni.dll
  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\4e1f102e17f854ff61f2781ca1d30e3a\PCGDataAggregation.ni.dll

Upload gestartet - 22 Datei(en)
  SignalRWrapper.ni.dll (42496)
  PCGEntities.ni.dll (49664)
  Interop.NetFwTypeLib.ni.dll (50688)
  PCGAzureEntityFramework.ni.dll (52224)
  PCGUsersCenter.ni.dll (70656)
  PCGConfiguration.ni.dll (77824)
  Interop.IWshRuntimeLibrary.ni.dll (100864)
  PCGCatalogItemCache.ni.dll (112128)
  PCGUpgrader.ni.dll (163328)
  PCGAppControlPluginLoader.ni.dll (178688)
  PCGWuInfo.ni.dll (202240)
  PCGDriverProbe.ni.dll (259584)
  PCGPrestoSerializer.ni.dll (267264)
  PCGBootVisualizingCore.ni.dll (338944)
  PCGSAProbe.ni.dll (347136)
  PCGCatalogItemFootprint.ni.dll (361472)
  Soluto.SignalR.Client35.ni.dll (505344)
  Ionic.Zip.Reduced.ni.dll (596992)
  SolutoCleanup.ni.dll (733696)
  PCGDataAggregation.ni.dll (832512)
  PCGClientCommunication.ni.dll (892416)
  PCGBrowsersProbe.ni.dll (903680)
Upload Geschwindigkeit - 87 KB/s
Upload beendet - 22 hochgeladen, 0 fehlgeschlagen

Die hochgeladene(n) Datei(en) waren sauber.

Scan beendet - Kommunikation hat 80 Sek. gedauert
übertragene Daten - 6.84 MB gesendet, 0.99 KB empfangen
1044 Dateien und Module geprüft - 124 seconds

==============================================================================

aswMBR:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-29 16:25:53
-----------------------------
16:25:53.843    OS Version: Windows 5.1.2600 Service Pack 3
16:25:53.843    Number of processors: 2 586 0x2302
16:25:53.843    ComputerName: ASUS-A8N  UserName:
16:25:54.062    Initialize success
16:26:14.812    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\FancyRdPort0Path0Target0Lun0
16:26:14.812    Disk 0 Vendor: Romex___ 2011 Size: 1144MB BusType: 0
16:26:14.812    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000008a
16:26:14.828    Disk 1 Vendor: SAMSUNG_SV1204H RK100-11 Size: 114498MB BusType: 3
16:26:14.828    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
16:26:14.843    Disk 2 Vendor: KINGSTON 502A Size: 85857MB BusType: 3
16:26:14.843    Disk 3  \Device\Harddisk3\DR3 -> \Device\Scsi\nvgts2Port3Path0Target0Lun0
16:26:14.843    Disk 3 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
16:26:14.843    Disk 4  \Device\Harddisk4\DR16 -> \Device\000000a5
16:26:14.859    Disk 4 Vendor:  Size: 476940MB BusType: 0
16:26:14.859    Disk 5  \Device\Harddisk5\DR18 -> \Device\000000c8
16:26:14.859    Disk 5 Vendor:  Size: 476940MB BusType: 0
16:26:15.046    Disk 2 MBR read successfully
16:26:15.078    Disk 2 MBR scan
16:26:15.093    Disk 2 unknown MBR code
16:26:15.109    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS        26349 MB offset 332640
16:26:15.140    Disk 2 Partition - 00    0F Extended LBA            85847 MB offset 15120
16:26:15.187    Disk 2 Partition 2 00    16  Hidd FAT16 BOOTWIZ0      155 MB offset 15183
16:26:15.187    Disk 2 Partition - 00    05    Extended              6157 MB offset 54295920
16:26:15.218    Disk 2 Partition 3 00    07    HPFS/NTFS NTFS        6157 MB offset 54295983
16:26:15.250    Disk 2 Partition - 00    05    Extended            21535 MB offset 121186800
16:26:15.281    Disk 2 Partition 4 00    07    HPFS/NTFS NTFS        21535 MB offset 66906063
16:26:15.312    Disk 2 Partition - 00    05    Extended            31650 MB offset 177901920
16:26:15.359    Disk 2 Partition 5 00    07    HPFS/NTFS NTFS        31650 MB offset 111011103
16:26:15.406    Disk 2 scanning sectors +175830480
16:26:15.609    Disk 2 scanning C:\WINDOWS\system32\drivers
16:27:05.359    Service scanning
16:27:21.703    Modules scanning
16:28:53.171    Disk 2 trace - called modules:
16:28:53.187    ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys SCSIPORT.SYS nvgts.sys
16:28:53.203    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8ac47ab8]
16:28:53.203    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> [0x8ac15d50]
16:28:53.203    5 vidsflt.sys[f733dd9b] -> nt!IofCallDriver -> \Device\0000008c[0x8aca68c0]
16:28:53.203    7 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8ac65a38]
16:28:53.203    Scan finished successfully
16:38:12.296    Disk 2 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\MBR.dat"
16:38:12.343    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\aswMBR Scan Ergebnisse.txt"
========================================

Ich hoffe, ich habe mit den Infos alles richtig gemacht....

cosinus 29.07.2013 15:27
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Eule69 29.07.2013 15:49
FSRT:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by Elmar-Admin (administrator) on 29-07-2013 16:41:33
Running from E:\_ dropbox _\Dropbox\_ install new\__new
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.exe
(Outertech) D:\_faster\CachemanXP\CachemanXP.exe
(zett42) D:\_improve system\Flashfolder\FlashFolder.exe
(Microsoft Corporation) C:\WINDOWS\system32\locator.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\itype.exe
() D:\_improve system\MMTaskbar 3.0\MultiMon.exe
(DeskSoft) D:\_improve system\WindowManager\WindowManager.exe
(AnVir Software) Q:\_system improve\Anvir TaskManager Pro\anvir.exe
(Extensoft) D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mister Group) D:\_improve system\System Explorer\SystemExplorer.exe
(Mister Group) D:\_improve system\System Explorer\service\SystemExplorerService.exe
(hxxp://www.webtemp.org) C:\Programme\WebTemp\WebTemp.exe
(CPUID) C:\Programme\WebTemp\HWMonitor32.exe
(Elcor Software) C:\Programme\TweakRAM\TweakRAM.exe
(Bitsum) D:\_improve system\Process Lasso\ProcessLasso.exe
() D:\_backup\Desksave821\DeskSave.exe
() C:\Programme\Launchy\Launchy.exe
(Comfort Software Group) D:\_easywork\ComfortKeys\CKeys.exe
() D:\_easywork\activeaid\AutoHotkey\AutoHotkey.exe
() D:\_easywork\ComfortKeys\CKeysCm.exe
(Alexander Avdonin) Q:\_easywork\TaskSwitchXP\TaskSwitchXP.exe
() Q:\_easywork\WinSplit Revolution\WinSplit.exe
() Q:\_easywork\WinSplit Revolution\WinSplitDrvr32.exe
() D:\_improve system\RocketDock\RocketDock.exe
(ZabKat) D:\_filemanagement\xplorer² pro\xplorer2_UC.exe
(Bitsum) D:\_improve system\Process Lasso\ProcessGovernor.exe
() R:\_easywork\Everything\Everything.exe
(Ivan Heckman) Q:\_easywork\allsnap150beta\allsnap.exe
(NesterSoft Inc.) D:\_info\TimeLeft3\TimeLeft.exe
(aborange.de - Mathias Gerlach) D:\_improve system\aborange Scheduler\aboScheduler.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
(Emsisoft GmbH) C:\Programme\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Programme\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) R:\Office 2003\OFFICE11\WINWORD.EXE
(Trend Micro Inc.) R:\z_temp\HouseCall\housecall.bin
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(PortableApps.com) R:\GoogleChromePortable 28 final\GoogleChromePortable.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
() E:\_ dropbox _\Dropbox\_ install new\__new\zvbvo2cp.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Google Inc.) R:\GoogleChromePortable 28 final\App\Chrome-bin\chrome.exe
(Kaspersky Lab ZAO) E:\_ dropbox _\Dropbox\_ install new\__new\tdsskiller.exe
(JAM Software) D:\_filemanagement\TreeSize Professional 5.3.1\TreeSize.exe
(Acronis) D:\_backup\Acronis TI 2013\TrueImageHome\TrueImage.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\TrueImageHomeNotify.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\TrueImageHomeService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [amd_dc_opt] - D:\_hardware\AMD Dual Core optimizer 1.1.4\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [nwiz] - C:\Programme\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-06-21] ()
HKLM\...\Run: [itype] - C:\Programme\Microsoft IntelliType Pro\itype.exe [1313640 2000-01-01] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\programme\soluto\soluto.exe /userinit
Winlogon\Notify\AtiExtEvent:
Winlogon\Notify\AutorunsDisabled:
Winlogon\Notify\LBTWlgn: c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\UpdatusUser\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MultiMon Taskbar.lnk
ShortcutTarget: MultiMon Taskbar.lnk -> D:\_improve system\MMTaskbar 3.0\MultiMon.exe ()
Startup: C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Autostart\WindowManager.lnk
ShortcutTarget: WindowManager.lnk -> D:\_improve system\WindowManager\WindowManager.exe (DeskSoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
StartMenuInternet: IEXPLORE.EXE - C:\Programme\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=395049983_134962_1A3A1AE6&ts=1373469190
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {46D457F8-DB4D-4929-8185-D24B6C1A694D} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {46D457F8-DB4D-4929-8185-D24B6C1A694D} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\z_rest\Java 7.25 - 2\bin\ssv.dll (Oracle Corporation)
BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - D:\Programme\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\z_rest\Java 7.25 - 2\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Programme\Nuance Paperport 14\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Handler: AnVirDisabled - No CLSID Value -
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\75mu9wvt.default
FF user.js: detected! => C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\75mu9wvt.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\_pdfs\PDF X-Change Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - D:\_pics\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - D:\z_rest\Java 7.25 - 2\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - D:\_show & listen\VLC Player\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DragonRIAPlugin - C:\Programme\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin: ZEON/PDF,version=2.0 - D:\_pdfs\Nuance PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\_pdfs\PDF X-Change Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] C:\Programme\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Programme\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF StartMenuInternet: FIREFOX.EXE - F:\FirefoxPortable\App\Firefox\firefox.exe

========================== Services (Whitelisted) =================

R3 a2AntiMalware; C:\Programme\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-02] (Emsisoft GmbH)
R2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [813576 2012-08-23] (Acronis)
S3 afcdpsrv; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [3729400 2013-07-29] (Acronis)
S4 AHDDC2; D:\_maintenance\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
S4 AnvirRun; Q:\_system improve\Anvir TaskManager Pro\AnvirRunServ.exe [60600 2012-01-20] (AnVir Software)
R2 ArchiCrypt Ultimate RAM-Disk 3; C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.exe [343656 2012-10-08] (Softwareentwicklung Remus - ArchiCrypt)
S3 BootlogService; D:\_faster\BootLog XP\BootLogService.exe [65248 2009-12-04] (Greatis Software (c))
S4 BootRacerServ; C:\Programme\BootRacer\BootRacerServ.exe [65296 2012-05-31] (Greatis Software, LLC)
S3 BWMeterConSvc; D:\_faster\BWMeter\BWMeterConSvc.exe [62464 2013-07-08] ()
R2 CachemanXPService; D:\_faster\CachemanXP\CachemanXP.exe [316416 2009-05-24] (Outertech)
S4 cFosSpeedS; C:\Programme\cFosSpeed\spd.exe [438112 2013-04-19] (cFos Software GmbH)
S4 DfSdkS; D:\_maintenance\Ashampoo HDD Control 2\DfSdkS.exe [406016 2009-08-24] (mst software GmbH, Germany)
S4 DragonSvc; C:\Programme\Gemeinsame Dateien\Nuance\dgnsvc.exe [311184 2013-02-11] (Nuance Communications, Inc.)
S4 fexservice; D:\_filemanagement\FontExplorer X Pro\FontManagementServices.exe [48952 2013-06-10] (FontExplorer X)
R2 FlashFolder; D:\_improve system\Flashfolder\FlashFolder.exe [71680 2008-03-21] (zett42)
S4 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2013-07-01] (Google Inc.)
S4 HDDlife HDD Access service; C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe [2095368 2013-02-14] (BinarySense, Inc.)
S4 HitmanPro37CrusaderBoot; C:\Programme\HitmanPro\HitmanPro.exe [9171472 2013-06-16] (SurfRight B.V.)
S4 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation)
S4 KSS; C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S4 LBTServ; C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe [293144 2013-06-13] (Logitech, Inc.)
S2 MouseWithoutBordersSvc; C:\Programme\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
S4 nvUpdatusService; C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592 2013-05-16] (NVIDIA Corporation)
S4 O&O CleverCache; D:\_faster\OO CleverCache\ooccag.exe [701768 2009-12-09] (O&O Software GmbH)
S4 OS Selector; D:\_maintenance\Acronis ADD 11\OSS\reinstall_svc.exe [2155848 2010-09-30] ()
S4 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2004-08-05] (Microsoft Corporation)
S4 PDFProFiltSrvPP; D:\Programme\Nuance Paperport 14\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
S4 SDScannerService; D:\_security\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S4 SDUpdateService; D:\_security\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S4 SDWSCService; D:\_security\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S4 Secunia PSI Agent; D:\_security\PSI 2.x\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 SolutoLauncherService; C:\Programme\Soluto\SolutoLauncherService.exe [166976 2013-07-24] (Soluto)
S3 SolutoRemoteService; C:\Programme\Soluto\SolutoRemoteService.exe [1667072 2013-07-24] (GlavSoft LLC.)
S2 SolutoService; C:\Programme\Soluto\SolutoService.exe [798784 2013-07-24] (Soluto)
S4 SpyHunter 4 Service; C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-06-27] (Enigma Software Group USA, LLC.)
S4 ST2012_Svc; C:\Programme\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com)
R2 syncagentsrv; C:\Programme\Gemeinsame Dateien\Acronis\SyncAgent\syncagentsrv.exe [7027752 2012-08-18] (Acronis)
S4 Synergy; D:\_improve system\Synergy\synergyd.exe [318976 2013-04-12] ()
R3 SystemExplorerHelpService; D:\_improve system\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
S4 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4153184 2013-07-08] (TeamViewer GmbH)
S3 UPHClean; D:\_maintenance\UPHClean\uphclean.exe [399872 2010-09-13] (Windows (R) Codename Longhorn DDK provider)
S4 USBSafelyRemoveService; D:\_improve system\USB Safely Remove 5.1.2\USBSRService.exe [1004888 2012-04-28] (Crystal Rich Ltd)
S4 vkservice; D:\_security\VirusKeeper 2011 Pro Probeversion\vk_service.exe [1121664 2009-09-24] (AxBx)
S4 WiseBootAssistant; D:\_tweak\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
S4 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S4 WMZuneComm; D:\_hardware\Zune - Nokia 800\WMZuneComm.exe [268512 2011-08-05] (Microsoft Corporation)
S4 ZuneBusEnum; D:\_hardware\Zune - Nokia 800\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)
S4 ZuneNetworkSvc; D:\_hardware\Zune - Nokia 800\ZuneNss.exe [6363872 2011-08-05] (Microsoft Corporation)
S4 ZuneWlanCfgSvc; D:\_hardware\Zune - Nokia 800\ZuneWlanCfgSvc.exe [444640 2011-08-05] (Microsoft Corporation)
S4 JavaQuickStarterService; "D:\z_rest\Java 7.25 - 2\bin\jqs.exe" -service -config "D:\z_rest\Java 7.25 - 2\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys [54072 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Programme\Emsisoft Anti-Malware\a2dix86.sys [37856 2012-04-30] (Emsisoft GmbH)
R1 a2util; C:\Programme\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
R1 ACMoFlex32RD3; C:\WINDOWS\system32\drivers\ACMoFlex32RD3.sys [21608 2012-10-08] (Softwareentwicklung Remus - ArchiCrypt.com)
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4122368 2000-01-01] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [43008 2005-03-09] (Advanced Micro Devices)
R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [124504 2013-05-19] (SlySoft, Inc.)
S3 ArgusMonitor; C:\Windows\System32\drivers\ArgusMonitor.sys [47936 2013-05-27] (Argotronic UG (haftungsbeschraenkt))
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [25244 2009-08-14] (Adaptec)
R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
S3 BrScnUsb; C:\Windows\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed.sys [1222496 2013-04-19] (cFos Software GmbH)
R3 cleanhlp; C:\Programme\Emsisoft Anti-Malware\cleanhlp32.sys [50208 2013-07-11] (Emsisoft GmbH)
R2 drhard; C:\Windows\System32\Drivers\drhard.sys [23600 2005-12-01] (Licensed for Gebhard Software)
S3 dsnpfd; C:\Windows\System32\DRIVERS\dsnpfd.sys [23040 2013-07-08] (DeskSoft)
R3 dsnpfdMP; C:\Windows\System32\DRIVERS\dsnpfd.sys [23040 2013-07-08] (DeskSoft)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] ()
S3 esgiguard; C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] ()
R0 FancyCcD; C:\Windows\System32\DRIVERS\rxfcd.sys [106176 2012-04-19] (Romex Software)
R0 FancyRd; C:\Windows\System32\DRIVERS\fancyrd.sys [156608 2012-04-19] (Romex Software)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30464 2013-06-16] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [22560 2013-06-26] (REALiX(tm))
S2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [10136 2013-05-23] (Logitech, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37528 2013-05-23] (Logitech, Inc.)
S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2013-04-15] ()
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
S3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2005-04-13] (NVIDIA Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [145952 2008-11-12] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [414464 2005-04-13] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-04-18] (Secunia)
S3 SANDRA; D:\_info\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX32.sys [114296 2013-07-14] (Ray Hinchliffe)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2013-07-24] (Soluto LTD.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2012-06-03] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2013-04-19] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2013-07-07] (Acronis)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [200976 2011-06-21] (Trend Micro Inc.)
R1 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [148992 2011-11-16] (1&1 Mail & Media GmbH)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2013-07-07] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2013-04-19] (Acronis)
R3 vulfnths; C:\Windows\System32\Drivers\vulfnth.sys [6912 2005-01-05] (VIA Technologies, Inc.)
R3 vulfntrs; C:\Windows\System32\Drivers\vulfntr.sys [11264 2005-06-06] (VIA Technologies, Inc.)
R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [299424 2012-03-27] (Marvell)
R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
U4 CiSvc;
S3 cpuz126; \??\R:\z_temp\cpuz.sys [x]
R3 cpuz133; \??\R:\z_temp\cpuz133\cpuz133_x32.sys [x]
R3 cpuz136; \??\R:\z_temp\cpuz136\cpuz136_x32.sys [x]
S4 IntelIde; No ImagePath
U4 Messenger;
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U1 WS2IFSL;
U3 aswMBR; \??\R:\z_temp\aswMBR.sys [x]
U3 kwlyrpoc; \??\R:\z_temp\\kwlyrpoc.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 16:41 - 2013-07-29 16:42 - 00046416 ____C R:\z_temp\log3
2013-07-29 16:41 - 2013-07-29 16:42 - 00043319 ____C R:\z_temp\log1
2013-07-29 16:41 - 2013-07-29 16:41 - 00023042 ____C R:\z_temp\frstlog
2013-07-29 16:41 - 2013-07-29 16:41 - 00000366 ____C R:\z_temp\users00
2013-07-29 16:41 - 2013-07-29 16:41 - 00000003 ____C R:\z_temp\others
2013-07-29 16:41 - 2013-07-29 16:41 - 00000000 ____D C:\FRST
2013-07-29 16:38 - 2013-07-29 16:38 - 00003238 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\aswMBR Scan Ergebnisse.txt
2013-07-29 16:38 - 2013-07-29 16:38 - 00000512 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\MBR.dat
2013-07-29 16:31 - 2013-07-29 16:31 - 00000000 ___RC R:\z_temp\UI03MPQ8~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\Q4AAN7NS~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\P4EPS6DT~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\BRO4JVET~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\BNFT6F6J~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\A1SAVSJV~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\75JAR92I~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\47BE0NRD~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\1A3QJDR8~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\SOB2CO3C~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\Q143P7NK~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\GUM6ML24~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\FTT9G05Q~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:26 - 2013-07-29 16:26 - 00000000 ___RC R:\z_temp\C2J0JK0J~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:25 - 2013-07-29 16:38 - 00000000 ___DC R:\z_temp\_av4_
2013-07-29 16:25 - 2013-07-29 16:25 - 00000000 ___DC R:\z_temp\_avast4_
2013-07-29 15:50 - 2013-07-29 15:51 - 00004612 _____ C:\AdwCleaner[R1].txt
2013-07-29 15:48 - 2013-07-29 15:48 - 00000512 ___CT R:\z_temp\~DF89C2.tmp
2013-07-29 15:37 - 2013-07-29 15:37 - 00073800 __HCT R:\z_temp\etilqs_9CxRsk7EZJv76kv
2013-07-29 15:36 - 2013-07-29 15:36 - 00642283 ___CT R:\z_temp\nsa348.tmp
2013-07-29 15:36 - 2013-07-29 15:36 - 00016400 __HCT R:\z_temp\etilqs_dqD9JIRl5muoJvN
2013-07-29 15:36 - 2013-07-29 15:36 - 00008208 __HCT R:\z_temp\etilqs_hi18D1PMXqa6VlB
2013-07-29 15:36 - 2013-07-29 15:36 - 00000000 ___DC R:\z_temp\nsa34A.tmp
2013-07-29 15:36 - 2013-07-29 15:36 - 00000000 ___DC R:\z_temp\GoogleChromePortable
2013-07-29 15:30 - 2013-07-29 15:30 - 00000970 ____C R:\z_temp\LastScan.txt
2013-07-29 15:28 - 2013-07-29 15:28 - 00016384 ___CT R:\z_temp\~DFC00C.tmp
2013-07-29 15:28 - 2013-07-29 15:28 - 00016384 ___CT R:\z_temp\~DF8A30.tmp
2013-07-29 15:28 - 2013-07-29 15:28 - 00000000 ___DC R:\z_temp\cpuz136
2013-07-29 15:26 - 2013-07-29 15:26 - 00000000 ____D C:\Programme\ESET
2013-07-29 15:25 - 2013-07-29 15:25 - 00004860 ____C R:\z_temp\qs-de-utf16.txt
2013-07-29 15:23 - 2013-07-29 16:42 - 00000000 ___DC R:\z_temp\HouseCall
2013-07-29 15:23 - 2013-07-29 15:24 - 00007881 ____C R:\z_temp\HCLauncher.log
2013-07-29 15:23 - 2013-07-29 15:24 - 00000000 ___DC R:\z_temp\HCBackup
2013-07-29 15:19 - 2013-07-29 15:19 - 00000649 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-07-29 15:19 - 2013-07-29 15:19 - 00000584 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\Avira DE-Cleaner.lnk
2013-07-29 15:19 - 2013-07-29 15:19 - 00000000 ___DC R:\z_temp\decleaner
2013-07-29 15:15 - 2013-07-29 15:29 - 00000000 ___DC R:\z_temp\tmp00003f6e
2013-07-29 15:14 - 2013-07-29 15:14 - 00000512 ___CT R:\z_temp\~DFE77F.tmp
2013-07-29 15:12 - 2013-07-29 16:05 - 00000172 ____C R:\z_temp\hostrules.ini
2013-07-29 15:12 - 2013-07-29 16:05 - 00000164 ____C R:\z_temp\rules.ini
2013-07-29 15:12 - 2013-07-29 16:05 - 00000000 ___DC R:\z_temp\a2temp
2013-07-29 15:11 - 2013-07-29 15:11 - 00000000 ___DC R:\z_temp\tmp00003c13
2013-07-29 15:09 - 2013-07-29 15:09 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_b90.dat
2013-07-29 15:08 - 2013-07-29 15:08 - 00016384 ____C R:\z_temp\~DF9B8D.tmp
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_f3c.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_dd8.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_ad8.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_83c.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ____C R:\z_temp\~DF7530.tmp
2013-07-29 15:07 - 2013-07-29 15:07 - 00000000 ___DC R:\z_temp\WPDNSE
2013-07-29 15:06 - 2013-07-29 15:06 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_380.dat
2013-07-29 15:01 - 2013-07-29 15:01 - 00005632 ___CT (Tarma Software Research Pty Ltd) R:\z_temp\_TinDel.exe
2013-07-29 14:46 - 2013-07-29 14:46 - 00000000 ___DC R:\z_temp\jrt
2013-07-29 14:37 - 2013-07-29 14:37 - 00000000 ___RC R:\z_temp\OK2OMASH~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:37 - 2013-07-29 14:37 - 00000000 ___RC R:\z_temp\2M2U3AOK~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:30 - 2013-07-29 14:30 - 00000000 ___RC R:\z_temp\B94K03DJ~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:28 - 2013-07-29 14:30 - 02469066 ___CT R:\z_temp\QVIRDOTD~DemonData.swapFile.dat~
2013-07-29 14:28 - 2013-07-29 14:30 - 00000644 ___CT R:\z_temp\FMM0ADKP~DemonData.swapFile.dat~
2013-07-29 14:28 - 2013-07-29 14:28 - 00000000 ___RC R:\z_temp\QVIRDOTD~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:17 - 2013-07-29 14:17 - 00001770 ____C R:\z_temp\Rar$LS0.973
2013-07-29 13:45 - 2013-07-29 13:45 - 00000000 ___DC R:\z_temp\AcronisUpdates
2013-07-29 13:42 - 2013-07-29 13:42 - 00000000 ___DC R:\z_temp\Acronis
2013-07-29 13:42 - 2013-07-29 13:42 - 00000000 ___DC R:\z_temp\3D81E9D3-086F-414D-85B0-8BF84D647042
2013-07-29 13:42 - 2013-07-29 13:42 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\2F2FCA96-760A-439F-B89D-CDC8D40CA90C
2013-07-29 13:42 - 2013-07-07 01:46 - 00689672 ____C (Acronis) R:\z_temp\284FA982-B8E0-44DF-9F05-0C11815B9A64
2013-07-29 13:42 - 2013-07-07 01:46 - 00139336 ____C (Acronis) R:\z_temp\827824D0-7A8B-4E09-B55A-885840080A00
2013-07-29 13:42 - 2013-04-19 01:12 - 00192904 ____C (Acronis) R:\z_temp\5DAD7C65-C7B2-4ECC-A72E-6BCEF63A6B0D
2013-07-29 13:42 - 2013-04-19 01:12 - 00099720 ____C (Acronis) R:\z_temp\FD6AC45C-56FB-4CA3-A06C-B65692C123D5
2013-07-29 13:42 - 2013-04-19 01:12 - 00093928 ____C (Acronis) R:\z_temp\697C7BE5-62BB-460D-84FA-01B7074B8DF8
2013-07-29 13:41 - 2013-07-29 13:45 - 00000481 ____C R:\z_temp\installerui-163448EE-6E1C-4D40-BFCC-D3EBD89DA93E.log
2013-07-29 13:41 - 2013-07-29 13:41 - 00000000 ___DC R:\z_temp\06FF2D8C-1B97-4FCF-B244-1E87AC858D62
2013-07-29 13:40 - 2013-07-29 13:46 - 00000000 ___DC R:\z_temp\2A46EF9B-1773-4EC4-BC99-292BD4249341
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\SHM3VO78~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\S29GQ3JH~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\PN1H1VGA~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\G1K6O1V5~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\E3SLBGER~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\AANE815L~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:29 - 2013-07-29 13:29 - 00093441 ____C R:\z_temp\{A452BE11-CE60-4A02-B0C3-D2C51771A8A0}-30.0.1580.0_chrome_installer.exe
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\NG66PQSM~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\JGVJH7IA~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\AHIG0QGE~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\49M5MJ3F~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\3U5VSFO9~DemonData.swapFile.dat~.itzamlock
2013-07-29 12:41 - 2013-07-29 12:41 - 00000251 _____ C:\voxFcoldrv.log
2013-07-29 12:39 - 2013-07-29 15:46 - 00000000 ___DC R:\z_temp\msohtml1
2013-07-29 12:39 - 2013-07-29 12:39 - 00000000 ___DC R:\z_temp\msohtml
2013-07-29 12:31 - 2013-07-29 12:31 - 00000000 ___DC R:\z_temp\comtypes_cache
2013-07-29 12:30 - 2013-07-29 12:30 - 00000000 ___DC R:\z_temp\VBE
2013-07-29 12:28 - 2013-07-29 12:28 - 03876956 ____C R:\z_temp\MSI2622d.LOG
2013-07-29 12:28 - 2013-07-29 12:28 - 03876956 ____C R:\z_temp\MSI2622c.LOG
2013-07-29 12:27 - 2013-07-29 12:28 - 03909408 ____C R:\z_temp\MSI2622b.LOG
2013-07-29 12:23 - 2013-07-29 15:06 - 00000483 ____C R:\z_temp\WGAErrLog.txt
2013-07-29 12:04 - 2013-07-29 12:04 - 00042080 ____C (Somoto Ltd.) R:\z_temp\bi_cleaner.exe
2013-07-29 12:04 - 2013-07-29 12:04 - 00028452 ____C R:\z_temp\MSIfc944.LOG
2013-07-29 12:00 - 2013-07-29 12:00 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_64c.dat
2013-07-29 11:53 - 2013-07-29 11:53 - 00000645 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\ev.lnk
2013-07-29 11:52 - 2013-07-29 11:52 - 00000000 ___DC R:\z_temp\CRX_75DAF8CB7768
2013-07-29 11:46 - 2013-07-29 11:46 - 00642283 ___CT R:\z_temp\nstF.tmp
2013-07-29 11:46 - 2013-07-29 11:46 - 00049200 __HCT R:\z_temp\etilqs_YGtswQEme6GwC7I
2013-07-29 11:46 - 2013-07-29 11:46 - 00016400 __HCT R:\z_temp\etilqs_hRX3p5LDEplCwmC
2013-07-29 11:46 - 2013-07-29 11:46 - 00002052 __HCT R:\z_temp\etilqs_TqgAXa6KUlWfG84
2013-07-29 11:34 - 2013-07-29 11:34 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_620.dat
2013-07-29 11:31 - 2013-07-29 11:31 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_920.dat
2013-07-29 11:19 - 2013-07-29 11:19 - 44467068 _____ C:\WINDOWS\MEMORY.zip
2013-07-29 11:13 - 2013-07-29 11:13 - 00065536 _____ C:\WINDOWS\Minidump\Mini072913-01.dmp
2013-07-29 11:12 - 2013-07-29 11:13 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-28 23:03 - 2013-07-28 23:13 - 00000510 __RSH C:\Dokumente und Einstellungen\Elmar-Admin\ntuser.pol
2013-07-28 20:26 - 2013-07-29 11:12 - 164388864 _____ C:\WINDOWS\MEMORY.DMP
2013-07-28 19:53 - 2013-07-28 19:53 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\HD Tune Pro
2013-07-28 18:26 - 2013-07-28 18:29 - 00002919 _____ C:\WINDOWS\KB2686509.log
2013-07-28 18:26 - 2013-07-28 18:29 - 00000094 _____ C:\WINDOWS\faultykeyboard.log
2013-07-28 18:02 - 2005-06-06 17:51 - 00011264 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\vulfntr.sys
2013-07-28 18:02 - 2005-01-05 18:02 - 00006912 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\vulfnth.sys
2013-07-28 17:32 - 2013-07-28 17:32 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\tor
2013-07-28 17:13 - 2013-07-28 17:13 - 00000000 ____D C:\Programme\Tor
2013-07-28 17:08 - 2013-07-28 17:08 - 00000673 _____ C:\Dokumente und Einstellungen\All Users\Desktop\RadarSync PC Updater.lnk
2013-07-28 17:08 - 2013-07-28 17:08 - 00000000 ____D C:\Programme\RadarSync
2013-07-28 17:08 - 2013-07-28 17:08 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\RadarSync
2013-07-28 16:18 - 2008-07-29 12:33 - 00446464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvunrm.exe
2013-07-28 16:18 - 2008-07-29 12:30 - 00006045 _____ C:\WINDOWS\system32\nvnrm.nvu
2013-07-28 16:18 - 2008-07-08 00:45 - 00004984 _____ C:\WINDOWS\system32\Drivers\nvphy.bin
2013-07-28 12:41 - 2013-07-29 13:42 - 00792576 _____ C:\WINDOWS\setupapi.log
2013-07-28 12:18 - 2013-07-28 12:18 - 00000000 ____D C:\VITSOFT
2013-07-28 03:49 - 2013-07-28 03:49 - 00940794 _____ C:\WINDOWS\system32\LoopyMusic.wav
2013-07-28 03:49 - 2013-07-28 03:49 - 00146650 _____ C:\WINDOWS\system32\BuzzingBee.wav
2013-07-28 03:49 - 2013-07-28 03:49 - 00060416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.VER
2013-07-28 03:49 - 2013-07-28 03:49 - 00060416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.EXE
2013-07-28 03:49 - 2013-07-28 03:49 - 00000000 ____D C:\WINDOWS\system32\Lang
2013-07-28 03:44 - 2003-10-03 16:28 - 00045056 _____ C:\WINDOWS\system32\vusetup.dll
2013-07-28 03:37 - 2013-07-28 03:37 - 00000000 ____D C:\Programme\Realtek AC97
2013-07-28 03:24 - 2013-07-28 03:24 - 00000000 ____D C:\Programme\Microsoft Garage
2013-07-28 03:22 - 2013-07-28 03:22 - 00000000 ____D C:\Programme\Soluto
2013-07-28 03:20 - 2013-07-28 03:20 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Everything
2013-07-28 02:56 - 2013-07-28 03:46 - 186187776 _____ C:\LogFile.Etl
2013-07-28 02:40 - 2010-03-03 16:36 - 00600680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE
2013-07-28 01:29 - 2013-07-28 21:38 - 00103824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-28 00:28 - 2006-06-29 13:07 - 00014048 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg2.dll
2013-07-28 00:08 - 2013-07-28 00:08 - 00000565 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130728.dsv
2013-07-27 23:52 - 2013-07-27 23:52 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\NVIDIA
2013-07-27 22:44 - 2013-07-27 22:44 - 00000000 ____D C:\Programme\AGEIA Technologies
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Programme\Logitech
2013-07-27 22:20 - 2013-06-21 14:02 - 20197376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglnt.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 17551360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 10973504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nv4_mini.sys
2013-07-27 22:20 - 2013-06-21 14:02 - 07663616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 06320128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 04014592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv4_disp.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 02783008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 02548736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 02002720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 01024288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3232049.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 00893728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3232049.dll
2013-07-27 22:20 - 2013-06-21 14:02 - 00017134 _____ C:\WINDOWS\system32\nvinfo.pb
2013-07-27 22:20 - 2013-06-21 11:56 - 00335872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrshe.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00335872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsar.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00286720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsfr.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00282624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsit.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00282624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrses.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00282624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsel.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsde.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00274432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrspt.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00274432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsnl.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00274432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsja.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00274432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsesm.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00270336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsru.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00270336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsptb.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00266240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsko.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00262144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrshu.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00258048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrstr.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00258048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrssl.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00258048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrssk.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00258048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrspl.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00253952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsth.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00253952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrssv.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00253952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsno.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00253952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsda.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00249856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrsfi.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00249856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrseng.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00249856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrscs.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00229376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrszhc.dll
2013-07-27 22:20 - 2013-06-21 11:56 - 00126976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvrszht.dll
2013-07-27 22:20 - 2013-06-21 11:54 - 15677728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2013-07-27 22:20 - 2013-06-21 11:54 - 00223008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2013-07-27 22:20 - 2013-06-21 11:54 - 00156960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
2013-07-27 22:20 - 2013-06-21 11:54 - 00144160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcolor.exe
2013-07-27 22:20 - 2013-06-21 11:54 - 00054272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwddi.dll
2013-07-27 22:20 - 2013-02-25 07:27 - 00128672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda32.sys
2013-07-27 22:20 - 2013-02-25 07:27 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap32.dll
2013-07-27 22:20 - 2013-01-29 10:35 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco3220103.dll
2013-07-27 22:19 - 2013-07-28 16:53 - 00000000 ____D C:\Programme\NVIDIA Corporation
2013-07-27 22:15 - 2013-07-27 22:42 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2013-07-27 22:02 - 2013-07-27 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\DriverEasy
2013-07-27 21:48 - 2013-07-27 21:48 - 00000000 ____D C:\Programme\1-click run
2013-07-27 20:14 - 2013-07-27 20:14 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\VITSOFT
2013-07-27 19:41 - 2013-07-27 19:41 - 00000000 ____D C:\Programme\MSBuild
2013-07-27 19:12 - 2000-01-01 02:00 - 00147456 _____ () C:\WINDOWS\system32\RtlCPAPI.dll
2013-07-27 17:46 - 2013-07-29 16:07 - 00008456 _____ C:\WINDOWS\system32\nvAppTimestamps
2013-07-27 17:42 - 2013-07-27 22:20 - 00000190 ___SH C:\Dokumente und Einstellungen\UpdatusUser\ntuser.ini
2013-07-27 17:42 - 2013-07-08 19:27 - 00000000 __SHD C:\Dokumente und Einstellungen\UpdatusUser\IETldCache
2013-07-27 17:42 - 2013-04-19 01:58 - 00000000 ___RD C:\Dokumente und Einstellungen\UpdatusUser\Startmenü
2013-07-27 17:42 - 2013-04-19 01:58 - 00000000 ___HD C:\Dokumente und Einstellungen\UpdatusUser\Netzwerkumgebung
2013-07-27 17:42 - 2013-04-19 01:58 - 00000000 ___HD C:\Dokumente und Einstellungen\UpdatusUser\Druckumgebung
2013-07-27 16:55 - 2013-07-27 16:55 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\C6B73907-D4E8-4912-BC6D-FDD054C6F0E2
2013-07-27 13:10 - 2013-07-27 13:10 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\FSB 215 - 291.nbr
2013-07-26 23:25 - 2013-07-26 23:25 - 00001113 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130726[1].dsv
2013-07-26 23:00 - 2013-07-26 23:00 - 00000603 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Arora.lnk
2013-07-26 22:46 - 2013-07-26 22:46 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\AnyDVDHD
2013-07-26 19:33 - 2012-04-19 19:26 - 00106176 _____ (Romex Software) C:\WINDOWS\system32\Drivers\rxfcd.sys
2013-07-26 14:24 - 2013-07-26 14:24 - 00001289 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130726.dsv
2013-07-26 14:06 - 2007-06-29 14:47 - 00034304 _____ (AMD, Inc.) C:\WINDOWS\system32\Drivers\AmdLLD.sys
2013-07-25 19:25 - 2007-04-09 13:23 - 00028040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdimon.dll
2013-07-25 19:07 - 2013-07-25 19:35 - 00131072 _____ C:\Dokumente und Einstellungen\Elmar-Admin\fbchathistory.dat
2013-07-25 14:48 - 2013-07-25 14:48 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Greenshot
2013-07-24 18:39 - 2013-07-24 18:39 - 00000000 ____D C:\Programme\Kaspersky Lab
2013-07-24 18:39 - 2013-07-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Kaspersky Security Scan
2013-07-24 10:23 - 2013-07-24 10:23 - 00000000 ___HD C:\BJPrinter
2013-07-24 01:24 - 2013-07-28 00:46 - 00002447 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\cy.lnk
2013-07-23 10:41 - 2013-07-29 00:19 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\.VirtualBox
2013-07-23 09:56 - 2013-07-27 22:42 - 01148048 _____ C:\WINDOWS\setupapi.log.0.old
2013-07-23 01:29 - 2013-07-23 01:29 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\GlarySoft
2013-07-23 01:21 - 2013-07-23 01:21 - 00000318 _____ C:\WINDOWS\Tasks\GlaryInitialize 3.job
2013-07-22 13:32 - 2013-07-22 13:33 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-07-22 12:02 - 2013-07-22 12:02 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\110% - 298.nbr
2013-07-21 14:24 - 2013-07-22 11:31 - 00065536 _____ C:\WINDOWS\system32\config\iolo App.evt
2013-07-21 14:24 - 2013-07-21 14:24 - 00074703 _____ C:\WINDOWS\system32\mfc45.dat
2013-07-21 14:24 - 2013-07-21 14:24 - 00000000 ____D C:\Programme\iolo
2013-07-20 17:05 - 2013-07-20 17:05 - 00000529 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\fp.lnk
2013-07-19 21:11 - 2013-07-19 21:11 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\285- 108% - all running.nbr
2013-07-19 21:06 - 2013-07-19 21:09 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\271 - 108% - nothing running.nbr
2013-07-19 20:59 - 2013-07-19 20:59 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\295 - 108% - nothing running.nbr
2013-07-19 20:57 - 2013-07-19 20:57 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\291 - 108% - nothing running.nbr
2013-07-19 20:54 - 2013-07-19 20:54 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\285 - 206 MHz - nothing running.nbr
2013-07-19 14:43 - 2013-07-19 14:43 - 00000000 ____D C:\Programme\Gemeinsame Dateien\RBSoft
2013-07-19 00:38 - 2013-07-19 00:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-07-19 00:38 - 2013-07-19 00:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_user_01_09_00.Wdf
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\zh-TW
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\zh-CN
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\sv-SE
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ru-RU
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\pt-PT
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\pt-BR
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\pl-PL
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\nl-NL
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\nb-NO
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ms-MY
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ko-KR
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ja-JP
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\it-IT
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\hu-HU
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\fr-FR
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\fi-FI
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\el-GR
2013-07-19 00:33 - 2013-07-19 00:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_zumbus_01009.Wdf
2013-07-18 23:59 - 2013-07-18 23:59 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\PC Suite
2013-07-18 23:57 - 2013-07-18 23:57 - 00000000 ____D C:\Programme\DIFX
2013-07-18 23:56 - 2013-01-23 10:31 - 00075264 _____ (Nokia) C:\WINDOWS\system32\nmwcdcls.dll
2013-07-18 19:24 - 2013-07-18 19:24 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\TrojanHunter
2013-07-18 19:17 - 2013-07-18 19:17 - 00059392 ____R C:\WINDOWS\system32\streamhlp.dll
2013-07-18 12:19 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2013-07-18 12:19 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMAPI32.OCX
2013-07-18 12:19 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPIDE.DLL
2013-07-18 12:19 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6DE.DLL
2013-07-18 12:19 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCMCDE.DLL
2013-07-18 12:19 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCC2DE.DLL
2013-07-17 16:45 - 2013-07-23 10:37 - 00000000 ____D C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\ad
2013-07-17 16:42 - 2013-07-20 17:24 - 00000190 ___SH C:\Dokumente und Einstellungen\Dragnon NeuerUser\ntuser.ini
2013-07-17 16:42 - 2013-07-08 19:27 - 00000000 __SHD C:\Dokumente und Einstellungen\Dragnon NeuerUser\IETldCache
2013-07-17 16:42 - 2013-04-19 01:58 - 00000000 ___RD C:\Dokumente und Einstellungen\Dragnon NeuerUser\Startmenü
2013-07-17 16:42 - 2013-04-19 01:58 - 00000000 ___HD C:\Dokumente und Einstellungen\Dragnon NeuerUser\Netzwerkumgebung
2013-07-17 16:42 - 2013-04-19 01:58 - 00000000 ___HD C:\Dokumente und Einstellungen\Dragnon NeuerUser\Druckumgebung
2013-07-17 16:42 - 2008-04-14 08:52 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2013-07-17 15:41 - 2013-07-17 15:41 - 00000188 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\5300-2.lnk
2013-07-17 15:41 - 2013-07-17 15:41 - 00000188 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\60er.lnk
2013-07-17 15:09 - 2013-07-17 15:09 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-16 19:47 - 2013-07-28 21:07 - 00000000 ____D C:\Programme\Microsoft IntelliType Pro
2013-07-16 19:07 - 2013-07-16 19:07 - 00000174 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Drucker hinzufügen.lnk
2013-07-16 14:17 - 2013-07-28 21:20 - 00000000 ___DC C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\MouseWithoutBorders
2013-07-16 13:35 - 2013-07-16 13:35 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\IGC
2013-07-16 13:35 - 2013-07-16 13:35 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\IGC
2013-07-16 13:35 - 2003-05-28 13:19 - 00245408 _____ (Microsoft Corporation) C:\WINDOWS\system32\unicows.dll
2013-07-16 11:24 - 2013-07-16 11:24 - 00001819 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\SyncSettings - R -- E-Dropbox - Backup - Q.ffs_batch
2013-07-16 11:24 - 2013-07-16 11:24 - 00001791 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\SyncSettings - R -- E-Dropbox - Backup - Q.ffs_gui
2013-07-16 10:24 - 2013-07-16 10:24 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\300 - 108% - nicht NOS.nbr
2013-07-16 02:00 - 2013-07-16 02:00 - 00000589 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\NovaBench.lnk
2013-07-16 01:58 - 2013-07-16 01:58 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\299 - 108% - nicht NOS.nbr
2013-07-16 01:38 - 2013-07-16 01:38 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\298 - 108%.nbr
2013-07-16 01:35 - 2013-07-16 01:35 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\293 - 105%.nbr
2013-07-16 01:33 - 2013-07-16 01:33 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\288 - 103%.nbr
2013-07-16 01:31 - 2013-07-16 01:31 - 00001445 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Ai Booster v2.00.68.lnk
2013-07-16 01:29 - 2013-07-16 01:29 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\287 - 100%.nbr
2013-07-16 00:57 - 2008-01-04 13:34 - 00011832 _____ C:\WINDOWS\system32\Drivers\AsInsHelp64.sys
2013-07-16 00:57 - 2008-01-04 13:34 - 00010216 _____ C:\WINDOWS\system32\Drivers\AsInsHelp32.sys
2013-07-16 00:54 - 2013-07-28 14:12 - 00000000 _____ C:\WINDOWS\AS_Debug.txt
2013-07-16 00:53 - 2008-04-09 17:16 - 01052672 _____ (ASUSTeK) C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\cnq.exe
2013-07-16 00:53 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42d.dll
2013-07-16 00:53 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVCRTD.DLL
2013-07-16 00:51 - 2005-03-09 15:53 - 00043008 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AmdK8.sys
2013-07-16 00:32 - 2013-07-16 00:32 - 00001561 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\AI Suite v1.03.15.lnk
2013-07-16 00:31 - 2013-07-16 00:31 - 00000946 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\13.0x (X) 1.375V.lnk
2013-07-16 00:30 - 2013-07-16 00:30 - 00000938 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\12.5x (X).lnk
2013-07-15 23:45 - 2013-07-14 08:16 - 00114296 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX32.sys
2013-07-15 15:02 - 2013-07-15 15:02 - 00000887 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\process explorer.lnk
2013-07-15 14:43 - 2013-07-15 14:43 - 00000540 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\wscc.lnk
2013-07-15 13:05 - 2013-07-28 02:31 - 00000000 ____D C:\Programme\Kyocera
2013-07-15 12:17 - 2012-03-29 07:25 - 00070144 _____ (KYOCERA Document Solutions Inc.) C:\WINDOWS\system32\KMPJLMN.DLL
2013-07-15 12:17 - 2008-05-15 12:58 - 00046877 _____ (KYOCERA MITA) C:\WINDOWS\system32\KM-PMKN.DLL
2013-07-15 01:22 - 2013-07-15 01:22 - 00000855 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130715.dsv
2013-07-15 00:24 - 2013-07-15 00:24 - 00001710 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\ad.lnk
2013-07-15 00:24 - 2013-07-15 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\7stacks
2013-07-14 14:29 - 2004-11-19 21:17 - 00054272 ____N (Brother Industries,Ltd.) C:\WINDOWS\system32\brinsstr.dll
2013-07-14 14:29 - 2004-11-18 15:32 - 00052224 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrNetSti.dll
2013-07-14 14:29 - 2004-11-16 16:51 - 00034816 _____ (Brother Industries,Ltd.) C:\WINDOWS\system32\BrWiaNCp.dll
2013-07-14 14:29 - 2004-11-12 11:28 - 00031744 _____ (Brother Industries,Ltd) C:\WINDOWS\system32\Brnsplg.dll
2013-07-14 14:29 - 2004-11-09 12:52 - 00163840 _____ (brother) C:\WINDOWS\system32\NSSearch.dll
2013-07-14 14:29 - 2003-12-11 09:32 - 00147456 _____ (Brother Industries,Ltd.) C:\WINDOWS\brunin03.dll
2013-07-14 14:29 - 2002-11-26 13:43 - 00106496 _____ C:\WINDOWS\system32\BrMuSNMP.dll
2013-07-13 22:04 - 2013-07-16 16:16 - 00000649 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-07-13 22:04 - 2013-07-16 16:16 - 00000584 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Avira DE-Cleaner.lnk
2013-07-13 21:03 - 2013-07-13 21:03 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Help
2013-07-13 19:02 - 2013-07-13 19:02 - 00087704 _____ C:\WINDOWS\cadkasdeinst01.exe
2013-07-13 19:02 - 2013-07-13 19:02 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Mein Schriftarten 1.0
2013-07-13 14:17 - 2013-07-15 12:15 - 00000432 _____ C:\WINDOWS\BRWMARK.INI
2013-07-13 14:17 - 2013-07-14 14:31 - 00000065 _____ C:\WINDOWS\system32\BD7010.DAT
2013-07-13 14:17 - 2013-07-13 14:17 - 00000000 ___RD C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Brother
2013-07-13 14:15 - 2004-11-02 14:19 - 00120832 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrWia04b.dll
2013-07-13 14:15 - 2004-10-15 05:50 - 00015295 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2013-07-13 14:15 - 2004-09-21 06:11 - 00037888 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrUSi04b.dll
2013-07-13 03:09 - 2013-07-13 03:10 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\.tfo4
2013-07-13 03:09 - 2013-07-13 03:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\4.0
2013-07-13 02:56 - 2013-07-13 02:56 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\STRATO
2013-07-13 02:44 - 2013-07-29 14:07 - 00000634 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\cp.lnk
2013-07-13 02:44 - 2013-07-13 02:44 - 00000634 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\cp.lnk
2013-07-12 20:13 - 2013-07-12 20:13 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\MeineBackups
2013-07-12 16:31 - 2013-07-13 18:20 - 00000739 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\aS.lnk
2013-07-12 16:31 - 2013-07-13 18:20 - 00000739 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\aborange Scheduler.lnk
2013-07-12 15:15 - 2013-05-21 13:52 - 00001079 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\9 - Dropbox.lnk
2013-07-12 11:20 - 2001-08-17 13:00 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msmpu401.sys
2013-07-12 03:32 - 2007-03-05 11:51 - 00360580 _____ (eSellerate Inc.) C:\WINDOWS\eSellerateEngine.dll
2013-07-12 03:07 - 2013-07-29 15:07 - 00621677 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-12 03:00 - 2013-07-12 03:00 - 00000830 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\x2.lnk
2013-07-12 03:00 - 2013-07-12 03:00 - 00000830 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\x2.lnk
2013-07-12 02:49 - 2013-07-12 02:49 - 00000823 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\PandaCloudAntivirus22.lnk
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\aborange Scheduler
2013-07-11 20:34 - 2013-07-16 00:57 - 00000000 ____D C:\Programme\ASUS
2013-07-11 20:34 - 2007-12-17 17:14 - 00012400 _____ C:\WINDOWS\system32\Drivers\AsIO.sys
2013-07-11 20:34 - 2006-01-10 16:50 - 00024576 _____ () C:\WINDOWS\system32\AsIO.dll
2013-07-11 20:19 - 2013-07-15 10:41 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\WinRAR
2013-07-11 19:10 - 2013-07-29 16:17 - 00000000 ____D C:\Programme\Emsisoft Anti-Malware
2013-07-11 19:10 - 2013-07-11 19:10 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Anti-Malware
2013-07-11 16:23 - 2013-07-11 16:24 - 00000000 ____D C:\Programme\Spyware Terminator
2013-07-11 16:23 - 2013-07-11 16:23 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Spyware Terminator
2013-07-11 16:23 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2013-07-11 15:34 - 2013-07-11 15:36 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\ShutdownAddin
2013-07-11 15:34 - 2013-07-11 15:34 - 00000000 ____D C:\Programme\Gemeinsame Dateien\OutlookShutdown
2013-07-11 12:33 - 2013-07-11 12:33 - 00000224 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\4950.lnk
2013-07-11 12:33 - 2013-07-11 12:33 - 00000224 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\10er.lnk
2013-07-11 12:32 - 2013-06-04 09:22 - 00563712 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qedit.dll
2013-07-10 21:06 - 2013-07-10 21:06 - 00000000 ____D C:\Programme\Enigma Software Group
2013-07-10 20:59 - 2013-07-10 20:59 - 00000495 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Temps löschen.bat
2013-07-10 10:28 - 2013-07-10 10:28 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\aborange
2013-07-09 23:26 - 2013-07-09 23:27 - 00000000 ___DC C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\neuer LD
2013-07-09 17:53 - 2013-07-09 17:55 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\MagraSoft
2013-07-09 17:09 - 2013-07-09 17:09 - 00004165 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Weiland CD Zusammenstellung 2.dxp
2013-07-09 11:15 - 2013-07-09 11:15 - 00000254 _____ C:\WINDOWS\UPGRADE.TXT
2013-07-09 11:15 - 2013-07-09 11:15 - 00000000 ____D C:\WINDOWS\setupupd
2013-07-09 11:15 - 2013-07-09 11:15 - 00000000 ____D C:\WINDOWS\setup.pss
2013-07-09 11:15 - 2013-07-09 11:07 - 00000492 _____ C:\BOOT.BAK
2013-07-09 11:15 - 2008-04-14 01:02 - 00262464 __RSH C:\cmldr
2013-07-08 22:13 - 2013-07-27 10:22 - 00000000 ____D C:\WINDOWS\Acronis
2013-07-08 22:13 - 2013-07-19 20:27 - 00000148 _____ C:\WINDOWS\system32\autopart.opt
2013-07-08 20:35 - 2013-07-08 22:52 - 00065536 _____ C:\WINDOWS\system32\config\bootracer.evt
2013-07-08 20:22 - 2013-07-08 20:22 - 00000973 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\C&D.lnk
2013-07-08 20:15 - 2013-07-08 20:15 - 00065536 _____ C:\WINDOWS\system32\config\Bootrace.evt
2013-07-08 20:15 - 2013-07-08 20:15 - 00000000 ____D C:\Programme\BootRacer
2013-07-08 20:12 - 2013-07-09 17:37 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\DeskSoft
2013-07-08 20:12 - 2013-07-08 20:13 - 00023040 _____ (DeskSoft) C:\WINDOWS\system32\Drivers\dsnpfd.sys
2013-07-08 20:09 - 2013-07-08 20:10 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Expert PDF Reader
2013-07-08 20:06 - 2013-07-08 20:08 - 00082008 _____ C:\WINDOWS\CFSETUP.TXT
2013-07-08 19:27 - 2013-07-08 19:27 - 00000000 __SHD C:\Dokumente und Einstellungen\Default User\IETldCache
2013-07-08 19:18 - 2000-01-01 02:00 - 00049152 _____ C:\WINDOWS\system32\ChCfg.exe
2013-07-08 19:17 - 2000-01-01 02:00 - 00315392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\alcupd.exe
2013-07-08 18:37 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2013-07-08 16:18 - 2013-07-08 16:18 - 00000398 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\boot.lnk
2013-07-08 14:42 - 2013-07-08 14:42 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService\PrivacIE
2013-07-08 14:33 - 2013-06-14 22:02 - 13709312 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Sandra.mdb
2013-07-08 14:32 - 2005-12-01 14:38 - 00020651 _____ C:\WINDOWS\system32\Drivers\DRHARD.VXD
2013-07-08 14:32 - 2005-12-01 10:49 - 00023600 _____ (Licensed for Gebhard Software) C:\WINDOWS\system32\Drivers\drhard.sys
2013-07-08 14:16 - 2013-07-08 14:16 - 00000023 _____ C:\WINDOWS\system32\CleanGenius3Free.dll
2013-07-08 13:43 - 2013-07-08 13:43 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService\PrivacIE
2013-07-08 12:59 - 2013-07-08 13:00 - 00000026 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Clearup RAM.vbs
2013-07-08 12:56 - 2013-07-08 12:56 - 00001642 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\ContentIndex original.reg
2013-07-08 00:08 - 2013-07-11 16:26 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_faster
2013-07-07 21:23 - 2013-07-07 21:23 - 00000000 ____D C:\Programme\TweakRAM
2013-07-07 21:21 - 2013-07-07 21:21 - 00000000 ____D C:\Programme\RAM Defrag
2013-07-07 21:21 - 2006-06-04 18:33 - 00081920 _____ C:\WINDOWS\system32\GkSui20.EXE
2013-07-07 13:24 - 2013-07-07 13:24 - 00000645 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Launchy.lnk
2013-07-07 12:38 - 2013-07-07 12:38 - 00000931 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\DP.lnk
2013-07-07 12:38 - 2013-07-07 12:38 - 00000931 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\DP.lnk
2013-07-07 12:34 - 2013-07-08 20:41 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_easywork
2013-07-07 12:34 - 2013-07-07 12:34 - 00000000 ____D C:\Programme\Launchy
2013-07-07 10:44 - 2013-07-07 10:44 - 00000662 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\od.lnk
2013-07-07 10:44 - 2013-07-07 10:44 - 00000662 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\ObjectDock.lnk
2013-07-07 10:22 - 2013-07-07 10:25 - 00000000 ____D C:\Programme\ObjectDockFree
2013-07-07 03:28 - 2013-07-07 03:28 - 00000000 ____D C:\Programme\Sinvise Systems
2013-07-07 03:28 - 2013-07-07 03:28 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Sinvise Systems
2013-07-07 02:18 - 2013-07-24 09:53 - 00051144 _____ (Soluto LTD.) C:\WINDOWS\system32\Drivers\Soluto.sys
2013-07-07 02:14 - 2013-07-07 02:14 - 00000822 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130707.dsv
2013-07-07 01:46 - 2013-07-07 01:46 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\350F4898-238C-459E-9E95-A334F8063E77
2013-07-07 01:40 - 2013-07-07 11:13 - 00010240 _____ C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.ini
2013-07-07 01:37 - 2012-10-08 12:04 - 00343656 _____ (Softwareentwicklung Remus - ArchiCrypt) C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.exe
2013-07-07 01:37 - 2012-10-08 12:04 - 00147048 _____ (Softwareentwicklung Remus - ArchiCrypt.com) C:\WINDOWS\system32\ACMFEngine32RD3.dll
2013-07-07 01:37 - 2012-10-08 12:04 - 00021608 _____ (Softwareentwicklung Remus - ArchiCrypt.com) C:\WINDOWS\system32\Drivers\ACMoFlex32RD3.sys
2013-07-07 01:22 - 2013-07-28 04:19 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-07-07 01:20 - 2013-07-28 20:55 - 00000000 ____D C:\Programme\Microsoft Bootvis
2013-07-07 01:15 - 2013-07-07 01:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Application Data\Soluto
2013-07-07 00:09 - 2008-05-07 12:12 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2013-07-07 00:02 - 2012-04-19 17:42 - 00156608 _____ (Romex Software) C:\WINDOWS\system32\Drivers\fancyrd.sys
2013-07-06 23:30 - 2013-07-08 21:34 - 00000436 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\kill unnecessary tasks.lnk
2013-07-06 23:30 - 2013-07-08 21:34 - 00000436 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\kill unnecessary tasks.lnk
2013-07-06 23:29 - 2013-07-29 15:06 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-07-06 23:29 - 2013-07-29 15:06 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-07-06 23:29 - 2013-07-29 15:05 - 00032320 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-06 23:29 - 2013-07-06 23:29 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-07-06 00:27 - 2013-07-06 00:27 - 00000000 ____D C:\Programme\Lame For Audacity
2013-07-05 22:46 - 2013-07-06 00:49 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Audacity
2013-07-05 22:18 - 2013-07-05 22:18 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\AMPSoft
2013-07-05 18:23 - 2013-07-29 15:04 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Everything
2013-07-05 16:00 - 2013-07-05 16:01 - 01451238 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Windows Systeminformationen 050713 - 1600.nfo
2013-07-05 12:16 - 2013-07-05 16:17 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Nuance
2013-07-05 12:16 - 2013-07-05 12:16 - 00000000 ____D C:\Programme\Gemeinsame Dateien\IVA
2013-07-05 09:33 - 2013-07-12 09:59 - 00002321 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\W.lnk
2013-07-05 09:33 - 2013-07-05 09:33 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office
2013-07-04 23:02 - 2013-07-04 23:02 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Typograf
2013-07-04 20:08 - 2013-07-04 20:08 - 00000224 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\5300.lnk
2013-07-04 20:08 - 2013-07-04 20:08 - 00000224 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\50er.lnk
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\WINDOWS\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys
2013-07-04 13:16 - 2013-07-04 13:16 - 00002721 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Weiland CD Zusammenstellung.dxp
2013-07-04 13:04 - 2013-07-04 13:04 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Canneverbe Limited
2013-07-04 13:04 - 2012-06-03 10:45 - 00005504 _____ C:\WINDOWS\system32\Drivers\StarOpen.sys
2013-07-04 08:46 - 2013-07-04 08:46 - 00013824 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\Duschen - bitte genießen  .msg
2013-07-04 08:46 - 2013-07-04 08:46 - 00013824 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Duschen - bitte genießen  .msg
2013-07-03 01:20 - 2013-07-27 22:42 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Logishrd
2013-07-03 01:20 - 2013-07-03 01:20 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Leadertech
2013-07-03 01:20 - 2013-05-23 08:12 - 00010136 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2013-07-03 01:19 - 2013-07-28 11:32 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Logishrd
2013-07-03 01:19 - 2013-07-27 22:16 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Logitech
2013-07-03 00:43 - 2013-07-03 00:43 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Opera Software
2013-07-03 00:08 - 2013-07-03 00:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\StartMenuX
2013-07-02 22:53 - 2013-07-10 21:05 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-07-02 20:33 - 2013-07-02 20:33 - 01198049 _____ C:\WINDOWS\unins001.exe
2013-07-02 20:33 - 2013-07-02 20:33 - 00000000 ____D C:\WINDOWS\system32\Adobe
2013-07-02 20:26 - 2013-07-02 20:44 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2013-07-02 18:06 - 2012-06-04 17:35 - 00222448 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll
2013-07-02 18:06 - 2009-08-14 02:14 - 00202776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuweb.dll
2013-07-02 17:37 - 2013-07-02 17:37 - 01609384 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Windows Systeminformationen.nfo
2013-07-02 15:27 - 2013-07-02 15:27 - 00097176 _____ (Elaborate Bytes AG) C:\WINDOWS\system32\ElbyCDIO.dll
2013-07-02 13:43 - 2013-07-02 13:43 - 00000000 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\soft Xpansion Perfect PDF 8 Reader - 02.07.13 13.43.18.dmp
2013-07-02 02:41 - 2013-07-02 02:41 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\ASCOMP Software
2013-07-01 23:55 - 2013-03-27 00:53 - 00076800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cryptdlg.dll
2013-07-01 21:24 - 2013-07-01 21:24 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\IObit
2013-07-01 21:06 - 2013-07-01 21:06 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 21:06 - 2013-07-01 21:06 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 15:36 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\WINDOWS\system32\CNC5100L.dll
2013-07-01 15:36 - 2010-03-18 17:12 - 01335296 _____ (CANON INC.) C:\WINDOWS\system32\CNC5100C.dll
2013-07-01 15:36 - 2010-03-18 17:12 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC5100I.dll
2013-07-01 15:36 - 2010-03-18 17:11 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC5100U.dll
2013-07-01 15:36 - 2010-03-11 08:56 - 00180224 _____ (CANON INC.) C:\WINDOWS\system32\CNMIUAD.DLL
2013-07-01 15:36 - 2010-01-13 14:03 - 00094208 _____ (Canon Inc.) C:\WINDOWS\system32\CNC5100O.dll
2013-07-01 15:33 - 2012-04-18 13:50 - 00090112 _____ (Canon Inc.) C:\WINDOWS\system32\CNC_ATO.dll
2013-07-01 15:33 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ATU.dll
2013-07-01 15:33 - 2011-03-31 10:05 - 00286720 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ATC.dll
2013-07-01 15:33 - 2011-03-31 10:05 - 00114688 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ATI.dll
2013-07-01 15:33 - 2011-03-30 12:54 - 00323584 _____ (CANON INC.) C:\WINDOWS\system32\CNC_ATL.dll
2013-07-01 15:33 - 2011-02-03 09:20 - 00184320 _____ (CANON INC.) C:\WINDOWS\system32\CNMIUAT.DLL
2013-07-01 12:39 - 2013-07-01 12:39 - 00000000 ____D C:\Dokumente und Einstellungen\LocalService\Startmenü
2013-07-01 00:28 - 2013-07-01 00:28 - 00000834 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130701.dsv
2013-06-30 23:24 - 2013-06-30 23:24 - 00000830 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\2944x1352_20130630.dsv
2013-06-30 19:39 - 2013-07-27 22:57 - 00000020 _____ C:\WINDOWS\system32\nvModes.dat
2013-06-30 19:34 - 2013-07-27 21:07 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-06-30 19:32 - 2013-07-28 15:55 - 01098896 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2013-06-30 19:32 - 2013-07-28 15:55 - 01098896 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2013-06-30 19:32 - 2013-07-28 15:55 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2013-06-30 19:32 - 2013-07-27 17:41 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk
2013-06-30 19:32 - 2013-06-21 14:02 - 02289288 _____ C:\WINDOWS\system32\nvdata.data
2013-06-30 19:31 - 2013-05-12 23:37 - 00057344 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2013-06-30 19:23 - 2013-07-29 14:53 - 00000012 _____ C:\WINDOWS\WININIT.INI
2013-06-30 17:20 - 2013-06-30 17:20 - 00000362 _____ C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job
2013-06-30 17:17 - 2008-04-13 23:15 - 00060032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-06-30 12:48 - 2013-07-08 22:07 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\UseNeXT
2013-06-30 12:48 - 2013-06-30 12:48 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\UseNeXT
2013-06-29 20:56 - 2013-06-29 20:56 - 00000063 _____ C:\WINDOWS\PPDeskVw.INI
2013-06-29 17:36 - 2013-06-29 17:36 - 00009359 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Microsoft Access.EML
2013-06-29 17:33 - 2013-06-29 17:33 - 00009378 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).EML
2013-06-29 17:30 - 2013-06-29 17:32 - 00009358 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Microsoft Excel.EML

Eule69 29.07.2013 16:42
FSRT Teil 2:

Code:
==================== One Month Modified Files and Folders =======

2013-07-29 16:42 - 2013-07-29 16:41 - 00043319 ____C R:\z_temp\log1
2013-07-29 16:42 - 2013-07-29 15:23 - 00000000 ___DC R:\z_temp\HouseCall
2013-07-29 16:41 - 2013-07-29 16:41 - 00023042 ____C R:\z_temp\frstlog
2013-07-29 16:41 - 2013-07-29 16:41 - 00000366 ____C R:\z_temp\users00
2013-07-29 16:41 - 2013-07-29 16:41 - 00000003 ____C R:\z_temp\others
2013-07-29 16:41 - 2013-07-29 16:41 - 00000000 ____D C:\FRST
2013-07-29 16:38 - 2013-07-29 16:38 - 00003238 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\aswMBR Scan Ergebnisse.txt
2013-07-29 16:38 - 2013-07-29 16:38 - 00000512 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\MBR.dat
2013-07-29 16:38 - 2013-07-29 16:25 - 00000000 ___DC R:\z_temp\_av4_
2013-07-29 16:31 - 2013-07-29 16:31 - 00000000 ___RC R:\z_temp\UI03MPQ8~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\Q4AAN7NS~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\P4EPS6DT~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\BRO4JVET~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\BNFT6F6J~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\A1SAVSJV~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\75JAR92I~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\47BE0NRD~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ___RC R:\z_temp\1A3QJDR8~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:29 - 2013-05-22 13:38 - 00001234 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1960408961-1801674531-1003UA.job
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\SOB2CO3C~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\Q143P7NK~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\GUM6ML24~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:27 - 2013-07-29 16:27 - 00000000 ___RC R:\z_temp\FTT9G05Q~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:26 - 2013-07-29 16:26 - 00000000 ___RC R:\z_temp\C2J0JK0J~DemonData.swapFile.dat~.itzamlock
2013-07-29 16:25 - 2013-07-29 16:25 - 00000000 ___DC R:\z_temp\_avast4_
2013-07-29 16:17 - 2013-07-11 19:10 - 00000000 ____D C:\Programme\Emsisoft Anti-Malware
2013-07-29 16:07 - 2013-07-27 17:46 - 00008456 _____ C:\WINDOWS\system32\nvAppTimestamps
2013-07-29 16:05 - 2013-07-29 15:12 - 00000172 ____C R:\z_temp\hostrules.ini
2013-07-29 16:05 - 2013-07-29 15:12 - 00000164 ____C R:\z_temp\rules.ini
2013-07-29 16:05 - 2013-07-29 15:12 - 00000000 ___DC R:\z_temp\a2temp
2013-07-29 15:51 - 2013-07-29 15:50 - 00004612 _____ C:\AdwCleaner[R1].txt
2013-07-29 15:48 - 2013-07-29 15:48 - 00000512 ___CT R:\z_temp\~DF89C2.tmp
2013-07-29 15:46 - 2013-07-29 12:39 - 00000000 ___DC R:\z_temp\msohtml1
2013-07-29 15:37 - 2013-07-29 15:37 - 00073800 __HCT R:\z_temp\etilqs_9CxRsk7EZJv76kv
2013-07-29 15:36 - 2013-07-29 15:36 - 00642283 ___CT R:\z_temp\nsa348.tmp
2013-07-29 15:36 - 2013-07-29 15:36 - 00016400 __HCT R:\z_temp\etilqs_dqD9JIRl5muoJvN
2013-07-29 15:36 - 2013-07-29 15:36 - 00008208 __HCT R:\z_temp\etilqs_hi18D1PMXqa6VlB
2013-07-29 15:36 - 2013-07-29 15:36 - 00000000 ___DC R:\z_temp\nsa34A.tmp
2013-07-29 15:36 - 2013-07-29 15:36 - 00000000 ___DC R:\z_temp\GoogleChromePortable
2013-07-29 15:30 - 2013-07-29 15:30 - 00000970 ____C R:\z_temp\LastScan.txt
2013-07-29 15:29 - 2013-07-29 15:15 - 00000000 ___DC R:\z_temp\tmp00003f6e
2013-07-29 15:29 - 2013-04-27 03:38 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Dropbox
2013-07-29 15:28 - 2013-07-29 15:28 - 00016384 ___CT R:\z_temp\~DFC00C.tmp
2013-07-29 15:28 - 2013-07-29 15:28 - 00016384 ___CT R:\z_temp\~DF8A30.tmp
2013-07-29 15:28 - 2013-07-29 15:28 - 00000000 ___DC R:\z_temp\cpuz136
2013-07-29 15:26 - 2013-07-29 15:26 - 00000000 ____D C:\Programme\ESET
2013-07-29 15:26 - 2013-04-19 01:58 - 00000000 ____D C:\Programme
2013-07-29 15:25 - 2013-07-29 15:25 - 00004860 ____C R:\z_temp\qs-de-utf16.txt
2013-07-29 15:24 - 2013-07-29 15:23 - 00007881 ____C R:\z_temp\HCLauncher.log
2013-07-29 15:24 - 2013-07-29 15:23 - 00000000 ___DC R:\z_temp\HCBackup
2013-07-29 15:19 - 2013-07-29 15:19 - 00000649 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-07-29 15:19 - 2013-07-29 15:19 - 00000584 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\Avira DE-Cleaner.lnk
2013-07-29 15:19 - 2013-07-29 15:19 - 00000000 ___DC R:\z_temp\decleaner
2013-07-29 15:14 - 2013-07-29 15:14 - 00000512 ___CT R:\z_temp\~DFE77F.tmp
2013-07-29 15:11 - 2013-07-29 15:11 - 00000000 ___DC R:\z_temp\tmp00003c13
2013-07-29 15:10 - 2013-04-19 01:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme
2013-07-29 15:09 - 2013-07-29 15:09 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_b90.dat
2013-07-29 15:08 - 2013-07-29 15:08 - 00016384 ____C R:\z_temp\~DF9B8D.tmp
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_f3c.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_dd8.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_ad8.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_83c.dat
2013-07-29 15:07 - 2013-07-29 15:07 - 00016384 ____C R:\z_temp\~DF7530.tmp
2013-07-29 15:07 - 2013-07-29 15:07 - 00000000 ___DC R:\z_temp\WPDNSE
2013-07-29 15:07 - 2013-07-12 03:07 - 00621677 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-29 15:06 - 2013-07-29 15:06 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_380.dat
2013-07-29 15:06 - 2013-07-29 12:23 - 00000483 ____C R:\z_temp\WGAErrLog.txt
2013-07-29 15:06 - 2013-07-06 23:29 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-07-29 15:06 - 2013-07-06 23:29 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-07-29 15:06 - 2013-04-19 01:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-29 15:06 - 2001-08-18 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-29 15:05 - 2013-07-06 23:29 - 00032320 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-29 15:04 - 2013-07-05 18:23 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Everything
2013-07-29 15:04 - 2013-04-19 01:04 - 00000300 ___SH C:\Dokumente und Einstellungen\Elmar-Admin\ntuser.ini
2013-07-29 15:01 - 2013-07-29 15:01 - 00005632 ___CT (Tarma Software Research Pty Ltd) R:\z_temp\_TinDel.exe
2013-07-29 14:53 - 2013-06-30 19:23 - 00000012 _____ C:\WINDOWS\WININIT.INI
2013-07-29 14:52 - 2013-04-19 01:36 - 00000000 ___DC C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\ad
2013-07-29 14:46 - 2013-07-29 14:46 - 00000000 ___DC R:\z_temp\jrt
2013-07-29 14:37 - 2013-07-29 14:37 - 00000000 ___RC R:\z_temp\OK2OMASH~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:37 - 2013-07-29 14:37 - 00000000 ___RC R:\z_temp\2M2U3AOK~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:30 - 2013-07-29 14:30 - 00000000 ___RC R:\z_temp\B94K03DJ~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:30 - 2013-07-29 14:28 - 02469066 ___CT R:\z_temp\QVIRDOTD~DemonData.swapFile.dat~
2013-07-29 14:30 - 2013-07-29 14:28 - 00000644 ___CT R:\z_temp\FMM0ADKP~DemonData.swapFile.dat~
2013-07-29 14:28 - 2013-07-29 14:28 - 00000000 ___RC R:\z_temp\QVIRDOTD~DemonData.swapFile.dat~.itzamlock
2013-07-29 14:17 - 2013-07-29 14:17 - 00001770 ____C R:\z_temp\Rar$LS0.973
2013-07-29 14:07 - 2013-07-13 02:44 - 00000634 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\cp.lnk
2013-07-29 13:46 - 2013-07-29 13:40 - 00000000 ___DC R:\z_temp\2A46EF9B-1773-4EC4-BC99-292BD4249341
2013-07-29 13:45 - 2013-07-29 13:45 - 00000000 ___DC R:\z_temp\AcronisUpdates
2013-07-29 13:45 - 2013-07-29 13:41 - 00000481 ____C R:\z_temp\installerui-163448EE-6E1C-4D40-BFCC-D3EBD89DA93E.log
2013-07-29 13:42 - 2013-07-29 13:42 - 00000000 ___DC R:\z_temp\Acronis
2013-07-29 13:42 - 2013-07-29 13:42 - 00000000 ___DC R:\z_temp\3D81E9D3-086F-414D-85B0-8BF84D647042
2013-07-29 13:42 - 2013-07-29 13:42 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\2F2FCA96-760A-439F-B89D-CDC8D40CA90C
2013-07-29 13:42 - 2013-07-28 12:41 - 00792576 _____ C:\WINDOWS\setupapi.log
2013-07-29 13:42 - 2013-04-19 01:12 - 00234752 _____ (Acronis) C:\WINDOWS\system32\Drivers\afcdp.sys
2013-07-29 13:41 - 2013-07-29 13:41 - 00000000 ___DC R:\z_temp\06FF2D8C-1B97-4FCF-B244-1E87AC858D62
2013-07-29 13:41 - 2013-04-19 01:58 - 01302260 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\SHM3VO78~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\S29GQ3JH~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\PN1H1VGA~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\G1K6O1V5~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\E3SLBGER~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:33 - 2013-07-29 13:33 - 00000000 ___RC R:\z_temp\AANE815L~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:29 - 2013-07-29 13:29 - 00093441 ____C R:\z_temp\{A452BE11-CE60-4A02-B0C3-D2C51771A8A0}-30.0.1580.0_chrome_installer.exe
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\NG66PQSM~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\JGVJH7IA~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\AHIG0QGE~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\49M5MJ3F~DemonData.swapFile.dat~.itzamlock
2013-07-29 13:04 - 2013-07-29 13:04 - 00000000 ___RC R:\z_temp\3U5VSFO9~DemonData.swapFile.dat~.itzamlock
2013-07-29 12:57 - 2013-05-24 14:15 - 00000000 _RSHD C:\BOOTWIZ
2013-07-29 12:41 - 2013-07-29 12:41 - 00000251 _____ C:\voxFcoldrv.log
2013-07-29 12:39 - 2013-07-29 12:39 - 00000000 ___DC R:\z_temp\msohtml
2013-07-29 12:31 - 2013-07-29 12:31 - 00000000 ___DC R:\z_temp\comtypes_cache
2013-07-29 12:30 - 2013-07-29 12:30 - 00000000 ___DC R:\z_temp\VBE
2013-07-29 12:28 - 2013-07-29 12:28 - 03876956 ____C R:\z_temp\MSI2622d.LOG
2013-07-29 12:28 - 2013-07-29 12:28 - 03876956 ____C R:\z_temp\MSI2622c.LOG
2013-07-29 12:28 - 2013-07-29 12:27 - 03909408 ____C R:\z_temp\MSI2622b.LOG
2013-07-29 12:04 - 2013-07-29 12:04 - 00042080 ____C (Somoto Ltd.) R:\z_temp\bi_cleaner.exe
2013-07-29 12:04 - 2013-07-29 12:04 - 00028452 ____C R:\z_temp\MSIfc944.LOG
2013-07-29 12:00 - 2013-07-29 12:00 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_64c.dat
2013-07-29 11:53 - 2013-07-29 11:53 - 00000645 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\ev.lnk
2013-07-29 11:52 - 2013-07-29 11:52 - 00000000 ___DC R:\z_temp\CRX_75DAF8CB7768
2013-07-29 11:46 - 2013-07-29 11:46 - 00642283 ___CT R:\z_temp\nstF.tmp
2013-07-29 11:46 - 2013-07-29 11:46 - 00049200 __HCT R:\z_temp\etilqs_YGtswQEme6GwC7I
2013-07-29 11:46 - 2013-07-29 11:46 - 00016400 __HCT R:\z_temp\etilqs_hRX3p5LDEplCwmC
2013-07-29 11:46 - 2013-07-29 11:46 - 00002052 __HCT R:\z_temp\etilqs_TqgAXa6KUlWfG84
2013-07-29 11:45 - 2013-04-19 02:57 - 00000676 __RSH C:\boot.ini
2013-07-29 11:45 - 2001-08-18 13:00 - 00000603 ____N C:\WINDOWS\win.ini
2013-07-29 11:45 - 2001-08-18 13:00 - 00000227 ____N C:\WINDOWS\system.ini
2013-07-29 11:36 - 2013-04-19 01:01 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-07-29 11:34 - 2013-07-29 11:34 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_620.dat
2013-07-29 11:31 - 2013-07-29 11:31 - 00016384 ___CT R:\z_temp\Perflib_Perfdata_920.dat
2013-07-29 11:19 - 2013-07-29 11:19 - 44467068 _____ C:\WINDOWS\MEMORY.zip
2013-07-29 11:13 - 2013-07-29 11:13 - 00065536 _____ C:\WINDOWS\Minidump\Mini072913-01.dmp
2013-07-29 11:13 - 2013-07-29 11:12 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-29 11:12 - 2013-07-28 20:26 - 164388864 _____ C:\WINDOWS\MEMORY.DMP
2013-07-29 02:01 - 2013-04-19 02:33 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-29 01:29 - 2013-05-22 13:38 - 00001182 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1960408961-1801674531-1003Core.job
2013-07-29 01:05 - 2013-04-19 01:04 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin
2013-07-29 00:46 - 2013-04-27 15:37 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\uTorrent
2013-07-29 00:19 - 2013-07-23 10:41 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\.VirtualBox
2013-07-28 23:13 - 2013-07-28 23:03 - 00000510 __RSH C:\Dokumente und Einstellungen\Elmar-Admin\ntuser.pol
2013-07-28 22:09 - 2013-04-19 01:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Autostart
2013-07-28 22:01 - 2013-06-07 09:10 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Autostart (Disabled by AnVir)
2013-07-28 21:38 - 2013-07-28 01:29 - 00103824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-28 21:20 - 2013-07-16 14:17 - 00000000 ___DC C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\MouseWithoutBorders
2013-07-28 21:07 - 2013-07-16 19:47 - 00000000 ____D C:\Programme\Microsoft IntelliType Pro
2013-07-28 20:55 - 2013-07-07 01:20 - 00000000 ____D C:\Programme\Microsoft Bootvis
2013-07-28 20:11 - 2013-05-21 12:56 - 00004659 ____H C:\WINDOWS\EPMBatch.ept
2013-07-28 20:08 - 2013-04-27 11:33 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Mozilla
2013-07-28 19:53 - 2013-07-28 19:53 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\HD Tune Pro
2013-07-28 18:39 - 2013-04-27 03:27 - 00002355 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\SAS7_000.DAT
2013-07-28 18:29 - 2013-07-28 18:26 - 00002919 _____ C:\WINDOWS\KB2686509.log
2013-07-28 18:29 - 2013-07-28 18:26 - 00000094 _____ C:\WINDOWS\faultykeyboard.log
2013-07-28 17:32 - 2013-07-28 17:32 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\tor
2013-07-28 17:13 - 2013-07-28 17:13 - 00000000 ____D C:\Programme\Tor
2013-07-28 17:08 - 2013-07-28 17:08 - 00000673 _____ C:\Dokumente und Einstellungen\All Users\Desktop\RadarSync PC Updater.lnk
2013-07-28 17:08 - 2013-07-28 17:08 - 00000000 ____D C:\Programme\RadarSync
2013-07-28 17:08 - 2013-07-28 17:08 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\RadarSync
2013-07-28 16:54 - 2013-06-05 14:19 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2013-07-28 16:53 - 2013-07-27 22:19 - 00000000 ____D C:\Programme\NVIDIA Corporation
2013-07-28 16:49 - 2013-04-19 02:12 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-07-28 15:55 - 2013-06-30 19:32 - 01098896 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2013-07-28 15:55 - 2013-06-30 19:32 - 01098896 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2013-07-28 15:55 - 2013-06-30 19:32 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2013-07-28 14:12 - 2013-07-16 00:54 - 00000000 _____ C:\WINDOWS\AS_Debug.txt
2013-07-28 14:12 - 2013-04-19 02:12 - 00000000 ___HD C:\Programme\InstallShield Installation Information
2013-07-28 13:37 - 2013-05-21 14:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\AllDup
2013-07-28 12:37 - 2013-06-10 22:48 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\USBSafelyRemove
2013-07-28 12:29 - 2013-04-19 01:04 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-07-28 12:29 - 2013-04-19 01:04 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-07-28 12:18 - 2013-07-28 12:18 - 00000000 ____D C:\VITSOFT
2013-07-28 11:58 - 2013-04-19 02:01 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\TeraCopy
2013-07-28 11:32 - 2013-07-03 01:19 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Logishrd
2013-07-28 11:32 - 2013-06-10 22:48 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\USBSRService
2013-07-28 11:32 - 2013-05-23 16:18 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\TeamViewer
2013-07-28 11:32 - 2013-04-25 23:16 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\dvdcss
2013-07-28 04:26 - 2013-05-22 20:56 - 00008165 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\CsActions.cka
2013-07-28 04:19 - 2013-07-07 01:22 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-07-28 03:49 - 2013-07-28 03:49 - 00940794 _____ C:\WINDOWS\system32\LoopyMusic.wav
2013-07-28 03:49 - 2013-07-28 03:49 - 00146650 _____ C:\WINDOWS\system32\BuzzingBee.wav
2013-07-28 03:49 - 2013-07-28 03:49 - 00060416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.VER
2013-07-28 03:49 - 2013-07-28 03:49 - 00060416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.EXE
2013-07-28 03:49 - 2013-07-28 03:49 - 00000000 ____D C:\WINDOWS\system32\Lang
2013-07-28 03:46 - 2013-07-28 02:56 - 186187776 _____ C:\LogFile.Etl
2013-07-28 03:37 - 2013-07-28 03:37 - 00000000 ____D C:\Programme\Realtek AC97
2013-07-28 03:24 - 2013-07-28 03:24 - 00000000 ____D C:\Programme\Microsoft Garage
2013-07-28 03:22 - 2013-07-28 03:22 - 00000000 ____D C:\Programme\Soluto
2013-07-28 03:22 - 2013-04-19 01:58 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü
2013-07-28 03:20 - 2013-07-28 03:20 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Everything
2013-07-28 02:31 - 2013-07-15 13:05 - 00000000 ____D C:\Programme\Kyocera
2013-07-28 00:46 - 2013-07-24 01:24 - 00002447 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\cy.lnk
2013-07-28 00:08 - 2013-07-28 00:08 - 00000565 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130728.dsv
2013-07-27 23:52 - 2013-07-27 23:52 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\NVIDIA
2013-07-27 22:57 - 2013-06-30 19:39 - 00000020 _____ C:\WINDOWS\system32\nvModes.dat
2013-07-27 22:44 - 2013-07-27 22:44 - 00000000 ____D C:\Programme\AGEIA Technologies
2013-07-27 22:42 - 2013-07-27 22:15 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2013-07-27 22:42 - 2013-07-23 09:56 - 01148048 _____ C:\WINDOWS\setupapi.log.0.old
2013-07-27 22:42 - 2013-07-03 01:20 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Logishrd
2013-07-27 22:41 - 2013-07-27 22:41 - 00000000 ____D C:\Programme\Logitech
2013-07-27 22:20 - 2013-07-27 17:42 - 00000190 ___SH C:\Dokumente und Einstellungen\UpdatusUser\ntuser.ini
2013-07-27 22:20 - 2013-04-19 02:54 - 00000000 ____D C:\WINDOWS\Help
2013-07-27 22:16 - 2013-07-03 01:19 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Logitech
2013-07-27 22:02 - 2013-07-27 22:02 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\DriverEasy
2013-07-27 21:49 - 2013-05-22 20:08 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_updates
2013-07-27 21:48 - 2013-07-27 21:48 - 00000000 ____D C:\Programme\1-click run
2013-07-27 21:20 - 2013-05-23 11:58 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_pdfs
2013-07-27 21:19 - 2013-04-27 11:31 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_internet browser
2013-07-27 21:07 - 2013-06-30 19:34 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-27 20:38 - 2013-05-22 21:41 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\ATI
2013-07-27 20:14 - 2013-07-27 20:14 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\VITSOFT
2013-07-27 19:57 - 2013-04-19 02:34 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-07-27 19:46 - 2013-04-19 01:01 - 00000000 ____D C:\WINDOWS\Registration
2013-07-27 19:42 - 2013-04-27 02:42 - 00000000 ____D C:\Programme\Microsoft.NET
2013-07-27 19:41 - 2013-07-27 19:41 - 00000000 ____D C:\Programme\MSBuild
2013-07-27 17:41 - 2013-06-30 19:32 - 00000000 _____ C:\WINDOWS\system32\nvdrswr.lk
2013-07-27 16:55 - 2013-07-27 16:55 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\C6B73907-D4E8-4912-BC6D-FDD054C6F0E2
2013-07-27 13:31 - 2013-05-26 21:10 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\PassMark
2013-07-27 13:12 - 2013-04-19 01:02 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-07-27 13:10 - 2013-07-27 13:10 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\FSB 215 - 291.nbr
2013-07-27 12:11 - 2013-04-27 18:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_security
2013-07-27 10:22 - 2013-07-08 22:13 - 00000000 ____D C:\WINDOWS\Acronis
2013-07-26 23:25 - 2013-07-26 23:25 - 00001113 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130726[1].dsv
2013-07-26 23:02 - 2013-04-19 02:54 - 00000000 ____D C:\WINDOWS\security
2013-07-26 23:00 - 2013-07-26 23:00 - 00000603 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Arora.lnk
2013-07-26 22:46 - 2013-07-26 22:46 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\AnyDVDHD
2013-07-26 17:16 - 2013-04-27 21:00 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_info
2013-07-26 14:24 - 2013-07-26 14:24 - 00001289 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130726.dsv
2013-07-25 19:35 - 2013-07-25 19:07 - 00131072 _____ C:\Dokumente und Einstellungen\Elmar-Admin\fbchathistory.dat
2013-07-25 19:25 - 2013-04-27 04:39 - 00000000 ____D C:\WINDOWS\SHELLNEW
2013-07-25 19:25 - 2013-04-19 01:58 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Microsoft Shared
2013-07-25 14:48 - 2013-07-25 14:48 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Greenshot
2013-07-24 22:28 - 2013-05-23 13:58 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_z hardware
2013-07-24 20:26 - 2013-04-19 02:11 - 00000000 ____D C:\Programme\Gemeinsame Dateien\InstallShield
2013-07-24 18:39 - 2013-07-24 18:39 - 00000000 ____D C:\Programme\Kaspersky Lab
2013-07-24 18:39 - 2013-07-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Kaspersky Security Scan
2013-07-24 11:29 - 2013-05-23 08:18 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-07-24 10:47 - 2013-06-13 21:14 - 00065536 _____ C:\WINDOWS\system32\config\Nano.evt
2013-07-24 10:23 - 2013-07-24 10:23 - 00000000 ___HD C:\BJPrinter
2013-07-24 10:21 - 2013-04-27 18:09 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-07-24 09:53 - 2013-07-07 02:18 - 00051144 _____ (Soluto LTD.) C:\WINDOWS\system32\Drivers\Soluto.sys
2013-07-24 01:39 - 2013-04-19 02:54 - 00000000 ____D C:\WINDOWS\NLDRV
2013-07-23 10:37 - 2013-07-17 16:45 - 00000000 ____D C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\ad
2013-07-23 01:34 - 2013-05-27 11:54 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe AIR
2013-07-23 01:34 - 2013-04-25 23:10 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\vlc
2013-07-23 01:30 - 2013-05-22 18:51 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\GlarySoft
2013-07-23 01:29 - 2013-07-23 01:29 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\GlarySoft
2013-07-23 01:28 - 2013-05-23 08:18 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-07-23 01:21 - 2013-07-23 01:21 - 00000318 _____ C:\WINDOWS\Tasks\GlaryInitialize 3.job
2013-07-22 13:33 - 2013-07-22 13:32 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-07-22 12:02 - 2013-07-22 12:02 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\110% - 298.nbr
2013-07-22 11:31 - 2013-07-21 14:24 - 00065536 _____ C:\WINDOWS\system32\config\iolo App.evt
2013-07-22 11:10 - 2013-06-13 21:05 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\ProcessLasso
2013-07-21 14:24 - 2013-07-21 14:24 - 00074703 _____ C:\WINDOWS\system32\mfc45.dat
2013-07-21 14:24 - 2013-07-21 14:24 - 00000000 ____D C:\Programme\iolo
2013-07-20 17:24 - 2013-07-17 16:42 - 00000190 ___SH C:\Dokumente und Einstellungen\Dragnon NeuerUser\ntuser.ini
2013-07-20 17:05 - 2013-07-20 17:05 - 00000529 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\fp.lnk
2013-07-19 21:11 - 2013-07-19 21:11 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\285- 108% - all running.nbr
2013-07-19 21:09 - 2013-07-19 21:06 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\271 - 108% - nothing running.nbr
2013-07-19 20:59 - 2013-07-19 20:59 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\295 - 108% - nothing running.nbr
2013-07-19 20:57 - 2013-07-19 20:57 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\291 - 108% - nothing running.nbr
2013-07-19 20:54 - 2013-07-19 20:54 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\285 - 206 MHz - nothing running.nbr
2013-07-19 20:27 - 2013-07-08 22:13 - 00000148 _____ C:\WINDOWS\system32\autopart.opt
2013-07-19 20:15 - 2013-06-27 20:00 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Downloaded Installations
2013-07-19 14:43 - 2013-07-19 14:43 - 00000000 ____D C:\Programme\Gemeinsame Dateien\RBSoft
2013-07-19 14:42 - 2013-04-27 19:03 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_improve system
2013-07-19 00:38 - 2013-07-19 00:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-07-19 00:38 - 2013-07-19 00:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_user_01_09_00.Wdf
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\zh-TW
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\zh-CN
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\sv-SE
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ru-RU
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\pt-PT
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\pt-BR
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\pl-PL
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\nl-NL
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\nb-NO
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ms-MY
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ko-KR
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\ja-JP
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\it-IT
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\hu-HU
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\fr-FR
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\fi-FI
2013-07-19 00:36 - 2013-07-19 00:36 - 00000000 ____D C:\WINDOWS\system32\el-GR
2013-07-19 00:36 - 2013-04-19 02:54 - 00000000 ____D C:\WINDOWS\system32\de-de
2013-07-19 00:35 - 2013-04-19 01:58 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente
2013-07-19 00:35 - 2013-04-19 01:02 - 00000000 __SHD C:\Dokumente und Einstellungen\All Users\DRM
2013-07-19 00:33 - 2013-07-19 00:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_zumbus_01009.Wdf
2013-07-18 23:59 - 2013-07-18 23:59 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\PC Suite
2013-07-18 23:57 - 2013-07-18 23:57 - 00000000 ____D C:\Programme\DIFX
2013-07-18 19:24 - 2013-07-18 19:24 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\TrojanHunter
2013-07-18 19:17 - 2013-07-18 19:17 - 00059392 ____R C:\WINDOWS\system32\streamhlp.dll
2013-07-18 17:55 - 2013-04-19 01:28 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_filemanagement
2013-07-17 16:44 - 2013-04-27 04:40 - 00000400 _____ C:\WINDOWS\ODBC.INI
2013-07-17 15:41 - 2013-07-17 15:41 - 00000188 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\5300-2.lnk
2013-07-17 15:41 - 2013-07-17 15:41 - 00000188 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\60er.lnk
2013-07-17 15:09 - 2013-07-17 15:09 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-16 19:07 - 2013-07-16 19:07 - 00000174 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Drucker hinzufügen.lnk
2013-07-16 16:16 - 2013-07-13 22:04 - 00000649 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-07-16 16:16 - 2013-07-13 22:04 - 00000584 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Avira DE-Cleaner.lnk
2013-07-16 13:35 - 2013-07-16 13:35 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\IGC
2013-07-16 13:35 - 2013-07-16 13:35 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\IGC
2013-07-16 12:03 - 2013-04-27 11:21 - 00000000 ____D C:\Programme\Microsoft Silverlight
2013-07-16 11:24 - 2013-07-16 11:24 - 00001819 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\SyncSettings - R -- E-Dropbox - Backup - Q.ffs_batch
2013-07-16 11:24 - 2013-07-16 11:24 - 00001791 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\SyncSettings - R -- E-Dropbox - Backup - Q.ffs_gui
2013-07-16 11:21 - 2013-05-25 00:41 - 00001831 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\SyncSettings - R - F-Backup R - Versioning.ffs_gui
2013-07-16 10:24 - 2013-07-16 10:24 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\300 - 108% - nicht NOS.nbr
2013-07-16 02:00 - 2013-07-16 02:00 - 00000589 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\NovaBench.lnk
2013-07-16 01:58 - 2013-07-16 01:58 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\299 - 108% - nicht NOS.nbr
2013-07-16 01:38 - 2013-07-16 01:38 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\298 - 108%.nbr
2013-07-16 01:35 - 2013-07-16 01:35 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\293 - 105%.nbr
2013-07-16 01:33 - 2013-07-16 01:33 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\288 - 103%.nbr
2013-07-16 01:31 - 2013-07-16 01:31 - 00001445 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Ai Booster v2.00.68.lnk
2013-07-16 01:29 - 2013-07-16 01:29 - 00000967 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\287 - 100%.nbr
2013-07-16 00:57 - 2013-07-11 20:34 - 00000000 ____D C:\Programme\ASUS
2013-07-16 00:32 - 2013-07-16 00:32 - 00001561 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\AI Suite v1.03.15.lnk
2013-07-16 00:31 - 2013-07-16 00:31 - 00000946 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\13.0x (X) 1.375V.lnk
2013-07-16 00:30 - 2013-07-16 00:30 - 00000938 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\12.5x (X).lnk
2013-07-15 15:02 - 2013-07-15 15:02 - 00000887 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\process explorer.lnk
2013-07-15 14:43 - 2013-07-15 14:43 - 00000540 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\wscc.lnk
2013-07-15 12:15 - 2013-07-13 14:17 - 00000432 _____ C:\WINDOWS\BRWMARK.INI
2013-07-15 10:41 - 2013-07-11 20:19 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\WinRAR
2013-07-15 01:22 - 2013-07-15 01:22 - 00000855 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130715.dsv
2013-07-15 00:24 - 2013-07-15 00:24 - 00001710 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\ad.lnk
2013-07-15 00:24 - 2013-07-15 00:24 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\7stacks
2013-07-14 14:31 - 2013-07-13 14:17 - 00000065 _____ C:\WINDOWS\system32\BD7010.DAT
2013-07-14 08:16 - 2013-07-15 23:45 - 00114296 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX32.sys
2013-07-13 21:03 - 2013-07-13 21:03 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Help
2013-07-13 19:02 - 2013-07-13 19:02 - 00087704 _____ C:\WINDOWS\cadkasdeinst01.exe
2013-07-13 19:02 - 2013-07-13 19:02 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Mein Schriftarten 1.0
2013-07-13 18:20 - 2013-07-12 16:31 - 00000739 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\aS.lnk
2013-07-13 18:20 - 2013-07-12 16:31 - 00000739 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\aborange Scheduler.lnk
2013-07-13 14:17 - 2013-07-13 14:17 - 00000000 ___RD C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Brother
2013-07-13 14:17 - 2013-04-19 02:54 - 00000000 ____D C:\WINDOWS\twain_32
2013-07-13 13:56 - 2013-05-23 00:32 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Winsplit Revolution
2013-07-13 03:10 - 2013-07-13 03:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\.tfo4
2013-07-13 03:09 - 2013-07-13 03:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\4.0
2013-07-13 02:56 - 2013-07-13 02:56 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\STRATO
2013-07-13 02:44 - 2013-07-13 02:44 - 00000634 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\cp.lnk
2013-07-12 20:13 - 2013-07-12 20:13 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\MeineBackups
2013-07-12 19:49 - 2013-04-19 01:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü
2013-07-12 09:59 - 2013-07-05 09:33 - 00002321 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\W.lnk
2013-07-12 05:08 - 2008-04-14 01:01 - 00251712 __RSH C:\ntldr
2013-07-12 05:08 - 2008-04-13 23:13 - 00047564 __RSH C:\ntdetect.com
2013-07-12 05:08 - 2001-08-18 13:00 - 00004952 __RSH C:\bootfont.bin
2013-07-12 03:00 - 2013-07-12 03:00 - 00000830 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\x2.lnk
2013-07-12 03:00 - 2013-07-12 03:00 - 00000830 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\x2.lnk
2013-07-12 02:49 - 2013-07-12 02:49 - 00000823 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\PandaCloudAntivirus22.lnk
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\aborange Scheduler
2013-07-11 19:10 - 2013-07-11 19:10 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Anti-Malware
2013-07-11 16:26 - 2013-07-08 00:08 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_faster
2013-07-11 16:24 - 2013-07-11 16:23 - 00000000 ____D C:\Programme\Spyware Terminator
2013-07-11 16:23 - 2013-07-11 16:23 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Spyware Terminator
2013-07-11 15:36 - 2013-07-11 15:34 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\ShutdownAddin
2013-07-11 15:34 - 2013-07-11 15:34 - 00000000 ____D C:\Programme\Gemeinsame Dateien\OutlookShutdown
2013-07-11 12:33 - 2013-07-11 12:33 - 00000224 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\4950.lnk
2013-07-11 12:33 - 2013-07-11 12:33 - 00000224 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\10er.lnk
2013-07-11 12:32 - 2013-04-27 05:18 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-10 22:55 - 2013-05-22 13:39 - 00002447 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\cy.lnk
2013-07-10 22:55 - 2013-04-19 01:04 - 00000784 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\IE.lnk
2013-07-10 21:06 - 2013-07-10 21:06 - 00000000 ____D C:\Programme\Enigma Software Group
2013-07-10 21:05 - 2013-07-02 22:53 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2013-07-10 20:59 - 2013-07-10 20:59 - 00000495 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Temps löschen.bat
2013-07-10 18:25 - 2013-04-19 01:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Eigene Bilder
2013-07-10 10:28 - 2013-07-10 10:28 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\aborange
2013-07-09 23:27 - 2013-07-09 23:26 - 00000000 ___DC C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\neuer LD
2013-07-09 17:55 - 2013-07-09 17:53 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\MagraSoft
2013-07-09 17:46 - 2013-06-12 00:39 - 00000000 ____D C:\Programme\Sysinternals Suite
2013-07-09 17:37 - 2013-07-08 20:12 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\DeskSoft
2013-07-09 17:09 - 2013-07-09 17:09 - 00004165 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Weiland CD Zusammenstellung 2.dxp
2013-07-09 15:34 - 2013-05-23 10:57 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Canon
2013-07-09 14:39 - 2013-05-30 19:00 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-09 14:39 - 2013-04-27 11:22 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-07-09 14:39 - 2013-04-27 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-07-09 11:46 - 2013-06-28 15:02 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\.oit
2013-07-09 11:15 - 2013-07-09 11:15 - 00000254 _____ C:\WINDOWS\UPGRADE.TXT
2013-07-09 11:15 - 2013-07-09 11:15 - 00000000 ____D C:\WINDOWS\setupupd
2013-07-09 11:15 - 2013-07-09 11:15 - 00000000 ____D C:\WINDOWS\setup.pss
2013-07-09 11:07 - 2013-07-09 11:15 - 00000492 _____ C:\BOOT.BAK
2013-07-08 22:52 - 2013-07-08 20:35 - 00065536 _____ C:\WINDOWS\system32\config\bootracer.evt
2013-07-08 22:10 - 2013-04-19 01:11 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Acronis
2013-07-08 22:07 - 2013-06-30 12:48 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\UseNeXT
2013-07-08 21:34 - 2013-07-06 23:30 - 00000436 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\kill unnecessary tasks.lnk
2013-07-08 21:34 - 2013-07-06 23:30 - 00000436 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\kill unnecessary tasks.lnk
2013-07-08 20:41 - 2013-07-07 12:34 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_easywork
2013-07-08 20:40 - 2013-04-27 19:04 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_maintenance
2013-07-08 20:35 - 2013-04-19 01:04 - 00000000 __SHD C:\WINDOWS\CSC
2013-07-08 20:22 - 2013-07-08 20:22 - 00000973 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\C&D.lnk
2013-07-08 20:15 - 2013-07-08 20:15 - 00065536 _____ C:\WINDOWS\system32\config\Bootrace.evt
2013-07-08 20:15 - 2013-07-08 20:15 - 00000000 ____D C:\Programme\BootRacer
2013-07-08 20:13 - 2013-07-08 20:12 - 00023040 _____ (DeskSoft) C:\WINDOWS\system32\Drivers\dsnpfd.sys
2013-07-08 20:10 - 2013-07-08 20:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Expert PDF Reader
2013-07-08 20:08 - 2013-07-08 20:06 - 00082008 _____ C:\WINDOWS\CFSETUP.TXT
2013-07-08 19:27 - 2013-07-27 17:42 - 00000000 __SHD C:\Dokumente und Einstellungen\UpdatusUser\IETldCache
2013-07-08 19:27 - 2013-07-17 16:42 - 00000000 __SHD C:\Dokumente und Einstellungen\Dragnon NeuerUser\IETldCache
2013-07-08 19:27 - 2013-07-08 19:27 - 00000000 __SHD C:\Dokumente und Einstellungen\Default User\IETldCache
2013-07-08 16:18 - 2013-07-08 16:18 - 00000398 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\boot.lnk
2013-07-08 16:07 - 2013-04-19 02:57 - 00000266 ___SH C:\boot old.ini
2013-07-08 14:42 - 2013-07-08 14:42 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService\PrivacIE
2013-07-08 14:16 - 2013-07-08 14:16 - 00000023 _____ C:\WINDOWS\system32\CleanGenius3Free.dll
2013-07-08 13:43 - 2013-07-08 13:43 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService\PrivacIE
2013-07-08 13:00 - 2013-07-08 12:59 - 00000026 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Clearup RAM.vbs
2013-07-08 12:56 - 2013-07-08 12:56 - 00001642 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\ContentIndex original.reg
2013-07-07 21:23 - 2013-07-07 21:23 - 00000000 ____D C:\Programme\TweakRAM
2013-07-07 21:21 - 2013-07-07 21:21 - 00000000 ____D C:\Programme\RAM Defrag
2013-07-07 17:42 - 2013-04-19 02:09 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_tweak
2013-07-07 13:24 - 2013-07-07 13:24 - 00000645 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Launchy.lnk
2013-07-07 12:44 - 2013-05-28 12:44 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Launchy
2013-07-07 12:38 - 2013-07-07 12:38 - 00000931 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\DP.lnk
2013-07-07 12:38 - 2013-07-07 12:38 - 00000931 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\DP.lnk
2013-07-07 12:34 - 2013-07-07 12:34 - 00000000 ____D C:\Programme\Launchy
2013-07-07 12:19 - 2013-06-12 00:40 - 00000000 ____D C:\Programme\NirSoft Utilities
2013-07-07 11:13 - 2013-07-07 01:40 - 00010240 _____ C:\WINDOWS\system32\ACRAMDiskHandlerService32RD3.ini
2013-07-07 10:44 - 2013-07-07 10:44 - 00000662 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\od.lnk
2013-07-07 10:44 - 2013-07-07 10:44 - 00000662 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\ObjectDock.lnk
2013-07-07 10:25 - 2013-07-07 10:22 - 00000000 ____D C:\Programme\ObjectDockFree
2013-07-07 03:28 - 2013-07-07 03:28 - 00000000 ____D C:\Programme\Sinvise Systems
2013-07-07 03:28 - 2013-07-07 03:28 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Sinvise Systems
2013-07-07 02:14 - 2013-07-07 02:14 - 00000822 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130707.dsv
2013-07-07 01:46 - 2013-07-29 13:42 - 00689672 ____C (Acronis) R:\z_temp\284FA982-B8E0-44DF-9F05-0C11815B9A64
2013-07-07 01:46 - 2013-07-29 13:42 - 00139336 ____C (Acronis) R:\z_temp\827824D0-7A8B-4E09-B55A-885840080A00
2013-07-07 01:46 - 2013-07-07 01:46 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\350F4898-238C-459E-9E95-A334F8063E77
2013-07-07 01:46 - 2013-04-19 01:12 - 00689672 _____ (Acronis) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2013-07-07 01:46 - 2013-04-19 01:12 - 00139336 _____ (Acronis) C:\WINDOWS\system32\Drivers\vididr.sys
2013-07-07 01:23 - 2013-04-19 01:49 - 00000000 ____D C:\WINDOWS\pss
2013-07-07 01:15 - 2013-07-07 01:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Application Data\Soluto
2013-07-06 23:29 - 2013-07-06 23:29 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-07-06 10:15 - 2013-05-22 20:28 - 00001150 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\CsTemplates.ckt
2013-07-06 00:49 - 2013-07-05 22:46 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Audacity
2013-07-06 00:27 - 2013-07-06 00:27 - 00000000 ____D C:\Programme\Lame For Audacity
2013-07-05 22:18 - 2013-07-05 22:18 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\AMPSoft
2013-07-05 16:17 - 2013-07-05 12:16 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Nuance
2013-07-05 16:01 - 2013-07-05 16:00 - 01451238 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Windows Systeminformationen 050713 - 1600.nfo
2013-07-05 12:16 - 2013-07-05 12:16 - 00000000 ____D C:\Programme\Gemeinsame Dateien\IVA
2013-07-05 12:16 - 2013-06-28 15:11 - 00000000 ____D C:\Programme\Nuance
2013-07-05 12:16 - 2013-04-27 02:54 - 00000000 ____D C:\WINDOWS\Speech
2013-07-05 09:33 - 2013-07-05 09:33 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office
2013-07-04 23:02 - 2013-07-04 23:02 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Typograf
2013-07-04 20:08 - 2013-07-04 20:08 - 00000224 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\5300.lnk
2013-07-04 20:08 - 2013-07-04 20:08 - 00000224 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\50er.lnk
2013-07-04 16:38 - 2013-06-07 23:10 - 00188176 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2013-07-04 16:37 - 2013-07-04 16:37 - 00174864 _____ (Oracle Corporation) C:\WINDOWS\system32\VBoxNetFltNobj.dll
2013-07-04 16:37 - 2013-07-04 16:37 - 00115984 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetFlt.sys
2013-07-04 16:37 - 2013-06-07 23:10 - 00094480 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2013-07-04 16:37 - 2013-04-12 12:33 - 00104720 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys
2013-07-04 13:16 - 2013-07-04 13:16 - 00002721 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Weiland CD Zusammenstellung.dxp
2013-07-04 13:04 - 2013-07-04 13:04 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Canneverbe Limited
2013-07-04 08:46 - 2013-07-04 08:46 - 00013824 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\Duschen - bitte genießen  .msg
2013-07-04 08:46 - 2013-07-04 08:46 - 00013824 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\Duschen - bitte genießen  .msg
2013-07-03 18:11 - 2013-04-27 21:05 - 00000000 ____D C:\Programme\FreePDF_XP
2013-07-03 18:11 - 2013-04-27 21:05 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\FreePDF
2013-07-03 01:20 - 2013-07-03 01:20 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Leadertech
2013-07-03 00:43 - 2013-07-03 00:43 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Opera Software
2013-07-03 00:09 - 2013-07-03 00:08 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\StartMenuX
2013-07-02 22:55 - 2013-04-19 02:38 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_benchmark & test
2013-07-02 20:44 - 2013-07-02 20:26 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2013-07-02 20:33 - 2013-07-02 20:33 - 01198049 _____ C:\WINDOWS\unins001.exe
2013-07-02 20:33 - 2013-07-02 20:33 - 00000000 ____D C:\WINDOWS\system32\Adobe
2013-07-02 20:33 - 2013-04-27 11:22 - 00014900 _____ C:\WINDOWS\unins001.dat
2013-07-02 20:33 - 2013-04-19 02:54 - 00000000 ____D C:\WINDOWS\system32\Macromed
2013-07-02 20:33 - 2013-04-19 02:54 - 00000000 ____D C:\WINDOWS\system
2013-07-02 17:37 - 2013-07-02 17:37 - 01609384 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\Windows Systeminformationen.nfo
2013-07-02 15:27 - 2013-07-02 15:27 - 00097176 _____ (Elaborate Bytes AG) C:\WINDOWS\system32\ElbyCDIO.dll
2013-07-02 13:43 - 2013-07-02 13:43 - 00000000 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\soft Xpansion Perfect PDF 8 Reader - 02.07.13 13.43.18.dmp
2013-07-02 11:50 - 2013-06-27 19:38 - 00000670 ____C C:\Dokumente und Einstellungen\Elmar-Admin\Desktop\pr.lnk
2013-07-02 11:50 - 2013-06-27 19:38 - 00000670 _____ C:\Dokumente und Einstellungen\Dragnon NeuerUser\Desktop\pr.lnk
2013-07-02 11:46 - 2013-04-19 01:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\Zubehör
2013-07-02 02:41 - 2013-07-02 02:41 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\ASCOMP Software
2013-07-02 02:41 - 2013-04-27 19:03 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_backup
2013-07-01 21:24 - 2013-07-01 21:24 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\IObit
2013-07-01 21:06 - 2013-07-01 21:06 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 21:06 - 2013-07-01 21:06 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 21:06 - 2013-05-29 12:36 - 00000000 ____D C:\Programme\Google
2013-07-01 16:52 - 2013-06-02 12:06 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\QuickScan
2013-07-01 15:36 - 2013-05-23 10:53 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2013-07-01 12:40 - 2013-04-27 19:05 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\z_rest
2013-07-01 12:39 - 2013-07-01 12:39 - 00000000 ____D C:\Dokumente und Einstellungen\LocalService\Startmenü
2013-07-01 00:28 - 2013-07-01 00:28 - 00000834 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\3360x2560_20130701.dsv
2013-06-30 23:24 - 2013-06-30 23:24 - 00000830 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\2944x1352_20130630.dsv
2013-06-30 17:20 - 2013-06-30 17:20 - 00000362 _____ C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job
2013-06-30 12:54 - 2013-04-27 19:07 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Startmenü\Programme\_internet
2013-06-30 12:48 - 2013-06-30 12:48 - 00000000 ____D C:\Dokumente und Einstellungen\Elmar-Admin\Eigene Dateien\UseNeXT
2013-06-29 20:56 - 2013-06-29 20:56 - 00000063 _____ C:\WINDOWS\PPDeskVw.INI
2013-06-29 17:36 - 2013-06-29 17:36 - 00009359 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Microsoft Access.EML
2013-06-29 17:33 - 2013-06-29 17:33 - 00009378 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).EML
2013-06-29 17:32 - 2013-06-29 17:30 - 00009358 _____ C:\Dokumente und Einstellungen\Elmar-Admin\Anwendungsdaten\Microsoft Excel.EML

Files to move or delete:
====================
C:\Dokumente und Einstellungen\Elmar-Admin\fbchathistory.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2009-08-14 02:13] - [2009-08-14 02:13] - 1036800 ____A (Microsoft Corporation) d999cf40bd4eeb69fab32069ca9d65b1

C:\Windows\System32\winlogon.exe
[2009-08-14 02:14] - [2009-08-14 02:14] - 0513024 ____A (Microsoft Corporation) 8069cbc1daa6de61a6b438ea0d4ae2a0

C:\Windows\System32\svchost.exe
[2009-08-14 02:14] - [2009-08-14 02:14] - 0014848 ____A (Microsoft Corporation) 67e38b4a549833e02d4d1617b5dbc318

C:\Windows\System32\services.exe
[2009-08-14 02:14] - [2009-08-14 02:14] - 0111104 ____A (Microsoft Corporation) f0a7d59af279326528715b206669b86c

C:\Windows\System32\User32.dll
[2008-04-14 08:52] - [2008-04-14 08:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd

C:\Windows\System32\userinit.exe
[2008-04-14 08:53] - [2008-04-14 08:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 08:22] - [2008-04-14 08:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d


==================== End Of Log ============================
Additions.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2013
Ran by Elmar-Admin at 2013-07-29 16:43:33
Running from E:\_ dropbox _\Dropbox\_ install new\__new
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.3.0.29677)
7-PDF Split & Merge Version 2.1.0 (Build 128) (Version: 7-PDF Split & Merge - Version 2.1.0 (Build 128))
7stacks 1.5 beta 2 (Version: 1.4.24)
aborange Scheduler - Deinstallation (Version: 3.01)
Acronis*Disk*Director*11*Home (Version: 11.0.2121)
Adobe AIR (Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Ai Booster (Version: 2.00.68)
AllDup 3.4.24 (Version: 3.4.24)
Allgemeine Runtime Files (x86) (Version: 1.0.3.6)
allSnap version 1.33.2 (Version: 1.33)
Alternative Flash Player Auto-Updater (Version: 1.1.0.3)
AMP Font Viewer
AntiFreeze 1.01
AnVir Task Manager Pro (Version: 6.3.1)
AnyDVD (Version: 7.2.3.0)
ArchiCrypt Ultimate RAM-Disk 3 Version 3.9.1.4216 (Version: 3.9.1.4216)
ArgusMonitor
Arora 0.10.0 (Version: 0.10.0)
Ashampoo HDD Control 2 v.2.1.0 (Version: 2.1.0)
Ashampoo Snap 6 v.6.0.5 (Version: 6.0.5)
Ashampoo WinOptimizer 9 v.9.04.31 (Version: 9.04.31)
AsusUpdate
Athlon 64 Processor Driver (Version: 1.2.2.2)
Audacity 2.0.3 (Version: 2.0.3)
AVM FRITZ!fax für FRITZ!Box
Belarc Advisor 8.1
BootLog XP (Version: 2.10)
BootRacer (Version: 4.0.0)
BWMeter (Version: 6.5.2)
BySoft FreeRAM 4.0 (Version: 4.0)
CachemanXP 2.0 (Windows 2000,2003,XP) (Version: 2.0)
Canon iP100 series Printer Driver
Canon iP4900 series Benutzerregistrierung
Canon iP4900 series On-screen Manual
Canon iP4900 series Printer Driver
Canon iX6500 series Printer Driver
Canon MG5100 series MP Drivers
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon S6300
Canon Solution Menu EX
CCleaner (Version: 4.04)
CD Bremse 1.49 (Version: 1.49)
CDBurnerXP (Version: 4.5.2.4214)
cFosSpeed v9.04 (Version: 9.04)
CheckDrive (Version: 4.4)
Circle Dock (Version: 32-bit v1.56 (Refresh))
CleanGenius 3.0.6
Client für die Windows-Rechteverwaltung mit Service Pack 2 (Version: 5.2.95)
Comfort Keys Pro 7.0.3.0 (Version: 7.0)
Cool & Quiet
Copernic Desktop Search - Home
CPUID CPU-Z 1.65.0
CPUID HWMonitor 1.23
CrystalDiskMark 3.0.2d (Version: 3.0.2d)
DDBAC (Version: 5.3.7)
DFÜ-Optimierer 1.40
DirectX 9.0c Extra Files (x86, x64) (Version: 1.10.06.0)
DirectX for Managed Code (Version: 1.0.0.0)
Dr. Hardware 2013 13.0d
Dragon NaturallySpeaking 12 (Version: 12.50.000)
Driver Fusion (Version: 1.7.0)
Driver Genius (Version: 12.0)
Driver Genius Professional 12.0.0.1306 (Version: 12.0.0.1306)
DriverEasy 4.5.2 (Version: 4.5.2.0)
Dropbox (HKCU Version: 2.2.9)
Dual-Core Optimizer (Version: 1.1.4.0169)
Duplicate Email Remover (Version: 2.18.0)
DVD Shrink 3.2 deutsch (DeCSS-frei)
EaseUS Data Recovery Wizard 6.0
EaseUS Partition Master 9.2.2
Emsisoft Anti-Malware (Version: 8.0)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Everything 1.3.3.658b (x86)
eXtra Buttons
FancyCache For Disk (Beta) 0.8.0 (Version: 0.8.0)
FileRestorePlus™ 3.0.4.503
FlashFolder (Version: 1.9.181.0)
FontExplorer X Pro 2.4.0 (Version: 002.004.0959)
FormatFactory 3.1.0 (Version: 3.1.0)
Free Audio Converter version 5.0.25.610 (Version: 5.0.25.610)
Free Extended Task Manager (Version: 1.0.0.46)
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
FreeFileSync 5.18 (Version: 5.18)
FreePDF (Remove only)
Glary Utilities 3.7 (Version: 3.7.0.127)
GMX ProfiFax (Version: 2.00.236)
GMX SMS-Manager (Version: 2.7.2)
GMX SMS-Manager (Version: 2.7.2.6)
GMX Upload-Manager (Version: 2.0.670)
Google Chrome Canary (HKCU Version: 30.0.1578.3)
Google Drive (Version: 1.10.4769.632)
GoogleClean (Version: 4.0.112)
GPL Ghostscript (Version: 9.07)
Greenfish Icon Editor Pro 3.25
Greenshot 1.1.5.2643 (Version: 1.1.5.2643)
Hardcopy (Version: 2013.02.01)
HD Tach version 3
HD Tune Pro 5.50
HDDlife Pro 4.0 (Version: 4.0.193)
HitmanPro 3.7 (Version: 3.7.6.201)
Hot CPU Tester Pro 4.4 (Version: 4.4 LE)
HWiNFO32 Version 4.20 (Version: 4.20)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Kaspersky Security Scan (Version: 12.0.1.340)
KC Softwares SUMo (Version: 3.7.1.204)
K-Meleon 1.5.4 de-DE (nur entfernen) (Version: 1.5.4)
Kyocera Product Library (Version: 3.3.0728)
LAME v3.99.3 (for Windows)
Launchy 2.6 Beta 2
Lexware Abschreibungsrechner (Version: 10.50.04.0001)
Lexware Elster (Version: 13.04.00.0113)
Lexware Info Service (Version: 2.70.00.0081)
Lexware lohnauskunft 2009 (Version: 17.50.00.0023)
Lexware lohnauskunft 2011 (Version: 19.60.00.0032)
Lexware online banking (Version: 13.00.00.0040)
Lexware QuickBooks 2012 (Version: 24.30.04.0047)
Logitech SetPoint 6.60 (Version: 6.60.170)
Marvell Miniport Driver (Version: 11.45.4.3)
Mein Schriftarten 1
Memory and CPU Observer 2.3 Personal (Beta)
Memory Measurer (HKCU Version: 1.0.0.1)
MFC RunTime files (Version: 1.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - DEU (Version: 1.1.50727.42)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.3.30730)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30730)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30730)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Bootvis (Version: 1.3.37)
Microsoft Expression Encoder 4 (Version: 4.0.4276.0)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.4276.0)
Microsoft Garage Mouse without Borders (Version: 2.1.2.1212)
Microsoft IntelliType Pro 8.2 (Version: 8.20.468.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Outlook-Sicherung für Persönliche Ordner (Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61187)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (Version: 9.0.30729.4048)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (Version: 9.0.30729.7523)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC90_CRT_x86 (Version: 1.0.0)
Mindjet (Version: 11.2.185)
Mindjet MindManager Pro 6 (Version: 6.2.399)
MSN
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0)
MultiMon TaskBar PRO 3 (Trial)
NexusFont 2.5 (ver 2.5.8.1582)
NovaBench 3.0.4
Nuance PaperPort 14 (Version: 14.0.0001)
Nuance PDF Create 7 (Version: 7.10.2332)
Nuance PDF Reader (Version: 7.00.0000)
Nuance PDF Viewer Plus (Version: 7.10.3211)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA nView 140.62 (Version: 140.62)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
NvMixer
O&O CleverCache (Version: 7.1.2737)
ObjectDock Plus (Version: 2.01)
Opera Stable 15.0.1147.130 (Version: 15.0.1147.130)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
Paint.NET v3.5.10 (Version: 3.60.0)
Panda Cloud Cleaner (Version: 1.0.50)
PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop (Version: 1.1.4241.14593)
PaperPort Image Printer (Version: 14.00.0000)
PC Fresh (Version: 2013)
PDF reDirect (remove only) (Version: v2.5.2)
PDF Split And Merge Basic (Version: 2.2.2)
PDF24 Creator 5.7.0
PDFCreator (Version: 1.7.1)
PDF-Viewer (Version: 2.5.210.0)
PDF-XChange 2012 (Version: 5.0.266.0)
PDF-XChange 3.0
PerformanceTest v7.0 (Version: 7.0)
PerformanceTest v8.0 (Version: 8.0.1020.0)
Picasa 3 (Version: 3.9)
Pirmasoft RunAsSvc - ComfortKeys (Version: 1.6.159.59)
Pirmasoft RunAsSvc - ComfortKeys2 (Version: 1.6.159.59)
Power Tray
Primo Ramdisk Ultimate Edition 5.5.0 (Version: 5.5.0)
Process Lasso (Version: 6.6.0.18)
PTFB Pro 4.6.0.0
RadarSync PC Updater 2013 (Version: 4.1.0.15322)
RAM Defrag (Version: 2.84)
Realtek AC'97 Audio (Version: 5.36)
Recuva (Version: 1.47)
RedMon - Redirection Port Monitor
Registry Backup v2.0
RENESIS® Player Browser Plugins (Version: 1.1.1)
Right Click Enhancer 4.1.1 (Version: 4.1.1)
RocketDock 1.3.5
Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2 (Version: 5.2.95)
SageThumbs 2.0.0.15 (Version: 2.0.0.15)
Samsung Magician (Version: 4.1.0)
SARDU 2.0.6.5 (Version: 2.0.6.5)
Scansoft PDF Create
SeaTools for Windows (Version: 1.2.0.7)
Secunia PSI (3.0.0.7009) (Version: 3.0.0.7009)
Sereby's XP SP3 Updatepack Version 3.9.7.1 (Version: Version 3.9.7.1)
Shutdown Timer (Version: 3.3.4)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2797052) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1)
SiSoftware Sandra Lite 2013.SP4 (Version: 19.50.2013.7)
SlimDrivers (Version: 2.2.30085)
soft Xpansion Perfect PDF 8 Reader (Version: 8.0.2.8)
Software Informer 1.1
Soluto (Version: 1.3.1385.0)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 2.1.19)
SpyHunter (Version: 4.14.5.4268)
Spyware Terminator 2012 (Version: 3.0.0.82)
SRWare Iron Version SRWare Iron 26.0.1450.0 (Version: SRWare Iron 26.0.1450.0)
SSD Fresh (Version: 2013)
SSD Tweaker version 3.0.3 (Version: 3.0.3)
Start Menu X Version 4.86 (Version: 4.86)
Startup Delayer v2.5 (build 137)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (Version: +Recorder.2013.55)
swMSM (Version: 12.0.0.1)
Synergy (Version: 1.4.11)
System Checkup 3.4 (Version: 3.4.0.49)
System Explorer 4.2.2
System Tray Cleaner 3
TaskSwitchXP (Version: 2.0.11)
TeamViewer 8 (Version: 8.0.19617)
TeraCopy 2.3 beta 2
TimeLeft (Version: 3.62)
Tor 0.2.3.25
TreeSize Professional 5.3.1 (Version: 5.3.1)
Treiber-Studio 2013 (Version: 8.1.327)
TrojanHunter 5.5 (Version: 5.5)
True Image 2013 (Version: 16.0.5551)
True Image 2013 Plus Pack (Version: 16.0.5551)
Tweak UI
TweakRAM (Version: 7.1.5.31)
Tweak-XP Pro 4
Typograf 5.1c (Version: 5.1c)
UltraSearch V1.7.1 (Version: 1.7.1)
Unlocker 1.9.2 (Version: 1.9.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update für Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update für Windows Internet Explorer 8 (KB2632503) (Version: 1)
USB Safely Remove 5.1
UseNeXT by Tangysoft
User Profile Hive Cleanup Service (Version: 1.6.36)
Vidalia 0.2.21
VirtualCloneDrive
VirusKeeper 2011 Pro Probeversion
VirusTotal Uploader 2.0
Vit Registry Fix 12.5 (remove only)
VLC media player 2.0.7 (Version: 2.0.7)
WebFldrs XP (Version: 9.50.7523)
WebTemp 3.38 (kostenlose Version)
WindowManager (Version: 3.3.3)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1 (Version: 5.1.0715)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WindowSpace (Version: 2.5.8)
WinRAR 5.00 beta 7 (32-bit) (Version: 5.00.7)
WinSplit Revolution (v11.04) (Version: 11.04)
WinXP Cleaner (Version: 2.0.0)
Wise Care 365 version 2.49 (Version: 2.49)
Wise Disk Cleaner 7.85 (Version: 7.85)
Wise Registry Cleaner 7.73 (Version: 7.73)
WSCC 2.1.2.0
XP Services Optimizer (Version: 1.0.52)
xplorer² professional 32 bit (Version: 2.3.0.1)
XQDC X-Setup Pro 9.2.100 (Version: 9.2.100)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 

==================== Restore Points  =========================

29-07-2013 10:04:32 O&O DriveLED Professional wurde entfernt.

==================== Hosts content: ==========================

2001-08-18 13:00 - 2013-07-11 17:04 - 00447984 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1        localhost
127.0.0.1        activation.acronis.com
127.0.0.1        mpa.one.microsoft.com
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Alternative Flash Player Auto-Updater.job => D:\_updates\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe
Task: C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job => D:\_updates\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 3.job => D:\_tweak\Glary Utilities 3\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1960408961-1801674531-1003Core.job => C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1960408961-1801674531-1003UA.job => C:\Dokumente und Einstellungen\Elmar-Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Wise Care 365.job => D:\_tweak\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => D:\_tweak\Wise Care 365\WiseTurbo.exe
Task: C:\WINDOWS\Tasks\XP Services Optimizer Update Task.job => C:\WINDOWS\system32\WebUpdate.exe

==================== Faulty Device Manager Devices =============

Name: NVIDIA nForce 10/100/1000 Mbps Ethernet #2
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Parport
Description: Parport
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Parport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Serial
Description: Serial
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Serial
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 00:28:21 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:47:27 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:42:57 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:38:27 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:33:57 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:20:26 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:15:55 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/28/2013 10:17:27 PM) (Source: Microsoft Office 11) (User: )
Description: Accepted Safe Mode action : Microsoft Office Word.

Error: (07/28/2013 07:34:07 PM) (Source: Microsoft Office 11) (User: )
Description: Accepted Safe Mode action : Microsoft Office Word.

Error: (07/28/2013 07:33:48 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application winword.exe, version 11.0.8402.0, stamp 5156197e, faulting module ole32.dll, version 5.1.2600.6168, stamp 4eb018d0, debug? 0, fault address 0x00027008.


System errors:
=============
Error: (07/29/2013 03:34:39 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Soluto PCGenome Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/29/2013 03:34:38 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Soluto Launcher Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/29/2013 03:07:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Logitech Beep Suppression Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (07/29/2013 00:37:36 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Soluto PCGenome Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/29/2013 00:37:35 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Soluto Launcher Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/29/2013 00:28:03 PM) (Source: 0) (User: )
Description: 0xC000000DMSI28400.tmpArchiCryptVDc1

Error: (07/29/2013 00:27:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Logitech Beep Suppression Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (07/29/2013 00:26:19 PM) (Source: 0) (User: )
Description: 0xC0000010Au_.exeFancyRdRawPort0Target0

Error: (07/29/2013 00:17:32 PM) (Source: 0) (User: )
Description: 0xC000000DLOG.oldArchiCryptVDc1

Error: (07/29/2013 11:46:05 AM) (Source: 0) (User: )
Description: 0xC000000DLOG.oldArchiCryptVDc1


Microsoft Office Sessions:
=========================
Error: (07/29/2013 00:28:21 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:47:27 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:42:57 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:38:27 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:33:57 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:20:26 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/29/2013 11:15:55 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/28/2013 10:17:27 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office WordWord hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?

Error: (07/28/2013 07:34:07 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office WordWord konnte zuletzt nicht korrekt gestartet werden.  Das Starten von Word im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, so dass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Word im abgesicherten Modus starten?

Error: (07/28/2013 07:33:48 PM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.8402.05156197eole32.dll5.1.2600.61684eb018d0000027008


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 2815.48 MB
Available physical RAM: 814 MB
Total Pagefile: 5719.57 MB
Available Pagefile: 2255.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.34 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:25.73 GB) (Free:8.53 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Programme) (Fixed) (Total:6.01 GB) (Free:0.91 GB) NTFS
Drive e: (Eigenes) (Fixed) (Total:21.03 GB) (Free:5.48 GB) NTFS
Drive f: (_) (Fixed) (Total:30.91 GB) (Free:14.35 GB) NTFS
Drive g: (Acronis Media) (CDROM) (Total:0.34 GB) (Free:0 GB) CDFS
Drive i: (Backup Daten) (Fixed) (Total:90.82 GB) (Free:12.29 GB) NTFS
Drive q: (_) (Fixed) (Total:0.29 GB) (Free:0.14 GB) NTFS
Drive r: (_) (Fixed) (Total:1.12 GB) (Free:0.34 GB) NTFS
Drive t: (500 GB Tr) (Fixed) (Total:465.76 GB) (Free:134.56 GB) NTFS
Drive u: (300 GB BU) (Fixed) (Total:383.85 GB) (Free:269.18 GB) NTFS
Drive v: (640 GB 2,5) (Fixed) (Total:596.16 GB) (Free:110.51 GB) NTFS
Drive w: (025 GB WD (W:)) (Fixed) (Total:25.59 GB) (Free:13.76 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1 GB) (Disk ID: CE7AF322)
Partition 1: (Not Active) - (Size=1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 112 GB) (Disk ID: A3F54628)
Partition 1: (Active) - (Size=21 GB) - (Type=17)
Partition 2: (Not Active) - (Size=91 GB) - (Type=05)

========================================================
Disk: 2 (Size: 84 GB) (Disk ID: 317EB258)
Partition 1: (Active) - (Size=26 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=84 GB) - (Type=OF Extended)

========================================================
Disk: 3 (Size: 466 GB) (Disk ID: A13BC6F8)
Partition 1: (Active) - (Size=26 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=26 GB) - (Type=17)
Partition 3: (Not Active) - (Size=31 GB) - (Type=17)
Partition 4: (Not Active) - (Size=384 GB) - (Type=OF Extended)

==================== End Of Log ============================
hätte noch einen neuen Kaspersky intensiveren Scan Ergebnis.... Den hat er nach Neustart gemacht? Soll ich den posten?

Wahnsinnnnnn, was ihr da jetzt alles anschauen müßt......

Vielen Vielen Dank!!

Elmar

cosinus 29.07.2013 22:43
Zitat:
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Eule69 30.07.2013 06:22
Hallo Cosinus,

schön, dass Du Dich darum kümmerst, Vielen Dank!

Pro deswegen, weil es erweiterte Funktionen gibt, z.B. gpedt.msc, da kann ich über den Anlagen Manager ausschalten, dass jedes Mal die Sicherheitswarnung bei geöffneten .exe und .msi Dateien kommt.

Ich war mal selbständig, aber momentan nicht. Ich installiere NIE die HomeVersion, irgendwas fehlt dann doch immer...

Es ist ein Privatrechner, definitiv!

herzliche Grüße

Elmar

NOch ein Ergebnis von SpyWareHunter

http://www.workupload.com/image/4waRoNy

cosinus 30.07.2013 08:51
Ok, danke für die Erklärung

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Eule69 30.07.2013 14:17
GMER

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-30 15:10:26
Windows 5.1.2600 Service Pack 3 \Device\Harddisk2\DR2 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 KINGSTON rev.502A 83,85GB
Running: gmer_2.1.19163.exe; Driver: R:\z_temp\TEMP\kwlyrpoc.sys


---- System - GMER 2.1 ----

SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                                                ZwUnloadKey [0xB6FEF75C]

---- Kernel code sections - GMER 2.1 ----

?              imofugc.sys                                                                                                                                    Das System kann die angegebene Datei nicht finden. !
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                      section is writeable [0xF525E3C0, 0x74AA7A, 0xE8000020]
?              C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                                                                    Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 2.1 ----

.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtCreateFile                  7C91D0AE 1 Byte  [FF]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtCreateFile                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtCreateFile + 4              7C91D0B2 2 Bytes  [7A, 71] {JP 0x73}
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtDeleteValueKey              7C91D26E 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtDeleteValueKey + 4          7C91D272 2 Bytes  [80, 71]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtOpenFile                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtOpenFile + 4                7C91D5A2 2 Bytes  [77, 71] {JA 0x73}
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtOpenProcess                  7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtOpenProcess + 4              7C91D602 2 Bytes  [7D, 71] {JGE 0x73}
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtSetContextThread            7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtSetContextThread + 4        7C91DBB2 2 Bytes  [74, 71] {JZ 0x73}
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtSetValueKey                  7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ntdll.dll!NtSetValueKey + 4              7C91DDD2 2 Bytes  [83, 71]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] kernel32.dll!LoadLibraryExW + C4        7C801BB9 4 Bytes  CALL 71AF0001
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] kernel32.dll!CreateProcessInternalW      7C819EA8 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] kernel32.dll!CreateProcessInternalW + 4  7C819EAC 2 Bytes  [71, 71] {JNO 0x73}
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] WS2_32.dll!WSALookupServiceBeginW        71A135EF 6 Bytes  JMP 71A5000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] WS2_32.dll!connect                      71A14A07 6 Bytes  JMP 71AB000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] WS2_32.dll!listen                        71A18CD3 6 Bytes  JMP 71A8000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ADVAPI32.dll!CreateServiceA              77E07219 6 Bytes  JMP 718A000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] ADVAPI32.dll!CreateServiceW              77E073B1 6 Bytes  JMP 7187000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!PostMessageW                  7E368CCB 6 Bytes  JMP 718D000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!SendMessageW                  7E37929A 6 Bytes  JMP 7193000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!PostMessageA                  7E37AAFD 6 Bytes  JMP 7190000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!SendInput                    7E37F140 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!SendInput + 4                7E37F144 2 Bytes  [98, 71]
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!SendMessageA                  7E37F3C2 6 Bytes  JMP 7196000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!mouse_event                  7E3B673F 6 Bytes  JMP 719F000A
.text          D:\_improve system\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe[796] USER32.dll!keybd_event                  7E3B6783 6 Bytes  JMP 719C000A
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtCreateFile                                                                                            7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtCreateFile                                                                                            7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtCreateFile + 4                                                                                        7C91D0B2 2 Bytes  [86, 71]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtDeleteValueKey                                                                                        7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtDeleteValueKey + 4                                                                                    7C91D272 2 Bytes  [8C, 71]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtOpenFile                                                                                              7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtOpenFile + 4                                                                                          7C91D5A2 2 Bytes  [83, 71]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtOpenProcess                                                                                          7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtOpenProcess + 4                                                                                      7C91D602 2 Bytes  [89, 71]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtSetContextThread                                                                                      7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtSetContextThread + 4                                                                                  7C91DBB2 2 Bytes  [80, 71]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtSetValueKey                                                                                          7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtSetValueKey + 4                                                                                      7C91DDD2 2 Bytes  [8F, 71]
.text          C:\WINDOWS\Explorer.EXE[972] kernel32.dll!LoadLibraryExW + C4                                                                                  7C801BB9 4 Bytes  CALL 71AF0001
.text          C:\WINDOWS\Explorer.EXE[972] kernel32.dll!CreateProcessInternalW                                                                              7C819EA8 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] kernel32.dll!CreateProcessInternalW + 4                                                                          7C819EAC 2 Bytes  [7D, 71] {JGE 0x73}
.text          C:\WINDOWS\Explorer.EXE[972] ADVAPI32.dll!CreateServiceA                                                                                      77E07219 6 Bytes  JMP 7196000A
.text          C:\WINDOWS\Explorer.EXE[972] ADVAPI32.dll!CreateServiceW                                                                                      77E073B1 6 Bytes  JMP 7193000A
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!PostMessageW                                                                                          7E368CCB 6 Bytes  JMP 7199000A
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!SendMessageW                                                                                          7E37929A 6 Bytes  JMP 719F000A
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!PostMessageA                                                                                          7E37AAFD 6 Bytes  JMP 719C000A
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!SendInput                                                                                              7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!SendInput + 4                                                                                          7E37F144 2 Bytes  [A4, 71]
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!SendMessageA                                                                                          7E37F3C2 6 Bytes  JMP 71A2000A
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!mouse_event                                                                                            7E3B673F 6 Bytes  JMP 71AB000A
.text          C:\WINDOWS\Explorer.EXE[972] USER32.dll!keybd_event                                                                                            7E3B6783 6 Bytes  JMP 71A8000A
.text          C:\WINDOWS\Explorer.EXE[972] WS2_32.dll!WSALookupServiceBeginW                                                                                038A35EF 6 Bytes  JMP 716C000A
.text          C:\WINDOWS\Explorer.EXE[972] WS2_32.dll!connect                                                                                                038A4A07 6 Bytes  JMP 7172000A
.text          C:\WINDOWS\Explorer.EXE[972] WS2_32.dll!listen                                                                                                038A8CD3 6 Bytes  JMP 716F000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtCreateFile                                                                  7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtCreateFile                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtCreateFile + 4                                                              7C91D0B2 2 Bytes  [70, 71] {JO 0x73}
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtDeleteValueKey                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtDeleteValueKey + 4                                                          7C91D272 2 Bytes  [76, 71] {JBE 0x73}
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtOpenFile                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtOpenFile + 4                                                                7C91D5A2 2 Bytes  [6D, 71]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtOpenProcess                                                                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtOpenProcess + 4                                                            7C91D602 2 Bytes  [73, 71] {JAE 0x73}
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtSetContextThread                                                            7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtSetContextThread + 4                                                        7C91DBB2 2 Bytes  [6A, 71] {PUSH 0x71}
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtSetValueKey                                                                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ntdll.dll!NtSetValueKey + 4                                                            7C91DDD2 2 Bytes  [79, 71] {JNS 0x73}
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] kernel32.dll!LoadLibraryExW + C4                                                        7C801BB9 4 Bytes  CALL 71AC0001
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] kernel32.dll!CreateProcessInternalW                                                    7C819EA8 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] kernel32.dll!CreateProcessInternalW + 4                                                7C819EAC 2 Bytes  [67, 71]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ADVAPI32.dll!CreateServiceA                                                            77E07219 6 Bytes  JMP 7180000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] ADVAPI32.dll!CreateServiceW                                                            77E073B1 6 Bytes  JMP 717D000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!PostMessageW                                                                7E368CCB 6 Bytes  JMP 7183000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!SendMessageW                                                                7E37929A 6 Bytes  JMP 7189000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!PostMessageA                                                                7E37AAFD 6 Bytes  JMP 7186000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!SendInput                                                                    7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!SendInput + 4                                                                7E37F144 2 Bytes  [8E, 71]
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!SendMessageA                                                                7E37F3C2 6 Bytes  JMP 718C000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!mouse_event                                                                  7E3B673F 6 Bytes  JMP 7195000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] USER32.dll!keybd_event                                                                  7E3B6783 6 Bytes  JMP 7192000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] WS2_32.dll!WSALookupServiceBeginW                                                      71A135EF 6 Bytes  JMP 7198000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] WS2_32.dll!connect                                                                      71A14A07 6 Bytes  JMP 719E000A
.text          C:\Programme\Microsoft IntelliType Pro\itype.exe[1592] WS2_32.dll!listen                                                                      71A18CD3 6 Bytes  JMP 719B000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtCreateFile                                                                                  7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtCreateFile                                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtCreateFile + 4                                                                              7C91D0B2 2 Bytes  [86, 71]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtDeleteValueKey                                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtDeleteValueKey + 4                                                                          7C91D272 2 Bytes  [8C, 71]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtOpenFile                                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtOpenFile + 4                                                                                7C91D5A2 2 Bytes  [83, 71]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtOpenProcess                                                                                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtOpenProcess + 4                                                                            7C91D602 2 Bytes  [89, 71]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtSetContextThread                                                                            7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtSetContextThread + 4                                                                        7C91DBB2 2 Bytes  [80, 71]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtSetValueKey                                                                                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ntdll.dll!NtSetValueKey + 4                                                                            7C91DDD2 2 Bytes  [8F, 71]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 71AF0001
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] kernel32.dll!CreateProcessInternalW                                                                    7C819EA8 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] kernel32.dll!CreateProcessInternalW + 4                                                                7C819EAC 2 Bytes  [7D, 71] {JGE 0x73}
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!PostMessageW                                                                                7E368CCB 6 Bytes  JMP 7199000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!SendMessageW                                                                                7E37929A 6 Bytes  JMP 719F000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!PostMessageA                                                                                7E37AAFD 6 Bytes  JMP 719C000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!SendInput                                                                                    7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!SendInput + 4                                                                                7E37F144 2 Bytes  [A4, 71]
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!SendMessageA                                                                                7E37F3C2 6 Bytes  JMP 71A2000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!mouse_event                                                                                  7E3B673F 6 Bytes  JMP 71AB000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] USER32.dll!keybd_event                                                                                  7E3B6783 6 Bytes  JMP 71A8000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ADVAPI32.dll!CreateServiceA                                                                            77E07219 6 Bytes  JMP 7196000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] ADVAPI32.dll!CreateServiceW                                                                            77E073B1 6 Bytes  JMP 7193000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] WS2_32.dll!WSALookupServiceBeginW                                                                      00BD35EF 6 Bytes  JMP 716A000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] WS2_32.dll!connect                                                                                      00BD4A07 6 Bytes  JMP 7172000A
.text          C:\WINDOWS\system32\RunDLL32.exe[1940] WS2_32.dll!listen                                                                                      00BD8CD3 6 Bytes  JMP 716D000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtCreateFile                                                                                  7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtCreateFile                                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtCreateFile + 4                                                                              7C91D0B2 2 Bytes  [86, 71]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtDeleteValueKey                                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtDeleteValueKey + 4                                                                          7C91D272 2 Bytes  [8C, 71]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtOpenFile                                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtOpenFile + 4                                                                                7C91D5A2 2 Bytes  [83, 71]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtOpenProcess                                                                                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtOpenProcess + 4                                                                            7C91D602 2 Bytes  [89, 71]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtSetContextThread                                                                            7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtSetContextThread + 4                                                                        7C91DBB2 2 Bytes  [80, 71]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtSetValueKey                                                                                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] ntdll.dll!NtSetValueKey + 4                                                                            7C91DDD2 2 Bytes  [8F, 71]
.text          C:\WINDOWS\system32\rundll32.exe[2052] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 71AF0001
.text          C:\WINDOWS\system32\rundll32.exe[2052] kernel32.dll!CreateProcessInternalW                                                                    7C819EA8 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] kernel32.dll!CreateProcessInternalW + 4                                                                7C819EAC 2 Bytes  [7D, 71] {JGE 0x73}
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!PostMessageW                                                                                7E368CCB 6 Bytes  JMP 7199000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!SendMessageW                                                                                7E37929A 6 Bytes  JMP 719F000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!PostMessageA                                                                                7E37AAFD 6 Bytes  JMP 719C000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!SendInput                                                                                    7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!SendInput + 4                                                                                7E37F144 2 Bytes  [A4, 71]
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!SendMessageA                                                                                7E37F3C2 6 Bytes  JMP 71A2000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!mouse_event                                                                                  7E3B673F 6 Bytes  JMP 71AB000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] USER32.dll!keybd_event                                                                                  7E3B6783 6 Bytes  JMP 71A8000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] ADVAPI32.dll!CreateServiceA                                                                            77E07219 6 Bytes  JMP 7196000A
.text          C:\WINDOWS\system32\rundll32.exe[2052] ADVAPI32.dll!CreateServiceW                                                                            77E073B1 6 Bytes  JMP 7193000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtCreateFile                                                                    7C91D0AE 1 Byte  [FF]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtCreateFile                                                                    7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtCreateFile + 4                                                                7C91D0B2 2 Bytes  [80, 71]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtDeleteValueKey                                                                7C91D26E 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtDeleteValueKey + 4                                                            7C91D272 2 Bytes  [86, 71]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtOpenFile                                                                      7C91D59E 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtOpenFile + 4                                                                  7C91D5A2 2 Bytes  [7D, 71] {JGE 0x73}
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtOpenProcess                                                                    7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtOpenProcess + 4                                                                7C91D602 2 Bytes  [83, 71]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtSetContextThread                                                              7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtSetContextThread + 4                                                          7C91DBB2 2 Bytes  [7A, 71] {JP 0x73}
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtSetValueKey                                                                    7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ntdll.dll!NtSetValueKey + 4                                                                7C91DDD2 2 Bytes  [89, 71]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] kernel32.dll!LoadLibraryExW + C4                                                          7C801BB9 4 Bytes  CALL 71AF0001
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] kernel32.dll!CreateProcessInternalW                                                        7C819EA8 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] kernel32.dll!CreateProcessInternalW + 4                                                    7C819EAC 2 Bytes  [77, 71] {JA 0x73}
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!PostMessageW                                                                    7E368CCB 6 Bytes  JMP 7193000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!SendMessageW                                                                    7E37929A 6 Bytes  JMP 7199000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!PostMessageA                                                                    7E37AAFD 6 Bytes  JMP 7196000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!SendInput                                                                      7E37F140 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!SendInput + 4                                                                  7E37F144 2 Bytes  [9E, 71]
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!SendMessageA                                                                    7E37F3C2 6 Bytes  JMP 719C000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!mouse_event                                                                    7E3B673F 6 Bytes  JMP 71A5000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] USER32.dll!keybd_event                                                                    7E3B6783 6 Bytes  JMP 71A2000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ADVAPI32.dll!CreateServiceA                                                                77E07219 6 Bytes  JMP 7190000A
.text          D:\_improve system\MMTaskbar 3.0\MultiMon.exe[2072] ADVAPI32.dll!CreateServiceW                                                                77E073B1 6 Bytes  JMP 718D000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtCreateFile                                                                  7C91D0AE 1 Byte  [FF]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtCreateFile                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtCreateFile + 4                                                              7C91D0B2 2 Bytes  [84, 71]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtDeleteValueKey                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtDeleteValueKey + 4                                                          7C91D272 2 Bytes  [8A, 71]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtOpenFile                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtOpenFile + 4                                                                7C91D5A2 2 Bytes  [81, 71]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtOpenProcess                                                                  7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtOpenProcess + 4                                                              7C91D602 2 Bytes  [87, 71]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtSetContextThread                                                            7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtSetContextThread + 4                                                        7C91DBB2 2 Bytes  [7E, 71] {JLE 0x73}
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtSetValueKey                                                                  7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ntdll.dll!NtSetValueKey + 4                                                              7C91DDD2 2 Bytes  [8D, 71]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] kernel32.dll!LoadLibraryExW + C4                                                        7C801BB9 4 Bytes  CALL 71AF0001
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] kernel32.dll!CreateProcessInternalW                                                      7C819EA8 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] kernel32.dll!CreateProcessInternalW + 4                                                  7C819EAC 2 Bytes  [7B, 71] {JNP 0x73}
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ADVAPI32.dll!CreateServiceA                                                              77E07219 6 Bytes  JMP 7194000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] ADVAPI32.dll!CreateServiceW                                                              77E073B1 6 Bytes  JMP 7191000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!PostMessageW                                                                  7E368CCB 6 Bytes  JMP 7197000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!SendMessageW                                                                  7E37929A 6 Bytes  JMP 719D000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!PostMessageA                                                                  7E37AAFD 6 Bytes  JMP 719A000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!SendInput                                                                    7E37F140 3 Bytes  [FF, 25, 1E]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!SendInput + 4                                                                7E37F144 2 Bytes  [A2, 71]
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!SendMessageA                                                                  7E37F3C2 6 Bytes  JMP 71A0000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!mouse_event                                                                  7E3B673F 6 Bytes  JMP 71AB000A
.text          D:\_filemanagement\xplorer² pro\xplorer2_UC.exe[2788] USER32.dll!keybd_event                                                                  7E3B6783 6 Bytes  JMP 71A6000A
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtCreateFile                                                                                  7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtCreateFile                                                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtCreateFile + 4                                                                              7C91D0B2 2 Bytes  [74, 71] {JZ 0x73}
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtDeleteValueKey                                                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtDeleteValueKey + 4                                                                          7C91D272 2 Bytes  [7A, 71] {JP 0x73}
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtOpenFile                                                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtOpenFile + 4                                                                                7C91D5A2 2 Bytes  [71, 71] {JNO 0x73}
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtOpenProcess                                                                                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtOpenProcess + 4                                                                            7C91D602 2 Bytes  [77, 71] {JA 0x73}
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtSetContextThread                                                                            7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtSetContextThread + 4                                                                        7C91DBB2 2 Bytes  [6E, 71]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtSetValueKey                                                                                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] ntdll.dll!NtSetValueKey + 4                                                                            7C91DDD2 2 Bytes  [7D, 71] {JGE 0x73}
.text          C:\Programme\Launchy\Launchy.exe[3008] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 71AF0001
.text          C:\Programme\Launchy\Launchy.exe[3008] kernel32.dll!CreateProcessInternalW                                                                    7C819EA8 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] kernel32.dll!CreateProcessInternalW + 4                                                                7C819EAC 2 Bytes  [6B, 71]
.text          C:\Programme\Launchy\Launchy.exe[3008] ADVAPI32.dll!CreateServiceA                                                                            77E07219 6 Bytes  JMP 7184000A
.text          C:\Programme\Launchy\Launchy.exe[3008] ADVAPI32.dll!CreateServiceW                                                                            77E073B1 6 Bytes  JMP 7181000A
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!PostMessageW                                                                                7E368CCB 6 Bytes  JMP 7187000A
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!SendMessageW                                                                                7E37929A 6 Bytes  JMP 718D000A
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!PostMessageA                                                                                7E37AAFD 6 Bytes  JMP 718A000A
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!SendInput                                                                                    7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!SendInput + 4                                                                                7E37F144 2 Bytes  [92, 71]
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!SendMessageA                                                                                7E37F3C2 6 Bytes  JMP 7190000A
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!mouse_event                                                                                  7E3B673F 6 Bytes  JMP 7199000A
.text          C:\Programme\Launchy\Launchy.exe[3008] USER32.dll!keybd_event                                                                                  7E3B6783 6 Bytes  JMP 7196000A
.text          C:\Programme\Launchy\Launchy.exe[3008] WS2_32.dll!WSALookupServiceBeginW                                                                      71A135EF 6 Bytes  JMP 719C000A
.text          C:\Programme\Launchy\Launchy.exe[3008] WS2_32.dll!connect                                                                                      71A14A07 6 Bytes  JMP 71A5000A
.text          C:\Programme\Launchy\Launchy.exe[3008] WS2_32.dll!listen                                                                                      71A18CD3 6 Bytes  JMP 719F000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtCreateFile                                                                7C91D0AE 1 Byte  [FF]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtCreateFile                                                                7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtCreateFile + 4                                                            7C91D0B2 2 Bytes  [79, 71] {JNS 0x73}
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtDeleteValueKey                                                            7C91D26E 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtDeleteValueKey + 4                                                        7C91D272 2 Bytes  [7F, 71] {JG 0x73}
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtOpenFile                                                                  7C91D59E 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtOpenFile + 4                                                              7C91D5A2 2 Bytes  [76, 71] {JBE 0x73}
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtOpenProcess                                                              7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtOpenProcess + 4                                                          7C91D602 2 Bytes  [7C, 71] {JL 0x73}
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtSetContextThread                                                          7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtSetContextThread + 4                                                      7C91DBB2 2 Bytes  [73, 71] {JAE 0x73}
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtSetValueKey                                                              7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ntdll.dll!NtSetValueKey + 4                                                          7C91DDD2 2 Bytes  [82, 71]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] kernel32.dll!LoadLibraryExW + C4                                                      7C801BB9 4 Bytes  CALL 71AF0001
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] kernel32.dll!CreateProcessInternalW                                                  7C819EA8 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] kernel32.dll!CreateProcessInternalW + 4                                              7C819EAC 2 Bytes  [70, 71] {JO 0x73}
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!PostMessageW                                                              7E368CCB 6 Bytes  JMP 718C000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!SendMessageW                                                              7E37929A 6 Bytes  JMP 7192000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!PostMessageA                                                              7E37AAFD 6 Bytes  JMP 718F000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!SendInput                                                                  7E37F140 3 Bytes  [FF, 25, 1E]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!SendInput + 4                                                              7E37F144 2 Bytes  [97, 71]
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!SendMessageA                                                              7E37F3C2 6 Bytes  JMP 7195000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!mouse_event                                                                7E3B673F 6 Bytes  JMP 719E000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] USER32.dll!keybd_event                                                                7E3B6783 6 Bytes  JMP 719B000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ADVAPI32.dll!CreateServiceA                                                          77E07219 6 Bytes  JMP 7189000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] ADVAPI32.dll!CreateServiceW                                                          77E073B1 6 Bytes  JMP 7186000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] WS2_32.dll!WSALookupServiceBeginW                                                    71A135EF 6 Bytes  JMP 71A5000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] WS2_32.dll!connect                                                                    71A14A07 6 Bytes  JMP 71AB000A
.text          D:\_improve system\WindowManager\WindowManager.exe[3028] WS2_32.dll!listen                                                                    71A18CD3 6 Bytes  JMP 71A8000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtCreateFile                                                                                7C91D0AE 1 Byte  [FF]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtCreateFile                                                                                7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtCreateFile + 4                                                                            7C91D0B2 2 Bytes  [7E, 71] {JLE 0x73}
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtDeleteValueKey                                                                            7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtDeleteValueKey + 4                                                                        7C91D272 2 Bytes  [84, 71]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtOpenFile                                                                                  7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtOpenFile + 4                                                                              7C91D5A2 2 Bytes  [7B, 71] {JNP 0x73}
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtOpenProcess                                                                              7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtOpenProcess + 4                                                                          7C91D602 2 Bytes  [81, 71]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtSetContextThread                                                                          7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtSetContextThread + 4                                                                      7C91DBB2 2 Bytes  [78, 71] {JS 0x73}
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtSetValueKey                                                                              7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] ntdll.dll!NtSetValueKey + 4                                                                          7C91DDD2 2 Bytes  [87, 71]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] kernel32.dll!LoadLibraryExW + C4                                                                      7C801BB9 4 Bytes  CALL 71AF0001
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] kernel32.dll!CreateProcessInternalW                                                                  7C819EA8 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] kernel32.dll!CreateProcessInternalW + 4                                                              7C819EAC 2 Bytes  [75, 71] {JNZ 0x73}
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!PostMessageW                                                                              7E368CCB 6 Bytes  JMP 7191000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!SendMessageW                                                                              7E37929A 6 Bytes  JMP 7197000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!PostMessageA                                                                              7E37AAFD 6 Bytes  JMP 7194000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!SendInput                                                                                  7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!SendInput + 4                                                                              7E37F144 2 Bytes  [9C, 71]
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!SendMessageA                                                                              7E37F3C2 6 Bytes  JMP 719A000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!mouse_event                                                                                7E3B673F 6 Bytes  JMP 71A3000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] user32.dll!keybd_event                                                                                7E3B6783 6 Bytes  JMP 71A0000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] advapi32.dll!CreateServiceA                                                                          77E07219 6 Bytes  JMP 718E000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] advapi32.dll!CreateServiceW                                                                          77E073B1 6 Bytes  JMP 718B000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] WS2_32.dll!WSALookupServiceBeginW                                                                    010535EF 6 Bytes  JMP 716D000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] WS2_32.dll!connect                                                                                    01054A07 6 Bytes  JMP 7173000A
.text          C:\Programme\TweakRAM\TweakRAM.exe[3568] WS2_32.dll!listen                                                                                    01058CD3 6 Bytes  JMP 7170000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtCreateFile                                          7C91D0AE 1 Byte  [FF]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtCreateFile                                          7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtCreateFile + 4                                      7C91D0B2 2 Bytes  [86, 71]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtDeleteValueKey                                      7C91D26E 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtDeleteValueKey + 4                                  7C91D272 2 Bytes  [8C, 71]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtOpenFile                                            7C91D59E 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtOpenFile + 4                                        7C91D5A2 2 Bytes  [83, 71]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtOpenProcess                                        7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtOpenProcess + 4                                    7C91D602 2 Bytes  [89, 71]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtSetContextThread                                    7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtSetContextThread + 4                                7C91DBB2 2 Bytes  [80, 71]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtSetValueKey                                        7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ntdll.dll!NtSetValueKey + 4                                    7C91DDD2 2 Bytes  [8F, 71]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 71AF0001
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] kernel32.dll!CreateProcessInternalW                            7C819EA8 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] kernel32.dll!CreateProcessInternalW + 4                        7C819EAC 2 Bytes  [7D, 71] {JGE 0x73}
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!PostMessageW                                        7E368CCB 6 Bytes  JMP 7199000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!SendMessageW                                        7E37929A 6 Bytes  JMP 719F000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!PostMessageA                                        7E37AAFD 6 Bytes  JMP 719C000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!SendInput                                            7E37F140 3 Bytes  [FF, 25, 1E]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!SendInput + 4                                        7E37F144 2 Bytes  [A4, 71]
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!SendMessageA                                        7E37F3C2 6 Bytes  JMP 71A2000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!mouse_event                                          7E3B673F 6 Bytes  JMP 71AB000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] USER32.dll!keybd_event                                          7E3B6783 6 Bytes  JMP 71A8000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ADVAPI32.dll!CreateServiceA                                    77E07219 6 Bytes  JMP 7196000A
.text          E:\_ dropbox _\Dropbox\_ install new\__new\z_security\gmer_2.1.19163.exe[3880] ADVAPI32.dll!CreateServiceW                                    77E073B1 6 Bytes  JMP 7193000A

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                        tdrpman.sys

Device          \FileSystem\Fastfat \FatCdrom                                                                                                                  B6C0BD20
Device          \Driver\Ftdisk \Device\HarddiskVolume12                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume13                                                                                                        fltsrv.sys
Device          \FileSystem\mbamchameleon \Device\devmbamchameleon                                                                                            B7C48690
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume5                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume6                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume7                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume8                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume9                                                                                                        fltsrv.sys
Device          \Driver\Disk \Device\Harddisk0\DR0                                                                                                            fltsrv.sys
Device          \Driver\Disk \Device\Harddisk1\DR1                                                                                                            fltsrv.sys
Device          \Driver\Disk \Device\Harddisk2\DR2                                                                                                            fltsrv.sys
Device          \Driver\Disk \Device\Harddisk3\DR3                                                                                                            fltsrv.sys
Device          \Driver\Disk \Device\Harddisk4\DR15                                                                                                            fltsrv.sys
Device          \Driver\Disk \Device\Harddisk5\DR17                                                                                                            fltsrv.sys
Device          \Driver\Disk \Device\Harddisk6\DR18                                                                                                            fltsrv.sys
Device          \Driver\Disk \Device\Harddisk6\DP(1)0-0+14                                                                                                    fltsrv.sys
Device          \Driver\Ftdisk \Device\FtControl                                                                                                              fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume10                                                                                                        fltsrv.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume11                                                                                                        fltsrv.sys
Device          \FileSystem\Fastfat \Fat                                                                                                                      B6C0BD20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                      tdrpman.sys
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                      fltMgr.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Control\Video\{ACF7F00A-9B7C-4D40-AAED-C312A9DDBC3F}\0000@D3D_\x3332\x3331                                      2089309684
Reg            HKLM\SYSTEM\CurrentControlSet\Control\Video\{ACF7F00A-9B7C-4D40-AAED-C312A9DDBC3F}\0001@D3D_\x3332\x3331                                      2089309684
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                         
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODLED04.00.00.01PRO                                                                    F7C90C2AC8D53403A2FB679DB2ADB952034760D4970E4B5D902751551A7F82C05576423479BF298BCB4DD9353F413F46D1266931F87B01462FD3FCDC80898F55A15087C9DB2114A004D096CD21490884002F1825F3F3FD9952A2B2F71259811F15C72BA1EAA8072BAEFA5DCB4B0BE8B3BAFD3DE19673F4DB8F72F2C793BB0E21D0A27E644699D84A15166F87D65E77AD10022B0D9205DE4460F8C1DA70132E0FD5F756332F4B224EDFC095CCFEAF1001F6FCBA3DBA4A783D223B28B9B4559FD10CB58CA10E2AC23C216B185CA47FD1714586C7818AF940E6961733DD138E6204BB1DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D6794A6171C11EC38DE3DA2D97226D213B555A99332BF30528C42E977DA8E1C6D6CBB24E314FB4BAC987BAD52806BA8192D7C8EB8A3B8068BA828D483649581123E5F0064303DEC9FB6CF716D9F725597601D767F3452089F995DDF839EF13941D95BA8799FD1AD625AB225566F9DF806443A54ABB2B8CE667AB6AF2891A55FD1E2E812E2453248E5CEE33278C9770F926CB3A17697ACB469C75B6C976CC6CECA5E15395327683A51C3F2803431A2579ECF42D88C7A05DAE9E146C26D0100A868384018F07094467CCCC602DDC75255C1CA6FF89096AAA55B8F49E235C410531
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC7.00.00.01PROSTATION                                                                AB867CD6552FEDAC1F1E44BDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A2D97226D213B555FEBC9E127BECC74CA9C6AECB7A5D14072B2ADC3BF16A3C3468F6FB8565377C9DC0043D8F39596D3EA801DFC2BDBABBBA2DEE702F1A4ED291979DE9288569C559B5EAEC270E6E465522D97B086C4FB6D4257351916AD2BC63A27DC24B5DB8EE469880B028A89E12542F990C7ED6C2DD8ED220E551BD8ADE15681B93643665D8668884612D6476C6F04E5DD283898E6471B512792DF0FA46268A32D1B75F24074CE7EF3B9EA07683F4C4F9764316219D9D1399393B6620A0AAEFAE54DE2C9C2322DE6DDD3BBF1508BB9A767EC48FDD064375BB39E2826940C841B1D5C7F1E9F522D6594F96AC3A39B79C0ED85E1019B82AA8AEED63B0B99D3DEE9275B40B9D721E01C7F6174FC2A06ED93158BB349D7AAB3EE1B24BDD6752D5A95838BAD8BA2A78507F21F71A01EA79270330DC1AA9AEB58B75C600FABD9E75E7C384C33AB956AB7AFA7EC67E37E8851D5AFA16E96EE14C293B4ABA7EFCE315E343260F998653C27AE7A367F6228FD29644B68EC992BF8475BE46086155A9BE1B7ECB2CDD019FDD91290891FCEBF7B9347E44C268AF9B888F3C24C722711B93D04D8A0279FCDF32C1D4094E11375E205AFDE701745469175E22B0B

---- EOF - GMER 2.1 ----
MBAR 1

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Elmar-Admin :: ASUS-A8N [administrator]

30.07.13 14:00:24
mbar-log-2013-07-30 (14-00-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 328107
Time elapsed: 9 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot.

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> No action taken.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\CLASSES\DRIVE\SHELL| (Hijack.Drives) -> Bad: (open) Good: (none) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\windows\kb971513.log (Extension.Mismatch) -> Delete on reboot.

Physical Sectors Detected: 2
Physical Sector #64 on Drive #1 (Unknown.Rootkit.VBR) -> Replace on reboot.
Master Boot Record on Drive #1 (Unknown.Rootkit.VBR) -> Replace on reboot.

(end)


MBAR2

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Elmar-Admin :: ASUS-A8N [administrator]

30.07.13 14:27:15
mbar-log-2013-07-30 (14-27-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 325185
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> No action taken.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

VIELEN DANK für Deine Mühen!!!

Elmar

cosinus 30.07.2013 15:06
Zitat:
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> No action taken.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> No action taken.
Ist das gewollt oder gibt es einen anderen Grund warum du die nicht mit MBAR hast fixen lassen?

Eule69 31.07.2013 00:55
wollte erst mal selber schauen, ob ich das nicht irgendwie absichtlich eingestellt habe. Nicht dass das dann weg ist. Und ich nicht wei0, warum.

Wenns ich nicht war, dann fliegts raus natürlich...

cosinus 31.07.2013 08:45
Bitte mit MBAR alle Funde löschen lassen

Eule69 31.07.2013 16:19
OK, mach ich.

Ich hab noch den Spybot drüberlaufen lassen, hier das Ergebnis.

http://www.workupload.com/image/q5vrI1s

Soll ich die roten Einträge löschen lassen?

Melde mich wieder, wenn MBAR gelaufen ist....

Vielen Dank für Deine Mühen!!

cosinus 31.07.2013 16:33
Bitte keine Tools mehr ohne Absprache/Anweisung starten


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131